Re: riscv questions

2023-08-17 Thread Peter J. Philipp
On Thu, Aug 17, 2023 at 06:03:42PM +, Mike Larkin wrote:
> On Sun, Aug 13, 2023 at 06:27:20PM +0200, Peter J. Philipp wrote:
> > Hi,
> >
> > I was wondering two things currently, both having to do with QEMU on 
> > OpenBSD.
> >
> > I noticed in my QEMU that is running OpenBSD that it is supporting the
> > H-extension.  The H is hypervisor.  Does this mean that there is support
> > emulated for hypervisor host and guest in QEMU?  Also is there any efforts 
> > to
> > implement this where I can be an observer?
> 
> I believe they have some support for that.
> 
> There is no hardware currently available that has it though, from what I know.
> There is an FPGA core you can implement on a suitably large dev board though,
> but you'd be a 1-off.
> 
> When you say "implement this", what do you mean?

Oh I didn't know there was no hardware support for this yet.  What I meant
for implementing this was if there is anyone porting vmm to riscv64.  I guess
arm64 needs it too but riscv64 to me is the ultimate :-).

I was wondering Mike, do you offer any more workgroups like the one that
ported riscv64?  I know someone on IRC who lives in the Los Angeles region of
California that might be interested in such a workgroup.  Though he may
not be available until 2024/2025 for something such as this, but the interest
would be there.  I told him an effort to port vmm to riscv64 would be a
worthwhile endeavour, for everyone.  Obviously it depends on hardware support
and someone to guide the group.


> >
> > I saw somewhere that newer QEMU support RV128 cpu emulation.  While this
> > is something for 20 years from now perhaps, I'm still curious if anyone is
> > considering a port to the RV128, or is at least turned on by the thought of 
> > it.
> 
> no
> 
> > Unfortunately I believe the RV128 isn't intended for an 128 bit address 
> > space
> > but has something planned for partitioning it in half so it will be 64 bit
> > space.  With the other 64 bit for something security related.
> >
> > Also I'd like to say that I have my first piece of RV64 hardware for a few
> > weeks now and it can run linux ubuntu.  It's a Mango Pi which is the same
> > form factor as a RPI zero.  I also donated one to a developer so perhaps 
> > we'll
> > see OpenBSD running on it one day.  In half a dozen weeks or so I'm 
> > considering
> > getting my second RV64 computer, which will be somewhat of a visionfive 
> > 2-like
> > SBC for a router.  Not sure which yet, though, let's see who can deliver in
> > October.
> >
> > Next year I'd like to invest into a larger RV64 computer for workstation. As
> > you can see I'm starting to get a bit serious around Risc-V
> 
> get a milk-v pioneer then, it's the biggest you can currently buy.

Interesting.  Thanks!

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.



AR9485 on Lenovo G505 not configured.

2023-08-17 Thread misc
Could AR9485 work on OpenBSD?  I can't write a driver, nor does it seem that 
a simple bios whitelist jailbreak is available for Lenovo G505 with AMD 
processor.

OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 7979032576 (7609MB)
avail mem = 7717797888 (7360MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xbfabc000 (49 entries)
bios0: vendor LENOVO version "82CN24WW(V2.04)" date 11/05/2013
bios0: LENOVO 20240
efi0 at bios0: UEFI 2.3.1
efi0: INSYDE Corp. rev 0x1001
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC UEFI HPET APIC MCFG ASF! BOOT FPDT MSDM SSDT SSDT 
SSDT SSDT SSDT SSDT SSDT BGRT
acpi0: wakeup devices GPP1(S4) OHC1(S4) OHC2(S4) OHC3(S4) EHC1(S4) EHC2(S4) 
EHC3(S4) XHC0(S4) LID_(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD E1-2100 APU with Radeon(TM) HD Graphics, 998.15 MHz, 16-00-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache, 1MB 64b/line 
16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD E1-2100 APU with Radeon(TM) HD Graphics, 998.14 MHz, 16-00-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache, 1MB 64b/line 
16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins, remapped
ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 21, 32 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (GPP0)
acpiprt2 at acpi0: bus 1 (GPP1)
acpiprt3 at acpi0: bus 2 (GPP2)
acpiprt4 at acpi0: bus -1 (GPP3)
acpiprt5 at acpi0: bus -1 (GFX_)
acpiec0 at acpi0
acpibtn0 at acpi0: PWRB
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
"SYN2B1F" at acpi0 not configured
"VPC2004" at acpi0 not configured
acpibat0 at acpi0: BAT1 model "PABAS0241231" serial 41167 type Li-Ion oem 
"SIMPLO "
acpiac0 at acpi0: AC unit online
acpibtn1 at acpi0: LID_
"ASD0001" at acpi0 not configured
acpicpu0 at acpi0: C2(0@400 io@0x414), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x414), C1(@1 halt!), PSS
acpivideo0 at acpi0: VGA_
acpivout0 at acpivideo0: LCD_
acpivideo1 at acpi0: VGA_
cpu0: 998 MHz: speeds: 1000 900 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD 16h Host" rev 0x00
radeondrm0 at pci0 dev 1 function 0 "ATI Kabini" rev 0x00
drm0 at radeondrm0
radeondrm0: msi
azalia0 at pci0 dev 1 function 1 "ATI Radeon HD Audio" rev 0x00: msi
azalia0: no supported codecs
pchb1 at pci0 dev 2 function 0 vendor "AMD", unknown product 0x1538 rev 0x00
ppb0 at pci0 dev 2 function 3 "AMD 16h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
alc0 at pci1 dev 0 function 0 "Attansic Technology AR8172" rev 0x10: msi, 
address 20:1a:06:2c:98:5c
atphy0 at alc0 phy 0: AR8035 10/100/1000 PHY, rev. 9
ppb1 at pci0 dev 2 function 4 "AMD 16h PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
"Atheros AR9485" rev 0x01 at pci2 dev 0 function 0 not configured
xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x01: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 
addr 1
ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x00: msi, AHCI 1.3
ahci0: port 0: 3.0Gb/s
ahci0: port 1: 1.5Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  naa.5000c5005bb49181
sd0: 476940MB, 512 bytes/sector, 976773168 sectors
cd0 at scsibus1 targ 1 lun 0:  removable
ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x39: apic 4 int 18, 
version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 17
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 
addr 1
ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x39: apic 4 int 18, 
version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 17
u

Re: volatility or something like that in the future ?

2023-08-17 Thread whistlez
Il 2023-08-18 02:20 Scott Cheloha ha scritto:
>> On Aug 17, 2023, at 10:28, whistlez  wrote:
>> 

>> https://github.com/volatilityfoundation/volatility3
> 
> What is the utility of this software?  How
> would supporting it benefit the project?
> 
> I read the summary on Github.  I am still
> more or less completely in the dark on
> why I or anyone would want to use it.

It seems rather important to me because it's not possible to be certain
about the invulnerability of the underlying operating system or the
kernel. Alternatively, an attacker might have a zero-day exploit on
Firefox or Chrome and inject code into the process, allowing data
exfiltration. Even though the attacker would be confined within the jail
created by the kernel, it doesn't seem acceptable to have unauthorized
code running on one's machine, especially in a critical process like a
browser. The same principle could be applied to another process more
focused on firewall solutions, such as Snort.

Furthermore, in my opinion - brace yourself, I might trigger an atomic
war with what I'm about to say - we should consider it certain that the
kernel could contain unknown vulnerabilities. Unauthorized code running
in the kernel is impossible to detect, clearly. I'm talking about code
that might not even reside on the disk but is injected remotely. Thus,
the only way is through inspecting the RAM dump, that is, a software
that can analyze the dump and determine its integrity.

Additionally, due to kernel relinking, we know that its hash changes
with every reboot, rendering classic integrity verification tools
unusable. To put it simply, without delving into sophisticated attacks,
a machine could be physically attacked, and unauthorized code could be
introduced into the kernel. Therefore, we might end up with a machine
compromised by a compromised kernel, and there might be no way (at least
as far as I know) to know about it. This assumes there are unintentional
vulnerabilities.

But what if deliberate vulnerabilities are introduced? I recall an old
piece of news, which I never understood if it was confirmed, that a
developer of the OpenBSD kernel might have introduced a backdoor under
instruction or through coercion by a security agency. Now, far be it
from me to discredit the OpenBSD development team, which has done an
enormous and exceptional job. It's clear that Theo has done, and is
doing, a wonderful job... nevertheless, one should account for any
eventuality.

I believe that a forensics memory analysis interface would make
persistence and invisibility of unauthorized code much harder to
achieve. Even a developer intending to hide something would find
themselves a bit more exposed.

And all of this without even considering hardware vulnerabilities, such
as those in CPUs or other aspects of the machine, like firmware.



Re: volatility or something like that in the future ?

