shpark

Arch Linux installation and setup trouble shootings

Network Configuartion

Here are the summary of how to connect to the network (wireless/ethernet) during the installation.

Wireless

This link provides good explanation on how to connect to a WPA/WPA2 Wi-Fi network.

shpark

Keybase proof

I hereby claim:

• I am shpark on github.
• I am shpark1 (https://keybase.io/shpark1) on keybase.
• I have a public key whose fingerprint is 6A32 BB2B 46E3 0437 44DE 705A 358D F6DB 75F4 67E2

To claim this, I am signing this object:

shpark

• Create root file system image

cd $IMAGE/
wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-image.sh -O create-image.sh
chmod +x create-image.sh
./create-image.sh

-d buster for Debian 10, and -s 16384 for larger disk size.

shpark

Look at the following x86 assembly code (from lua repository).

static inline void coco_switch(coco_ctx from, coco_ctx to)
{
  __asm__ __volatile__ (
    "call 1f\n" "1:\tpopl %%eax\n\t" "addl $(2f-1b),%%eax\n\t"
    "movl %%eax, (%0)\n\t" "movl %%esp, 4(%0)\n\t"
    "movl %%ebp, 8(%0)\n\t" "movl %%ebx, 12(%0)\n\t"
 "movl 12(%1), %%ebx\n\t" "movl 8(%1), %%ebp\n\t"

shpark

SO link.

1. Add export GPG_TTY=$(tty) to .bashrc.
2. git config --global user.signingkey <key id>; <key id> can be found in the output of gpg --list-keys (public key?).
3. Example ~/.gnupg/gpg-agent.conf:

pinentry-program /usr/bin/pinentry-curses
allow-loopback-pinentry

4. Reload gpg-agent: gpg-connect-agent reloadagent /bye.

shpark

/usr/local/bin/qemu-system-x86_64 -enable-kvm -cpu EPYC -machine q35 -smp 4,maxcpus=64 -m 4096M,slots=5,maxmem=30G -no-reboot -drive if=pflash,format=raw,unit=0,file=/usr/local/share/qemu/OVMF_CODE.fd,readonly -drive if=pflash,format=raw,unit=1,file=/home/sev-host/amdsev/focal.fd -netdev user,id=vmnic -device e1000,netdev=vmnic,romfile= -drive file=/home/sev-host/amdsev/focal.qcow2,if=none,id=disk0,format=qcow2 -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true -device scsi-hd,drive=disk0 -object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1 -machine memory-encryption=sev0,vmport=off -nographic -vnc :0 -monitor pty -monitor unix:monitor,server,nowait

Notes

• <image_name>.fd (e.g., focal.fd) is automatically generated. It is copied from OVMF_VARS.fd.
• -object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1 -machine memory-encryption=sev0,vmport=off enables sev-es.
• -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true virtio-sc

shpark

#!/usr/bin/env bash

KERNEL=$1
DISKIMG=$2

# NOTE: You can omit `virtio_mmio.device=4K@0xd0000000:5`
qemu-system-x86_64 -machine microvm \
                   -drive file=$DISKIMG,format=raw,id=id0 \
                   -device virtio-blk-device,drive=id0 \
                   -m 4G -smp 8 \

shpark

On Ubuntu, you can use lsinitramfs or unmkinitramfs tools to play with initrd.

shpark

qemu-system-x86_64 -enable-kvm -m 2G -smp 4 --machine q35 -nographic -drive if=pflash,format=raw,file=OVMF_CODE.fd,readonly=on -drive if=pflash,format=raw,file=OVMF_VARS.fd,readonly=on -drive if=none,file=fat:rw:esp,id=esp0,format=raw -device virtio-blk-pci,drive=esp0,num-queues=4
SecCoreStartupWithStack(0xFFFCC000, 0x820000)
Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE
Install PPI: 8C8CE578-8A3D-4F1C-9935-896185C32DD3
Install PPI: 5473C07A-3DCB-4DCA-BD6F-1E9689E7349A
The 0th FV start address is 0x00000820000, size is 0x000E0000, handle is 0x820000
Register PPI Notify: 49EDB1C1-BF21-4761-BB12-EB0031AABB39
Register PPI Notify: EA7CA24B-DED5-4DAD-A389-BF827E8F9B38
Install PPI: B9E0ABFE-5979-4914-977F-6DEE78C278A6
Install PPI: DBE23AA9-A345-4B97-85B6-B226F1617389

shpark

Linux netns cheat sheet

TL;DR. You first create a network namesmace (netns), and a veth device (you also create a peer). Then you assign one end to another netns. You can talk to another netns via the veth.

TODO: How to use a different device instead of veth for communication across netns?

Create a new netns