From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <devel-bounces@spectrum-os.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-4.6 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 8832331A26; Mon, 16 Aug 2021 09:31:06 +0000 (UTC)
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id D44CF31973;
	Mon, 16 Aug 2021 09:30:50 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 163EE31955; Mon, 16 Aug 2021 09:30:49 +0000 (UTC)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25])
	by atuin.qyliss.net (Postfix) with ESMTPS id 392B5319B0;
	Mon, 16 Aug 2021 09:30:44 +0000 (UTC)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
	by mailout.nyi.internal (Postfix) with ESMTP id 6AF3D5C0047;
	Mon, 16 Aug 2021 05:30:43 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Mon, 16 Aug 2021 05:30:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=
	from:to:subject:date:message-id:mime-version:content-type; s=
	fm3; bh=6W6Uqa+puHOnI5yyC9Pcqhy9QU2gtj/w1Jmwfgj9UoA=; b=Rh1MNBtA
	oaP/CHTyF5UkYsGF56K50v9sDD0YhJntWOzZZpW+4oiYfBsyI9OqkXMpaFuaKrz+
	54q2JexQc4p9cEnQdC0higrccDOV+Pch8s9naDo2Ipcf5vzSzZKZZBlRAxnfCLa2
	0gG5yy3L1hTqlUIsCffLVoF7lTld7qdPl66GFY/dkTK4srZb8/EZHXz7DvH81OgR
	+35YryCVaX72b7AYHuKQOjY8X+ROXOW/ay9YNLNQs90VvskC4tKiIOb4cua7DJjh
	ffbJyAgiusIof8BpsXsyy9lE2wsjgKL2tdyMrUqGDYEVvYW0fUrlFUnjS0z3Qm04
	wVuevYenmbBBrA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-type:date:from:message-id
	:mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm3; bh=6W6Uqa+puHOnI5yyC9Pcqhy9QU2gt
	j/w1Jmwfgj9UoA=; b=C37OE7UO7LNTexKlXjyNgf4xY+ar2TpJsfE4odz518ktH
	tvDrn5Kk25O/mdaAzCfGjNl0Mwk47iHGaELDDNur5nudvMTS0Nr0nEudk75Z1WNh
	HTMF6kqTp14zzOZw3JGa0ytyIulceo+/FcIb284lG2xbr/m+byygcT0ZplZWd82J
	GvpVNFWryRWqDHKFVhHbpr8iI29pJCdjp2+6UxasBmFdQ6ZFp4nOpT6u5AsgZzwT
	+T27MLgza/Q3E+9gr/akrTv6g73QNPSr8MP9uOCkwuOJ2/ZUNkGubC+UIe0FBfuX
	Z7Dl3LI5+brtHTGI6DLfVYDjF4WP9ctc3879Djc4Q==
X-ME-Sender: <xms:QTAaYcNtHGzgtrT8x4dWWXyPSBMYR5CA_A2qIORFF4TwoiMhTo2Tog>
    <xme:QTAaYS8KciQ67uEd4HTKZ4kUKC5xU8Bk6d6lLHa83iaaEun0xsryyXEk8BvjtrWhK
    AGSEDI1U5CFrWUNpA>
X-ME-Received: <xmr:QTAaYTToaBa1WBVHiZR7bjZ0oVRe1hUhoUaoLY5ERjwLKl9mhhmyBmNbUmo7vHlM8WoC3sowhPYyVYM8WBU8KroE0Vtxiy8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrledugdduiecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkfggtgesghdtreertddttd
    enucfhrhhomheptehlhihsshgrucftohhsshcuoehhihesrghlhihsshgrrdhisheqnecu
    ggftrfgrthhtvghrnhepgfekfeekkeefteeiheefledvhedugefghfekffdtjeelvdffgf
    duheevjeejledvnecuffhomhgrihhnpehgihhthhhusgdrtghomhdplhifnhdrnhgvthdp
    ughrvggrmhifihguthhhrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg
    hmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhs
X-ME-Proxy: <xmx:QTAaYUsCHTj6lUJB8250MfrfkDSZUGMuw6ZqfxKzbuwEh2_8fWNbtw>
    <xmx:QTAaYUcg0VefraThkpsJ492xifXjwoEwp3AN21-XKG_VlWf3XEDCYw>
    <xmx:QTAaYY0kZRt06nOQbNNqi7nC4fCfFJyg-2eGjubyMixLq-tAL5z2kQ>
    <xmx:QzAaYclXjw96dKCj3w8UOBCC45OXLCH5CAUANC4mB5d4Q5ka8v3ORQ>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 16 Aug 2021 05:30:41 -0400 (EDT)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id C3E791202; Mon, 16 Aug 2021 09:30:40 +0000 (UTC)
From: Alyssa Ross <hi@alyssa.is>
To: discuss@spectrum-os.org, devel@spectrum-os.org
Subject: This (Last) Week in Spectrum, 2021-W32
Date: Mon, 16 Aug 2021 09:30:35 +0000
Message-ID: <87lf51ybwk.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Message-ID-Hash: RHAFA27JKQCRLVIQSJHKXYOOTC5CMEHK
X-Message-ID-Hash: RHAFA27JKQCRLVIQSJHKXYOOTC5CMEHK
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.4
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/RHAFA27JKQCRLVIQSJHKXYOOTC5CMEHK/>
List-Archive: <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain

It's a short update this week, because most of what I did was a
continuation of stuff from last week.


rust-vmm
--------

Last week, I mentioned I'd identified some Rust safety issues in
rust-vmm.  Most of the patches for these are now up[1][2][3].  The first
has been accepted already, and I expect another to be accepted later
today.  There's still a UB issue I'm aware of and haven't sent a fix for
yet, because there are a number of ways to fix it and I wanted to get my
other patches in first before I decided how to fix that one.

