<rqou>
hmm apparently you can't disable the CSM if your GPU doesn't support UEFI GOP
<rqou>
the bios has an anti-footgun!
digshadow has joined ##openfpga
amclain has quit [Quit: Leaving]
fpgacraft1 has quit [Quit: ZNC 1.7.x-git-709-1bb0199 - http://znc.in]
fpgacraft1 has joined ##openfpga
<rqou>
blargh apparently Skylake doesn't have working ACS on processor root pcie ports so sr-iov doesn't work
<rqou>
lain: why does Intel market segmentation suck so much?
<rqou>
I can apparently plug the card into one of the PCH pcie ports and lose some bandwidth
<rqou>
except I also need a newer kernel than in the Ubuntu 16.04 lts because Intel screwed up ACS on the PCH too
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined ##openfpga
DocScrutinizer05 has quit [Remote host closed the connection]
<azonenberg>
i dont think its segmentation so much as they dont care about certain combos
<azonenberg>
they expect you to buy the nic with the mobo or something
<azonenberg>
and dont test other combos?
DocScrutinizer05 has joined ##openfpga
<rqou>
my desktop with a Xeon has everything working properly
<rqou>
hmm my laptop also has fully working/sane iommu device isolation
<rqou>
not sure if lucky or Apple is actually paying attention
<rqou>
project idea: ghetto-IPMI using an FPGA on the pcie bus that fakes a video card and USB host controller
<whitequark>
that sounds like a ridiculous amount of effort for little gain
<azonenberg>
project idea: even more ghetto implementation using an FPGA with an HDMI sink and PS/2 or USB device controller
<azonenberg>
But that's just an IPKVM
<whitequark>
^ exactly what I was about to suggest
<azonenberg>
What's the point of IPMI?
<azonenberg>
vs IPKVMs
<azonenberg>
is it just that it's built in?
<rqou>
yeah, since the NAS I just built has no GPU at all
<rqou>
which amazingly is allowed by the BIOS
<azonenberg>
i used to keep an old pcie gtx 9800 around for that
<azonenberg>
for initial bringup
<azonenberg>
then i'd just remove it
<azonenberg>
and run headless
<rqou>
I have a similar card, but it doesn't support UEFI GOP
<azonenberg>
i dont even know what that is
<azonenberg>
guessing mine doesnt :p
<rqou>
basically drivers for UEFI boot (vs a legacy 16-bit video bios)
<rqou>
this is important because the bios will enable legacy CSM mode and/or won't disable it if the GPU doesn't support UEFI GOP
<rqou>
this then causes the Intel pxe ROM to hang for about 20 seconds before it times out
<rqou>
the pxe behavior is very different in UEFI/legacy mode
<azonenberg>
Hmm interesting
<azonenberg>
i've never actually tried to pxe in uefi
<rqou>
I don't want to pxe
<rqou>
it runs the option ROM anyways
<rqou>
I guess this can be described as "epic fails all around"
<azonenberg>
most of my bios systmes have had the option to disable the pxe option rom
<azonenberg>
if you didnt want to allow pxe
<rqou>
it for some reason still pops up a "press ctrl-s" prompt
<rqou>
I can probably disable it with Intel bootutil
<rqou>
or maybe just updating the option ROM will fix it
<rqou>
I haven't done that yet
<rqou>
my cards are all pulls/OEM cards with weird messed up option ROMs and stuff
Bike has quit [Quit: sleep]
kuldeep has joined ##openfpga
<rqou>
wow TPMs are just as clusterf*ck as smartcards
<Lord_Nightmare>
i wish there was an open spec HSM, i.e. you could 3d print the frame, get a pcb fab place to put together the pcbs with the crazy interleaved traces, add some zebra strips between those and the main pcb, main pcb would have two or 3 mcus on it running off a battery and led with mims effect for tamper/suicide in addition to tracing the outside traces etc
<rqou>
i thought those parts are the easy parts?
<rqou>
the hard part is physically securing the mcus and defending against side channel attacks
<rqou>
digshadow, azonenberg: would you like to comment here?
