Kaitai Struct is a tool for parsing binary formats. Binary formats\, such as archive files\, executables\, filesystems\, multimedia fi les\, network protocols\, etc. are everywhere. If your application needs to read data in a specific binary format\, you need a parser that unpacks the bytes into meaningful data structures that you can work with. There are li braries doing that for popular formats\, but what if there is no suitable l ibrary in your programming language for the format you need?
Kaitai S truct has got you covered: it introduces a declarative domain-specific lang uage (based on YAML) for describing the structure of arbitrary binary forma ts. Format specifications in this language are consumed by a compiler\, whi ch generates ready-to-use parsing modules in 11 programming languages (C++\ , C#\, Go\, Java\, JavaScript\, Lua\, Nim\, Perl\, PHP\, Python\, Ruby). Th ere are more than 180 format specifications in the format gallery and hundr eds more in various GitHub projects.
This talk will discuss the curre nt state\, capabilities and limitations of Kaitai Struct. It will also focu s on serialization: a highly requested feature that is being actively worke d on. Currently\, Kaitai Struct can only parse (read) existing binary files created by other applications. Serialization allows to edit the data of an existing file and write it back or create a new file from scratch\, greatl y expanding the use of all written format specifications.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/bintools_kaitai/ LOCATION:AW1.126 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121211Z DTSTAMP:20230124T121211Z UID:417b0183-93f5-4454-96a0-a4983ba895a7 SUMMARY:Literate Storytelling: Interpreting Syntaxes for Explorers STATUS:CONFIRMED ATTENDEE;CN=Jonathan McHugh;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid: nomail CATEGORIES:Declarative and Minimalistic Computing DTSTART:20230205T100000 DTEND:20230205T103000 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Examples include:* Explaining the principles of regular exp ressions for reading semi-structured data* Concepts surrounding hashes\, sy ntaxes and tokens from the perspective of a body of documents* Using collec tions of Parsing Expression Grammars to solve problems* Justifications for datalisps as a representative form* Ideas regarding RDF from datalisps to c reate knowledge corridors
Operating environment includes:* TXR* Emacs -Hyperbole* Gemtext* Koutliner* Idutils
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/liberatestorytelling/ LOCATION:D.minimalistic END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121030Z DTSTAMP:20230124T121030Z UID:4f810fca-9dc0-41ff-b1a8-6c76b80bbaa1 SUMMARY:Porting RISC-V to GNU Guix STATUS:CONFIRMED ATTENDEE;CN=Efraim Flashner;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid: nomail CATEGORIES:RISC-V DTSTART:20230205T102000 DTEND:20230205T110000 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:GNU Guix is a from-source distribution with binary substitu tes available. It is also a functional package manager\, meaning that all t he inputs are hashed and the build results are placed in their own destinat ion folder. Guix also does its best to minimize bootstrap seeds\, instead r elying on a few cross-compiled bootstrap binaries used to build all other p ackages on the system. This provides some interesting bootstrap issues\, es pecially for newer architectures\, as we need to recreate the bootstrap pat h as it may have existed years ago in order to support programming language s. Some languages\, like nodejs or ocaml\, need to have support backported only a few versions. Others like java need more than a decade. Rust needed to use an alternate implementation of rustc to be bootstrapped and Haskell currently isn't on the roadmap.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/rv_gnu_guix/ LOCATION:K.4.601 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121603Z DTSTAMP:20230124T121603Z UID:d92b7169-e944-498e-971a-bd714431ce85 SUMMARY:Heads - status update! STATUS:CONFIRMED ATTENDEE;CN=Thierry Laurion;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid: nomail CATEGORIES:Open Source Firmware CATEGORIES: BMC and Bootloader DTSTART:20230205T102500 DTEND:20230205T105000 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Heads is a secure runtime environment and a build system\; a build recipe cookbook\, which boards configurations instructs which modul es to be incorporated in the mix needed for specific platform board configu ration. Heads takes advantage of common linux tools to create its runtime e nvironment\, including whiptail\, cryptsetup\, busybox\, flashrom\, LVM\, t he GPG toolstack\, kexec and others. The typical output of a build are pack ed initramfs and kernel\, included inside of a coreboot ROM image as its pa yload. Depending on the architecture\, it also integrates neutered/deactiva ted Intel ME/CSME binary blob (platform dependent)\, generated Gigabit Ethe rnet (GBE) configuration blob and an unlocked descriptor (IFD). The produce d firmware images requires the platform to be flashed once externally to ov erwrite the origin flash chip(s) content\, more specifically locked IFD and ME/MCSE regions. Heads firmware upgrades can then happen internally.
