Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

224 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / duplicate_policyduplicationselect.md
Created May 9, 2024 14:56
Prevent Chained duplication from TPM-A -> TPM-B -> TPM-C using tpm2_policyduplicationselect

Prevent Chained duplication from A -> B -> C using tpm2_policyduplicationselect

This procedure will transfer an HMAC key created inside TPM-A to TPM-B but prevent TPM-B to transfer it to TPM-C.

Basically, and extension of As an end-to-end example, the following will transfer an RSA key generated on TPM-A to TPM-B but using tpm2_policyduplicationselect tp prevent further duplication

Step 1 below will transfer a key from A->B, step 2 attempts B->C but is prevented duplication on B by policy

@salrashid123
salrashid123 / duplicate_policycommandcode.md
Created May 9, 2024 14:40
Duplicate and Transfer an encoded key from TPM-A -> TPM-B -> TPM-C using tpm2_policycommandcode
@salrashid123
salrashid123 / tinkrsa.go
Created April 17, 2024 00:17
tink-golang sign/verify and extract rsa.PublicKey
package main
import (
"bytes"
"crypto"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/json"
"encoding/pem"
@salrashid123
salrashid123 / os-inventory.md
Created April 2, 2024 13:41
Parsing GCP OSInventory packages from metadata server

parsing the os-inventory metadata server struct

if you have os-inventory enabled, you can get the values on the VM itself by running

curl -s -H 'Metadata-Flavor: Google'  http://metadata.google.internal/computeMetadata/v1/instance/guest-attributes/guestInventory/InstalledPackages

parse the values using
(you can ofcourse otherwise get the packages via api

@salrashid123
salrashid123 / bazel_protobuf_1.33.0.md
Created March 18, 2024 18:45
Bazel rules_go error after upgrading google.golang.org/protobuf from 1.32.0 to 1.33.0

Bazel build issue after upgrading

to repro, copy all the files below to a folder, then:

go get cloud.google.com/go/iam/credentials/apiv1@latest

bazel run :gazelle -- update-repos -from_file=go.mod -prune=true -to_macro=repositories.bzl%go_repositories
@salrashid123
salrashid123 / bazel_py.md
Last active March 7, 2024 12:40
bazel_python 
$ bazel run :main

$ bazel run :server_image

$ docker run -ti localhost:4000/harness:server_image
Traceback (most recent call last):
  File "/app//py_image.binary.runfiles/qs/main.py", line 8, in <module>
    import tink
@salrashid123
salrashid123 / migrate.md
Last active January 31, 2024 13:03
Migrate non-org gcp project into org wihout console

this will migrate a project (your-project-to-migrate) that sits outside of an cloud org (yourdomain.com)

  1. its owned by alice@domain

  2. admin@domain is a cloud org domain owner who can migrate a project over

  3. enable domain wide delegation on a service account with scopes

    "https://www.googleapis.com/auth/cloud-platform"

    see ref

@salrashid123
salrashid123 / amd-snp.md
Last active January 29, 2024 16:10
GCP AMD SNP client

scratchpad on starting up a GCP AMD-SEV instance

using go-sev-guest and virtee

# create instance

gcloud beta compute instances create snp-instance \
  --machine-type=n2d-standard-4 \
  --min-cpu-platform="AMD Milan" \
@salrashid123
salrashid123 / rules_oci.md
Last active December 20, 2023 21:26
Bazel rules_oci with go

Build container with rules_oci

First run a local registry

crane registry serve --address :4000
@salrashid123
salrashid123 / bazel_gcp.md
Last active December 6, 2023 13:44
bazel build for gcp apis: (ref https://github.com/bazelbuild/rules_go/issues/3467)

ref

bazel build with go gcp library

bazel run :gazelle -- update-repos -from_file=go.mod -prune=true -to_macro=repositories.bzl%go_repositories

bazel run  --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 :main