<rqou>
wow secure boot is a cluserf*ck too
<rqou>
no wonder mjg59 seems unhappy all the time
kuldeep has quit [Ping timeout: 260 seconds]
promach has quit [Quit: Leaving]
<nats`>
530 sievert per hour detected in the reactor 2 at fukushima....
<nats`>
nice...
<rqou>
um...
<rqou>
that's not good
<flaviusb>
Source?
<nats`>
nop that's not especially because the area in question was at 73 2 or 3 year ago....
<rqou>
aaargh i hate physical-token crypto things so much
<rqou>
why does nothing work properly?
kuldeep_ has joined ##openfpga
kuldeep has quit [Ping timeout: 276 seconds]
pie_ has quit [Ping timeout: 240 seconds]
pie_ has joined ##openfpga
pie_ has quit [Ping timeout: 256 seconds]
pie_ has joined ##openfpga
<Lord_Nightmare>
rqou: indeed, but having a standard where all you need to do is make a pcb with some mcus and sram and a battery on it and slap it in a case which provides some physical security against tampering would be a start
pie__ has joined ##openfpga
pie_ has quit [Ping timeout: 245 seconds]
<cr1901_modern>
Lord_Nightmare: You mean create another suicide battery :)?
<Lord_Nightmare>
yeah, that's the idea of an hsm, isn't it? if you take off or drill through the two 'bread' pcbs of the 'sandwich', it should clear sram contents/keys
<Lord_Nightmare>
also if you open it up somehow without disconnecting the pcbs, should do the same
<Lord_Nightmare>
and if it detects unusual/unexpected bus activity or one of the 2 or 3 mcus stops, same
<Lord_Nightmare>
an interesting idea is to have the data lines offset from true gnd somehow so the chip can detect if someone puts a probe on one of the lines
<Lord_Nightmare>
and nuke itself if it detects that
<balrog>
and ICE40HX8K-DRAGON-EVN is too expensive?
<whitequark>
DRAGON is kinda... pointless
<whitequark>
they put a bunch of things on that board but none of them are very useful
<balrog>
okay :)
<whitequark>
well imo at least
pie_ has quit [Ping timeout: 256 seconds]
<rvense>
i've had a lot of fun with my lattice hx8k eval board
* cr1901_modern
is quite happy w/ his icestick, despite being a smol FPGA
<nats`>
xc3sprog is still maintained ?
<nats`>
I added an other flash to the list
<whitequark>
nats`: might want to consider openocd
<whitequark>
it's also a trash fire but jtagspi works slightly better
<nats`>
I made it work today it's for work so I have to do that fast :)
<nats`>
I was just wondering where I can send the 3 line of the new flash added
<whitequark>
ah
<cr1901_modern>
openocd also (can have) has a glacially slow turnaround time for external contributions
<nats`>
TBH I use chipscope a lot so openocd/xc3sprog/urjtag are not my priority :D
pie_ has joined ##openfpga
<felix_>
the only time i submitted a patch for a bug in openocd, it only took maybe half a day to get it merged. the patch only corrected a wrong chip id though
maaku has quit [Read error: Connection reset by peer]
maaku has joined ##openfpga
<azonenberg>
cr1901_modern: well that's where libjtaghal comes in
<azonenberg>
it needs a bit more cleanup and i have to review the documentation for the standalone apps etc
<azonenberg>
but i will take pull requests
<azonenberg>
big thing i need to do is package up the build properly so its easier for people other than me to compile it
<azonenberg>
which is where splash comes in, but i have some debugging and testing to do on that
<balrog>
any of you tried iceStudio?
maaku has quit [Quit: No Ping reply in 180 seconds.]
<nats`>
balrog using it right now to port one of my code to it
<fpgacraft2>
<laincat> I tried to try it but it refused to install in my dev vm because RDP access isn't supported for the free version, heh
<nats`>
it's a good tool to learn I guess
<balrog>
thoughts?
<balrog>
lain: huh? there's only a free version...?
<lain>
exactly.
<balrog>
I'm confused
<lain>
if you dev via rdp, it won't install
<balrog>
that doesn't make sense
<lain>
I know.
maaku has joined ##openfpga
<nats`>
he's thinking about lattice ice
<lain>
oh am I confused
<nats`>
balrog is talking about the python OSS stuff I guess