Category: Uncategorized

After iBoot, code execution is controlled by us. What should be used as a second stage after that though? One of the constraints is that servicing such a third-stage boot loader needs to go through macOS Recovery. That means that this stage is not easily serviceable. Running regular kernels would require an abstraction layer in… Continue reading Thoughts on Linux for Apple Silicon Macs: part 2

For this part, one question is paramount, will flattened device tree or ACPI be used? or will Linux on Apple Silicon Macs use Apple device trees? This question is not devoid of consequences. Traditionally, Linux on PowerPC Macs directly parsed Apple device trees instead of a standardised format. For the Apple Silicon Macs, everyone currently… Continue reading Thoughts on Linux for Apple Silicon Macs: part 1

Let’s assume that we are on a platform which actually allows to boot unsigned operating systems. What are the bad things that such a platform can have? The most ubiquitous issue is reminding the user at each boot that their device has a reduced security policy. Such a tamper-evident mechanism annoys users and is ineffective… Continue reading Disabling boot-time security: lines to not cross

Disclaimer: Note that those builds are provided without any warranty. Feel free to polish the patchset and submit it upstream, I don’t have the time for that right now. Ghidra 9.2.1 Linux AArch64 (built on Fedora 33): https://threedots.ovh/bubbles/ghidra_9.2.1_DEV_20210113_linuxarm64.zip Ghidra patchset: https://threedots.ovh/bubbles/ghidra_9.2.1_dev_20210113_diff.patch

Interestingly, public materials about the Drawbridge variant used on SQL Server are few and far between. So here is a slide deck about me working with Drawbridge from several years back. I’ve updated parts of it later on, keeping up partially with more recent SQLPAL versions. Since I made that slide deck, lots of things… Continue reading Drawbridge: what SQL Server on Linux is built on

WebAssembly has been one of the trendiest intermediate representations since a while. However, its definition of safety means preventing breaching the sandbox. Its goal is to prevent escalation from the VM guest code to the VM host boundary. WASI then defines a capabilities-based syscall interface that can be used by applications. Some alternatives which can… Continue reading Extent of safety properties in WebAssembly

Linux for Tegra today still ships with a Linux 4.9 kernel version. At https://github.com/OE4T/linux-tegra-4.9, an L4T-derived kernel with patches to build with the most recent compilers is available. At the branch “public” of https://github.com/woachk/linux-tegra-4.9, some backports that might interest others were done (because I had to…): AArch64 KVM: cntpct_el0 access fixes AArch64 KVM: user-mode interrupt… Continue reading Linux for Tegra kernel patches

Note: This does not use the experimental UEFI firmware from Nvidia, and relies on the L4T Linux 4.9 kernel. The BSP used is designed for use on Tegra X2 onwards. Download a Fedora 33 for AArch64 raw disk image from here and flash it to the boot media, which can be either over USB, microSD,… Continue reading Fedora on NVIDIA Jetson with GPU acceleration

Assuming that instructions from https://kernelshaman.blogspot.com/2021/01/building-xnu-for-macos-big-sur-1101.html were already followed including for the iPhoneOS target… The patch: The build command line: Of course, without kexts that’s not very useful for now… and most macOS arm64 stuff isn’t included yet.

Tachyum is a CPU startup that claims that they will release a VLIW CPU for general purpose use, a claim has been made countless times. However, to my knowledge, I didn’t see a device fulfilling those dreams (Intel and Nvidia were the closest with much more resources). According to Tachyum, the Prodigy processor would also… Continue reading Thoughts on Tachyum