30 Nov 2024 |
raboof | ofborg confirms it should target staging :) | 14:05:07 |
| @midirhee12:tchncs.de joined the room. | 18:58:04 |
| @midirhee12:tchncs.de left the room. | 18:59:41 |
1 Dec 2024 |
| shawn8901 left the room. | 00:08:09 |
| shawn8901 joined the room. | 00:11:07 |
2 Dec 2024 |
| dish [Fox/It/She] changed their profile picture. | 19:59:07 |
3 Dec 2024 |
| femsci joined the room. | 05:01:10 |
| @statecode47:unredacted.org joined the room. | 15:40:54 |
@statecode47:unredacted.org | Does anyone here know how to remove the signature from ARM64 Linux kernel images so that two kernel images (official and reproduced) can be compared by diffoscope without the signatures differing?
Sad that I can't find anything regarding removing signatures from ARM64 Linux kernel images, and they are probably nothing like the x86_64 Linux kernel EFI images. I am not familiar with ARM64 Linux kernels at all.
Its file type is Linux kernel ARM64 boot executable Image, little-endian, 4K pages .
| 15:42:10 |
Moritz Sanft | Module signatures, or which signatures do these have exactly? | 15:43:18 |
@statecode47:unredacted.org | In reply to @msanft:matrix.org Module signatures, or which signatures do these have exactly? For the *.ko modules, I successfully removed their signatures with strip, since the modules are simply ELF.
But the ARM64 kernel boot Image itself is more challenging and I really don't know how to remove the signatures before being able to compare the images.
| 15:45:53 |
Moritz Sanft | In reply to@statecode47:unredacted.org
For the *.ko modules, I successfully removed their signatures with strip, since the modules are simply ELF.
But the ARM64 kernel boot Image itself is more challenging and I really don't know how to remove the signatures before being able to compare the images.
You can also specify CONFIG_MODULE_SIG=n for that | 15:46:31 |
Moritz Sanft | You can also specify CONFIG_MODULE_SIG=n for that. As for ARM-specific signatures, I'm unaware. | 15:46:56 |
@statecode47:unredacted.org | In reply to @msanft:matrix.org You can also specify CONFIG_MODULE_SIG=n for that. As for ARM-specific signatures, I'm unaware. Seems reasonable, but this way the diff would still appear, because the official images are built with signatures. | 15:47:33 |
4 Dec 2024 |
@statecode47:unredacted.org | Ended up being able to locate and delete the signature/certificate part of the image by using binwalk and dd. | 11:33:42 |
raboof | Nice! And the rest was bit-by-bit identical with upstream? That's pleasantly surprising! | 11:42:10 |
@statecode47:unredacted.org | In reply to @raboof:matrix.org Nice! And the rest was bit-by-bit identical with upstream? That's pleasantly surprising! Almost, there's only random gibberish left in a specific byte of the file, which doesn't bother that much, but note that I'm testing reproducible builds of GrapheneOS. AOSP's build system is relatively good in terms of reproducibility and they use Bazel to build the kernel. | 11:46:14 |
@statecode47:unredacted.org | Would it be possible to submit CI tests to the reproducible-builds.org infrastructure? | 20:18:05 |
@statecode47:unredacted.org | * | 21:14:37 |
| @ironbound:hackerspace.pl left the room. | 22:12:38 |
@statecode47:unredacted.org | In reply to @raboof:matrix.org Nice! And the rest was bit-by-bit identical with upstream? That's pleasantly surprising! * | 22:14:24 |
5 Dec 2024 |
| @statecode47:unredacted.org removed their profile picture. | 19:06:41 |
| @statecode47:unredacted.org removed their display name statecode47. | 19:06:41 |
| @statecode47:unredacted.org left the room. | 19:06:43 |
8 Dec 2024 |
| shawn8901 set a profile picture. | 19:21:15 |
| @freedom-foundation:matrix.org joined the room. | 19:53:06 |
| NixOS Moderation Bot banned @freedom-foundation:matrix.org (persistently off topic). | 19:53:07 |
11 Dec 2024 |
| @dminca:matrix.org left the room. | 14:18:57 |
| marijan changed their profile picture. | 14:20:36 |
| @stick:matrix.org left the room. | 18:36:28 |