Heads take advantage of coreboot measured boot in Static Root of Trust (SR TM) mode\, which currently measures itself from bootblock in PCR2. Heads pa yload is then executed after measured and extends TPM with its own measurem ents in distinct PCRs in the goal of sealing secrets in TPM NVRAM distinct regions. Kernel modules are measured prior of being loaded\, LUKS drive(s) headers are measured if a TPM disk encryption key is setuped\, while going to the Recovery shell invalidates the TPM measurements by the same TPM exte nd mechanism. From a user standpoint\, those sealed secrets enables oneself to validate the integrity of the firmware either through TOTP code shown o n screen on its smartphone or through HOTP (with a supported USB Security d ongle). Another TPM sealed secret enables the user to release an additional LUKS disk encryption key only if the firmware is intact\, that kernel modu les loaded are consistent to sealed state and if provided passphrase matche s. Heads also validates user detached signed /boot digests\, which guarante es both integrity and authenticity of the trusted boot configuration prior of kexec’ing into it.
A lot happened since 2020. Let’s cover curr ent state and where the project is heading!
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/heads_status_update/ LOCATION:K.4.201 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121338Z DTSTAMP:20230124T121338Z UID:5fa05036-932f-4102-b535-904d028e9b0a SUMMARY:Trustworthy Platform Module STATUS:CONFIRMED ATTENDEE;CN=Maciej Pijanowski;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invali d:nomail CATEGORIES:Open Source Firmware CATEGORIES: BMC and Bootloader DTSTART:20230205T113500 DTEND:20230205T120500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:TwTPM project aims to increase the trustworthiness of the T PM module(hence the TwTPM)\, by providing the open-source firmware implemen tation for theTPM device\, compliant to the TCG PC Client Specification.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/twpm_osf_tpm/ LOCATION:K.4.201 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121121Z DTSTAMP:20230124T121121Z UID:72e0ba72-2d11-49e0-aa28-94149eba8bd5 SUMMARY:Bringing RISC-V to Guix's bootstrap STATUS:CONFIRMED ATTENDEE;CN=Ekaitz Zarraga;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid:n omail CATEGORIES:Declarative and Minimalistic Computing DTSTART:20230204T120000 DTEND:20230204T123000 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:The talk is a review of my work on Guix's bootstrapping pro cess for RISC-V. The presentation describes why we needed to make this\, th e challenges I encountered\, what I focused doing\, what is missing and how people can take part.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/guixriscv/ LOCATION:D.minimalistic END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121429Z DTSTAMP:20230124T121429Z UID:97df0dce-a3dd-49a5-b4f9-2c6db4f196fa SUMMARY:Ondev2: Distro-Independent Installer For Linux Mobile STATUS:CONFIRMED ATTENDEE;CN=OIiver Smith;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid:nom ail CATEGORIES:FOSS on Mobile Devices DTSTART:20230204T123000 DTEND:20230204T124500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Introducing the new version of the on-device installer for Linux Mobile.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/ondev2_installer/ LOCATION:UB4.136 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T120928Z DTSTAMP:20230124T120928Z UID:8e114fc1-1f82-4b65-9fad-4e638391eebf SUMMARY:Podcasting 2.0: it's all about Interoperability STATUS:CONFIRMED ATTENDEE;CN=Benjamin Bellamy;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid :nomail CATEGORIES:Main Track - Janson DTSTART:20230205T130000 DTEND:20230205T135000 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Podcasting has been around for 20 years.Many revolutions ha ve happened since then: DSL connections\, smartphones\, social networks\, a rtificial intelligence everywhere… But Podcasting stayed still and its de centralized architecture resisted to the big corporations.In this talk we w ill show how the Podcasting 2.0 community is reinventing Podcasting by addi ng tons of new features\, while keeping all this interoperable.We will quic kly demonstrate how this actually works with Castopod\, an open-source podc ast hosting solution.