| 29 Nov 2024 |
|  lassulus changed their profile picture. | 18:30:04 |
| 1 Dec 2024 |
|  shawn8901 joined the room. | 17:03:53 |
| 8 Dec 2024 |
| shawn8901 set a profile picture. | 19:21:16 |
| 11 Dec 2024 |
 baloo | Just published this PR https://github.com/NixOS/nixpkgs/pull/364379
I'm using this to mock up EK certificate in a TPM.
I'd love to get some eyes on it if possible. | 22:57:12 |
| 12 Dec 2024 |
 Morgan (@numinit) | Very cool | 01:56:24 |
| Morgan (@numinit) | I'll give it a review :-) | 01:59:26 |
| baloo | Morgan (@numinit): thanks a lot for the review! | 04:13:57 |
| Morgan (@numinit) | No problem, this will be super useful for the nixPKCS test suite | 04:14:27 |
| Morgan (@numinit) | Really appreciate the change! | 04:14:34 |
| baloo | Yeah that makes my test suite a lot more easy to run too | 04:15:11 |
| baloo | much easier than having to pull real hardware | 04:15:25 |
| Morgan (@numinit) | I was going to add attestation support eventually to https://github.com/numinit/nixpkcs - this is a kick in the pants for me to do it | 04:15:46 |
| Morgan (@numinit) | Someone just got step-ca working with it though, which is encouraging | 04:16:40 |
| baloo | Friends don't let people use pkcs11 | 04:16:49 |
| Morgan (@numinit) | hah | 04:16:56 |
| baloo | (I hate pkcs11 dearly) | 04:17:15 |
| Morgan (@numinit) | Brutally hard to wrap things with, I do too. Had to do passthrus for it all | 04:17:31 |
| Morgan (@numinit) | This does actually make it easier, though through the brute force of injecting support into OpenSSL | 04:18:14 |
| baloo | yeah, looks like you figured out a bunch of options in a bunch of very useful tools | 04:19:05 |
| Morgan (@numinit) | Basically, yeah. | 04:19:18 |
| baloo | I guess you ended up full of yak hair after doing that | 04:19:21 |
| baloo | (thanks for doing that) | 04:19:45 |
| baloo | or full of weeds I guess | 04:19:57 |
| Morgan (@numinit) | yeah, pretty much - declarative definition of yubikeys is pretty cool at least | 04:19:58 |
| Morgan (@numinit) | though I completely understand why wo one supported PKCS11 now - it's a pain in the @$$ | 04:20:50 |
| baloo | have you had the delight to work HSM vendors already? | 04:20:55 |
| Morgan (@numinit) | * though I completely understand why no one supported PKCS11 now - it's a pain in the @$$ | 04:20:56 |
| Morgan (@numinit) | ... yep. | 04:21:10 |
| Morgan (@numinit) | Different tools for everything | 04:21:21 |
| baloo | condolences | 04:21:23 |