2023-08-17 Thread Scott Cheloha
> On Aug 17, 2023, at 10:28, whistlez  wrote:
> 
> [...] I believe we need to realize that, while the kernel is very
> secure, zero-day vulnerabilities are always a lurking threat. 
> 
> For those that don't know what is volatility, this is github page
> https://github.com/volatilityfoundation/volatility3

What is the utility of this software?  How
would supporting it benefit the project?

I read the summary on Github.  I am still
more or less completely in the dark on
why I or anyone would want to use it.



Re: Stuck in X start and crash loop

2023-08-17 Thread leo
Hey Nick,

thank you for taking the time, I appreciate it.

I had configured X to automatically log in, as I use FDE and the cost of
entering two passwords does not seem worth the security.

Single user mode did the trick!

Again, thanks a lot!

Kind regards,
Leo



Re: Stuck in X start and crash loop

2023-08-17 Thread Nick Holland

On 8/17/23 12:10, l...@ena.re wrote:

Hey,

I am new to OpenBSD. I run 7.3-stable.

My understanding after reading X(7), Xsecurity(7) and xenodm(1) is that
one can set the environment variable XAUTHORITY to specify the location
of the file, which by default, is located at $HOME/.Xauthority.> 
In $HOME/.profile I set XAUTHORITY=$HOME/.config/X/Xauthority and moved

.Xauthority to $HOME/.config/X/Xauthority.

However, now, when I boot and X is started, I see the cursor in the
middle of the screen for a moment and then X seems to crash and start
again. I am stuck in this loop.

Why do I not witness the behaviour I expected? Should I have set the
environment variable in $HOME/.xsession?


if you want my opinion of what you should do, i'd argue you should leave
it alone.


More importantly, how do I exit this loop and revert the changes?


What isn't clear is when you get the loop.  Are you logging in in text
mode then starting X as you, and getting this loop?  or is X starting
on boot, and you are getting that loop?  If X is starting on boot and
looping, I think you have another problem, because a file in your
home directory isn't being referenced until you log in.


But, to answer your question about how to fix it...depending on what
is going on, I'd start with CTRL-ALT-F1 to get to the command line,
log in, undo.

You might be able to hit CTRL-ALT-BackSpace to shut down X, but if
you are running xenocara, that will just take you back to the login
prompt.  But NOW you might be able to CTRL-ALT-F1 back to the CLI.

WORST CASE, reboot the machine, and boot in single user mode.
# mount -a
# export TERM=vt220
...fix it

Nick.



Re: volatility or something like that in the future ?

2023-08-17 Thread Petr Ročkai
Hi,

On Thu, Aug 17, 2023 at 05:12:54PM +0200, whistlez wrote:
> Hello community, I would like to ask if it's possible to develop a tool
> similar to Volatility in the future or a specific integration for
> OpenBSD. Along with a tool that can perform RAM dumping.

do you need anything else than mem(4)? I.e. /dev/mem. See the manpage
for more details.

Yours,
  M.

-- 
id' Ash = Ash; id' Dust = Dust; id' _ = undefined



Re: riscv questions

2023-08-17 Thread Mike Larkin
On Sun, Aug 13, 2023 at 06:27:20PM +0200, Peter J. Philipp wrote:
> Hi,
>
> I was wondering two things currently, both having to do with QEMU on OpenBSD.
>
> I noticed in my QEMU that is running OpenBSD that it is supporting the
> H-extension.  The H is hypervisor.  Does this mean that there is support
> emulated for hypervisor host and guest in QEMU?  Also is there any efforts to
> implement this where I can be an observer?

I believe they have some support for that.

There is no hardware currently available that has it though, from what I know.
There is an FPGA core you can implement on a suitably large dev board though,
but you'd be a 1-off.

When you say "implement this", what do you mean?

>
> I saw somewhere that newer QEMU support RV128 cpu emulation.  While this
> is something for 20 years from now perhaps, I'm still curious if anyone is
> considering a port to the RV128, or is at least turned on by the thought of 
> it.

no

> Unfortunately I believe the RV128 isn't intended for an 128 bit address space
> but has something planned for partitioning it in half so it will be 64 bit
> space.  With the other 64 bit for something security related.
>
> Also I'd like to say that I have my first piece of RV64 hardware for a few
> weeks now and it can run linux ubuntu.  It's a Mango Pi which is the same
> form factor as a RPI zero.  I also donated one to a developer so perhaps we'll
> see OpenBSD running on it one day.  In half a dozen weeks or so I'm 
> considering
> getting my second RV64 computer, which will be somewhat of a visionfive 2-like
> SBC for a router.  Not sure which yet, though, let's see who can deliver in
> October.
>
> Next year I'd like to invest into a larger RV64 computer for workstation. As
> you can see I'm starting to get a bit serious around Risc-V

get a milk-v pioneer then, it's the biggest you can currently buy.