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/podcasting20/ LOCATION:Janson END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121628Z DTSTAMP:20230124T121628Z UID:321f1b33-3fd1-41fd-8b29-8045a930f0b2 SUMMARY:Keyoxide: verifying online identity with cryptography STATUS:CONFIRMED ATTENDEE;CN=Yarmo Mackenbach;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid :nomail CATEGORIES:Lightning Talks DTSTART:20230205T132000 DTEND:20230205T133500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Just as we need the ability to prove real-world identity\, so will the need arise in the digital domain as the offline world slowly me rges with the online world. But this time\, let's improve on the concept an d give people full sovereignty over their identity.
Keyoxide is a new decentralized tool to verify online identities using modern cryptography t hrough a system of claims and proofs. People use it to establish a verifiab le digital passport that links to all their online accounts. These passport s can even be anonymous.
This talk briefly introduces the concept of online identity and explains how Keyoxide went about solving it in a decent ralized way\, using established cryptography standards and infrastructure\, without needing blockchain-related technologies.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/keyoxide/ LOCATION:H.2215 (Ferrer) END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T120958Z DTSTAMP:20230124T120958Z UID:60dbf670-df8b-4d41-981e-c517b7ac6a6d SUMMARY:Libre-SOC: From architecture and simulation to test silicon\, and b eyond STATUS:CONFIRMED ATTENDEE;CN=Cesar Strauss;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid:no mail CATEGORIES:Lightning Talks DTSTART:20230205T144000 DTEND:20230205T145500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Libre-SOC aims to develop a design for a hybrid CPU-GPU-VPU core for a family of System-on-Chip products\, from embedded applications\ , routers\, cell phones and laptops\, all the way to high performance compu ting\, using proposed scalable vector extensions for the tried and true POW ER instruction set. Being a fully documented and transparent design is a co re value of the project\, ensuring mainline kernel integration with no effo rt wasted on reversing-engineering proprietary designs covered by NDA (non- disclosure-agreements)\, while avoiding untrusted binary blobs. The product s should “just work”\, at its maximum performance and feature set\, wit h full involvement and support for the community.
Last year\, Libre-S OC labored to produce its first silicon\, a test chip\, and produced its fi rst Linux-capable networked proof of concept on an FPGA (field programmable gate array) development board. Using a completely FLOSS toolchain\, any de veloper can build and test this design on their own computer\, run it in ha rdware in a supported FPGA development board\, or even build a full ASIC ch ip layout.
In this talk I’ll present topics of the ongoing architec ture design and formal testing\, being written in a modern\, developer-frie ndly\, Python-based hardware description language.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/libre_soc/ LOCATION:H.2215 (Ferrer) END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121016Z DTSTAMP:20230124T121016Z UID:6bb90675-9dca-4f86-9a3b-6410f2d3b650 SUMMARY:How Replicant\, a 100% free software Android distribution\, uses (o r doesn't use) Guix STATUS:CONFIRMED ATTENDEE;CN=Denis Carikli (GNUtoo);CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:i nvalid:nomail CATEGORIES:Declarative and Minimalistic Computing DTSTART:20230204T152500 DTEND:20230204T155500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Guix is a 100% free software distribution that can be used in a wide variety of ways.
Unlike other GNU/Linux distributions\, all its packages and configuration is defined in scheme (with Guile). To do th at it uses software abstractions. That abstraction enables to reuse the sam e packages or configurations in various contexts (for instance to build con tainer\, to build packages for other distributions\, etc).
