<gchristensen>
yeah, that commit took it from 1372958549 to 1567525492 bytes
<Irenes[m]>
woo! got FEL to work on the PineA64 dev boards I have. not actually booting through it, but that isn't really what I'm trying to do right now anyway.
<simpson>
Exciting.
<Irenes[m]>
I had a lot of hurdles with waiting for hardware to arrive and stuff; I'm glad that it does in fact work, heh.
<Irenes[m]>
thank you
vika_nezrimaya has quit [Ping timeout: 265 seconds]
<Irenes[m]>
samueldr: the non-LTS. I'm intending to experiment with the eFuses for signed boot, and people have reported that burning the eFuses doesn't work on the LTS.
<Irenes[m]>
I'm probably not going to mess with the SPI but I appreciate the notes anyway, they could be relevant
<Irenes[m]>
ah yeah, I have that Wiki page open in another window, it's been helpful despite being for the LTS :)
<Irenes[m]>
thank you for writing it
<Irenes[m]>
it was particularly helpful to know that the upper USB port is the one to plug into; I hadn't found any other source for that
<samueldr>
yeah, they share a lot
<samueldr>
I hope you document your secure boot findings well, and maybe even the sources of info
<samueldr>
I found it hard to *begin* searching about that
<Irenes[m]>
and I've spoken with apritzel, who helped me put it in context
<Irenes[m]>
I haven't ruled out trying to reverse-engineer the boot0 at some point; it's not really secure while it's possible for an attacker to start it in FEL mode
<gchristensen>
I did both of these extractions on an x86 box
<srk>
same here, they look the same expcept for cpio archive size
<srk>
hm they both look broken here :D
<srk>
$ ll -h a b
<srk>
-rw-r--r-- 1 srk users 2.2G Mar 9 13:55 a
<srk>
-rw-r--r-- 1 srk users 1.5G Mar 9 13:47 b
<gchristensen>
m!
<gchristensen>
hm!
<gchristensen>
[nix-shell:~]# du --apparent-size -s ./a.extract/ ./b.extract/
<gchristensen>
1698822 ./a.extract/
<gchristensen>
254004 ./b.extract/
<gchristensen>
hrm
<srk>
$ du --apparent-size -s ./a.e/ ./b.e/
<srk>
254000./a.e/
<srk>
254000./b.e/
<srk>
trying one more time, maybe I've made an error somewhere
<srk>
well I guess not because even the original gzipped b (netboot.gsc.io/hydra-aarch64-linux.old/initrd) is 1.3G
<srk>
yeah, only archives differ but not extracted contents
<srk>
like this is fine.. find $i.e -type f | xargs sha256sum > $i.sums
<srk>
looks like we need initrd.nar
<srk>
gchristensen: I see it contains stuff like 07070100000D9A0000816D0000000000000000000000010000000100D527A0000000000000000000000000000000000000005900000000nix/store/35vj4sj1p242scfbzi0x4sjbzgvlbfww-mesa-19.1.5-drivers/lib/dri/kms_swrast_dri.so
<srk>
not present in the output
<srk>
extracted dir
<srk>
wow
ryantrinkle has joined #nixos-aarch64
orivej has quit [Ping timeout: 260 seconds]
dongcarl has joined #nixos-aarch64
zupo has joined #nixos-aarch64
ryantrinkle has quit [Ping timeout: 255 seconds]
ryantrinkle has joined #nixos-aarch64
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zupo has joined #nixos-aarch64
<gchristensen>
clever: any chance I can get you to look at these two initrd's, one which is weird, one which is less weird?
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zupo has joined #nixos-aarch64
ryantrinkle has quit [Quit: Leaving.]
ryantrinkle has joined #nixos-aarch64
<clever>
gchristensen: got links or expr's to build them?
<gchristensen>
I think it will be most useful to poke through the actual initrds
<gchristensen>
which can be downloaded, does that work?
<clever>
the expr's would help more i think, so i can modify how its build and get closure info
<gchristensen>
clever: go back to 3e0d3ee196c2fb8c88b19e2c635bc14428268eb4 to get the good build, anything after is a bad build
<clever>
gchristensen: just run nix-build on that file?
<gchristensen>
yeah
<clever>
its processing
<gchristensen>
cool :)
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Ultrasauce has joined #nixos-aarch64
orivej has joined #nixos-aarch64
<thefloweringash>
I'd like to help with this but life keeps getting in the way sorry :-(
<sphalerite>
gchristensen (or anyone else with packet.com experience) is there a particular trick to get arm server types to show up on the list? Because I'm not getting them…
<thefloweringash>
two quick comments: valid initrds can be concatenated (see https://unix.stackexchange.com/a/266090); alternately, if you just need to make it smaller, you could try negating / xoring / encrypting archived store paths to skip accidental retention.
<gchristensen>
thefloweringash: it appears the initrd is badly made
<thefloweringash>
sphalerite: it can be region dependent, I think DFW2 and NRT1 have them
<gchristensen>
50 bytes addition is causing 200M larger output which unpacks to having file names called /[�2Olz9B� and /c7Ds�S �{nZǺ=ev��U~s��S�
LinuxHackerman has joined #nixos-aarch64
<sphalerite>
gchristensen: doesn't show up on either of those for me :/
<sphalerite>
gchristensen: oh, that's a thing too? I just asked on the packet community slack
<gchristensen>
ah
<gchristensen>
it bridges
zupo has joined #nixos-aarch64
<sphalerite>
"422 You are not allowed to provision c2.large.arm servers" :(
ryantrinkle has quit [Ping timeout: 256 seconds]
zupo has quit [Ping timeout: 260 seconds]
zupo has joined #nixos-aarch64
<clever>
error: a 'aarch64-linux' with features {} is required to build '/nix/store/4g1zniqfsvr0ng08k4mm1wmaa03vka8x-about.json.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, kvm, nixos-test}
<clever>
gchristensen: i'll need to re-link my desktop to the community box
<gchristensen>
sure
wavirc22 has quit [Ping timeout: 260 seconds]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]