I deliberately haven't made any progress on using cloud-hypervisor's
vhost-user-net backend with crosvm, which is what got me looking at this
code in the first place.  I want to make sure I can work on
rust-vmm-adjacent things at a pace where I don't get overwhelmed with
having to keep track of loads of patches and whether I've got them
upstream yet.  So I'll be putting that work on hold until the current
round of patches are upstreamed.

[1]: https://github.com/rust-vmm/vhost/pull/68
[2]: https://github.com/rust-vmm/vmm-sys-util/pull/135
[3]: https://github.com/rust-vmm/vhost/pull/69


spectrum-live
-------------

For the past little while, in the time when I wasn't writing regular
updates, I've been working on a live system for testing Spectrum.  This
will be especially useful for testing things like GPU support, because I
can just build a live image with everything I might need, plug it into
all the computers I want to test, and have everything be automatic from
there.  It will also probably evolve directly into what becomes the
Spectrum base system that we'll hopefully all be running as the host
system on our machines at some point.

I shifted my focus back to this this week because of wanting to not get
ahead of myself with rust-vmm.  (I have a funding milestone for GPU
support, so getting that checked off soon would be good.)  The main
thing I did this week was integrate dm-verity[4], which I did mostly for
fun and to satisfy my curiosity.

dm-verity is a Linux mechanism to efficiently ensure that a read-only
filesystem hasn't been tampered with, by constructing a Merkle tree out
of filesystem block hashes, and providing the root hash to the kernel
when the filesystem is mounted.  dm-verity is a _great_ fit for Nix,
because we can generate the hashes at the same time as creating the
filesystem image, and then embed the hash into the initramfs we're also
building.  Getting this all working took less than a day.  The idea is
that (long) in the future, we'll also implement Secure Boot, which will
make sure the kernel and initramfs haven't been tampered with, and
dm-verity will extend that integrity guarantee to the host system's root
filesystem.  I recommend reading "Producing a trustworthy x86-based
Linux appliance"[5] by Matthew Garrett for an overview of how this all
comes together.

dm-verity is something that's particularly exciting to me, because it's
very useful to us, but it's something that's generally used to frustrate
end user attempts to control computers they own.  In Spectrum, it's
instead a tool that protects the end user against malicious filesystem
changes, while being almost completely transparent to the user if they
do want to modify their own system.

Protecting against root filesystem tampering (which would require a VM
escape or physical device access) is hardly the biggest priority for
Spectrum, but integrating dm-verity was fun, interesting, and provided
good motivation for working on the live image, which is one of the
highest priority bits of the system.  (Because I'm tired of having to
say "you can't" when people ask me how they can try out Spectrum.)

[4]: https://lwn.net/Articles/459420/
[5]: https://mjg59.dreamwidth.org/57199.html


This week, I'm going to take a bit of time off as an anti-burnout
defense, but probably not the whole week.  I'll still keep an eye on the
rust-vmm patches throughout this time as well, to make sure they're not
delayed in getting accepted upstream.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmEaMD0ACgkQ+dvtSFmy
ccDTAg//RX5OxE3+lnsdgTGNmrGPQMkgYuzMni8a7kBY5aaUf0cs10d3F2BOjpRs
ooOEBpbk8afXG782sYIEt3y1obny8Jjb6kULz9/bqlpLxG2rwdhvQuiOd4FXfJuE
XEwTzQpb4Cr/177zpuCG08v+HdXuUApSm873+CMT1SXTme+rUtlMHMIWy6px2qjL
51iftCOrCvppui+O24HxBnOJdPHVtB1iSxY6mIRSSRargMK8LLOO/vjg3xp+cIC9
FYx2V4OZk6oVYQeh5blmnAtBfAYW3lhMVGJLTWmYdlMmooQkjTuygvJN8v9zpzWO
EgAA4VBjJ9/u8/TyFYVtVYzZY/rv2UASOhzQpkDyZiSI3C9dVTLrkL9ZpgxBjNwd
f07mnKyi93lqffQeVjntmevUICIIKJEZvO71bmkCL/oHVwDR8ouoz25Wi/6wOH5J
V0tQaXD1aqFbERnITAcBW3XX8545gf1So4wpyOdd9M3MaQ20AKxaFGnLwQlfCZkH
y4SGgtBznKgOBLuzDCgsLwOe0t6sj8hW+zXwXy9+bDD02YWvtniGfvh4Spg/8RMC
4UZ2c/wvPvWgH1so+hmQ8eBWnf587JV8uyg9vjOxvPobRdNweHiKIzmdWs7vgq9n
5HsVnsIjePtjohPey1qhR6zWGK9I5eYRWyQ/T+fDPFOgh4O9gm0=
=OqZh
-----END PGP SIGNATURE-----
--=-=-=--