List the secure boot trust stores:
apt-get install -y efitools
efi-readvarTo take ownership of the system by following the next steps.
Create our own Platform Key (PK), Key Exchange Key (KEK), and Code Signing CAs:
Rui Lopes rgl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "flag" | |
| "log" | |
| "net/http" | |
| "os" | |
| "os/signal" | |
| "time" |
rgl
/ vagrant.log
Last active
June 10, 2020 16:30
see https://github.com/vagrant-libvirt/vagrant-libvirt/issues/1122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INFO global: Vagrant version: 2.2.9 | |
| INFO global: Ruby version: 2.6.6 | |
| INFO global: RubyGems version: 3.0.3 | |
| INFO global: VAGRANT_LOG="debug" | |
| INFO global: VAGRANT_INSTALLER_ENV="1" | |
| INFO global: VAGRANT_INSTALLER_VERSION="2" | |
| INFO global: VAGRANT_INSTALLER_EMBEDDED_DIR="/opt/vagrant/embedded" | |
| INFO global: VAGRANT_EXECUTABLE="/opt/vagrant/embedded/gems/2.2.9/gems/vagrant-2.2.9/bin/vagrant" | |
| WARN global: resolv replacement has not been enabled! | |
| DEBUG global: Loading core plugin: /opt/vagrant/embedded/gems/2.2.9/gems/vagrant-2.2.9/plugins/kernel_v1/plugin.rb |
This will show how to run an emulated arm64 virtual machine under qemu.
It first shows how to launch a typical amd64 virtual machine to make sure we have cloud-init working.
Then it shows how to launch the arm64 (aka aarch64) virtual machine.
NB In my humble i3-3245 amd64 host this is way too slow to run anything useful as it takes about 6m to allow you to finally login, and after that, its slow too. You are really better off with a proper physical arm64 machine, like:
Start QEMU with QMP UNIX socket and connect:
qemu-system-x86_64 -qmp unix:test.socket,server,nowait ...
nc -U test.socket
qmp-shell test.socket # use the raw qmp interface. see https://github.com/0xef53/qmp-shell
qmp-shell -H test.socket # use the human interface. see https://github.com/0xef53/qmp-shell
rgl
/ vagrant.log
Created
April 11, 2020 21:22
https://github.com/hashicorp/vagrant/issues/11512 log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INFO global: Vagrant version: 2.2.7 | |
| INFO global: Ruby version: 2.4.9 | |
| INFO global: RubyGems version: 2.6.14.4 | |
| INFO global: VAGRANT_EXECUTABLE="C:\\HashiCorp\\Vagrant\\embedded\\gems\\2.2.7\\gems\\vagrant-2.2.7\\bin\\vagrant" | |
| INFO global: VAGRANT_INSTALLER_EMBEDDED_DIR="C:\\HashiCorp\\Vagrant\\embedded" | |
| INFO global: VAGRANT_INSTALLER_ENV="1" | |
| INFO global: VAGRANT_INSTALLER_VERSION="2" | |
| INFO global: VAGRANT_LOG="debug" | |
| WARN global: resolv replacement has not been enabled! | |
| DEBUG global: Loading core plugin: C:/HashiCorp/Vagrant/embedded/gems/2.2.7/gems/vagrant-2.2.7/plugins/commands/box/plugin.rb |
This was moved to https://github.com/rgl/raspberrypi-uefi-edk2-vagrant#sd-card-flashing
- Azure AD (aka Microsoft identity platform) is an OpenID Connect Provider
- We can create Security Groups as the normal Windows AD
- The application manifest can be configured the send the user Security Group OIDs as a claim, but is limited to sending a sub-set of the whole groups. A better way is to use the Azure Graph API somehow.
- use FriedrichWeinmann/GPOTools#5 to export/import.
- We can export and import a gpo BUT when a gpo has users/groups/paths you need to create a migration table (or manually edit the backup .xml files before importing it):
rgl
/ provision-packetbeat.ps1
Last active
January 13, 2020 09:38
use packedbeat to capture which processes are opening tls connections
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version Latest | |
| $ProgressPreference = 'SilentlyContinue' | |
| $ErrorActionPreference = 'Stop' | |
| trap { | |
| Write-Host | |
| Write-Host "ERROR: $_" | |
| Write-Host (($_.ScriptStackTrace -split '\r?\n') -replace '^(.*)$','ERROR: $1') | |
| Write-Host (($_.Exception.ToString() -split '\r?\n') -replace '^(.*)$','ERROR EXCEPTION: $1') | |
| Write-Host | |
| throw |