>
> Best Regards,
> -peter
>
> --
> Over thirty years experience on Unix-like Operating Systems starting with QNX.
>



Stuck in X start and crash loop

2023-08-17 Thread leo
Hey,

I am new to OpenBSD. I run 7.3-stable.

My understanding after reading X(7), Xsecurity(7) and xenodm(1) is that
one can set the environment variable XAUTHORITY to specify the location
of the file, which by default, is located at $HOME/.Xauthority.

In $HOME/.profile I set XAUTHORITY=$HOME/.config/X/Xauthority and moved 
.Xauthority to $HOME/.config/X/Xauthority.

However, now, when I boot and X is started, I see the cursor in the
middle of the screen for a moment and then X seems to crash and start
again. I am stuck in this loop.

Why do I not witness the behaviour I expected? Should I have set the
environment variable in $HOME/.xsession?

More importantly, how do I exit this loop and revert the changes?

Kind regards,
Leo



volatility or something like that in the future ?

2023-08-17 Thread whistlez
Hello community, I would like to ask if it's possible to develop a tool
similar to Volatility in the future or a specific integration for
OpenBSD. Along with a tool that can perform RAM dumping. However, could
this potentially make the kernel vulnerable?

In my opinion, even though I'm not a developer, it would be desirable to
have a proper kernel interface for performing the dump. Something that
is maintained directly by the development team to prevent the software
team from constantly keeping up with changes in every new kernel
release. I believe we need to realize that, while the kernel is very
secure, zero-day vulnerabilities are always a lurking threat. 

For those that don't know what is volatility, this is github page
https://github.com/volatilityfoundation/volatility3

I hope Theo doesn't get angry, as I'm a very sensitive person, and if
someone offends me or makes fun of me, it really upsets me.

regards WhistleX



Re: Mouse not working via KVM switch

2023-08-17 Thread Nick Holland

On 8/14/23 13:37, Karel Lucas wrote:

HI all,
On a recent install of openBSD I can't get the mouse to work through my
KVM switch. I work with various computers via a KVM switch on 1 monitor
with a keyboard/mouse combination. Only on the PC with openBSD the mouse
does not work, the keyboard on the other hand works fine. Both are
connected to the KVM switch via USB, and the switch via USB to the
computers. The brand of the mouse is Logitech. Does anyone know why the
mouse doesn't work, but the keyboard does?
 
Good thing Logitech only makes one kind of mouse. HA! HAHAHaHahahaha!!!

I am so funny.  Really, though -- you thought mentioning just the brand
name of one of the more diverse makers of mice over 40+ years is all we
needed to know?

KVM switches are like a lot of other things -- tested with Windows, MAYBE
Linux.  And there are widely differing qualities and designs, some probably
weren't tested at all.

I can assure you, OpenBSD has no intrinsic issue with KVM switches.  I
regularly use a dual HDMI monitor 4-way KVM switch on OpenBSD and
Windows machines, works great in spite of being shockingly cheap (until
it seems two of the USB input ports died...but fortunately, it had two
extras, and I wouldn't be surprised if a complete powerdown fixed it).
That one replaced an even cheaper single monitor switch which was almost
useful, but had a lot of issues (including keyboard/mouse just dying
from time to time).

First of all, does your mouse work directly plugged into the OpenBSD
computer?  If so, it's your KVM switch.  Replace it.  If not, it is
your mouse.  Replace it.

Second...if you boot the OpenBSD machine with the KVM pointed at the
OpenBSD machine, does it work?  If so, your KVM switch is cranky.  You
might be able to improve how OpenBSD deals with KVM switched mice,
because yes, it does seem to be a little more touchy than some other
OSs, but someone with good programming and HW trouble shooting
skills AND a cheap-*** POS KVM switch would have to care.  Most people
that skilled generally just buy a better KVM switch and move on.

What does the dmesg show as you switch the KVM around?  That would tell
us how the KVM works.  Some are equiv. of plugging and unplugging the
mouse/keyboard/monitor, some do some kind of "keep alive" so the
computer thinks the mouse is still there.  Both can cause problems of
different types (my "good" one seems to plug/unplug the mouse/keyboard,
but has a great keep-alive for the monitor).

Nick.