This re-us ability can enables other project to use Guix in various ways (for testing\ , for project infrastructure\, etc).
This talk will look at how and w hy Replicant (a 100% free software Android distribution certified by the FS F) uses or depends on Guix\, where it didn't use Guix and why\, and future directions with the usage of Guix by the Replicant project.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/replicantguix/ LOCATION:K.3.201 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121308Z DTSTAMP:20230124T121308Z UID:e9d2d591-71c3-4c5e-bb2f-33dffce01c9c SUMMARY:The Importance of Collaborative Applications for European Digital S overeignty STATUS:CONFIRMED ATTENDEE;CN=Ludovic Dubost;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid:n omail CATEGORIES:Sovereign Cloud DTSTART:20230204T154500 DTEND:20230204T164500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:In this talk\, I would like to present the importance of th e core Collaborative Softwares using by individuals and companies in this s tack and the progress and challenges of the Open Source communities providi ng alternative solutions and the importance of all European countries to co llectively support the actors in the Open Source communities providing solu tion in this area.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/sovcloud_the_importance_of_collab orative_applications_for_european_digital_sovereignty/ LOCATION:H.1301 (Cornil) END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121153Z DTSTAMP:20230124T121153Z UID:4c7dc6aa-d999-42fd-abe0-331f28dd2813 SUMMARY:P4 in Nix STATUS:CONFIRMED ATTENDEE;CN=Gauvain Roussel-Tarbouriech;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIP ANT:invalid:nomail CATEGORIES:Nix and NixOS DTSTART:20230205T155500 DTEND:20230205T161500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Nix\, and by extension NixOS\, are incredible tools to defi ne infrastructures and deployments of dedicated machines. Unfortunately\, s ometimes the load is too big for even an optimized network stack and we nee d to get dedicated equipment such as load balancers to handle the load. Wha t if we could configure those from within Nix?
P4\, a Domain Specific Language intended to produce highly optimized network processing code\, al lows for that. It can produce code that can be synthesized to FPGAs or even configure network ASICs in order to have optimized solutions to those prob lems.
Points we'll touch on: Writing a transpiler in Nix\, Automatic (re-)deployment of synthesized code\, hardware definition for Nix-reprogram mable hardware.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/nix_and_nixos_p4_in_nix/ LOCATION:H.2214 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121405Z DTSTAMP:20230124T121405Z UID:85e6f735-7b15-4f01-ac58-42b32e702012 SUMMARY:Modernizing Authentication and Authorization in XMPP STATUS:CONFIRMED ATTENDEE;CN=Matthew Wild;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid:nom ail CATEGORIES:Real Time Communications DTSTART:20230205T160500 DTEND:20230205T162500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:This presentation will discuss the recent work done on over hauling XMPP's authentication stage\, improving reconnection performance\, adding multi-factor authentication and increasing account security for user s. Implementation of the new protocol in Prosody and multiple clients will be discussed.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/modern_xmpp_auth/ LOCATION:K.3.401 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121238Z DTSTAMP:20230124T121238Z UID:d2e72bae-f557-4a11-a914-de762ecb68bf SUMMARY:Towards Secure Boot for NixOS STATUS:CONFIRMED ATTENDEE;CN=Julian Stecklina;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid :nomail CATEGORIES:Nix and NixOS DTSTART:20230205T161500 DTEND:20230205T163500 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:This talk gives an overview about the state of Lanzaboote\, a set of tools that enable Secure Boot for NixOS.
UEFI Secure Boot i s a firmware security feature that prevents untrusted code from booting on a system. Users can utilize this technology to prevent certain kinds of att acks that involve booting malicious code on their computers. Unfortunately\ , NixOS has no support for Secure Boot yet.
The talk will give a shor t background of Secure Boot\, go through NixOS-specific challenges\, and ex plain the strategy we took for enabling Secure Boot in NixOS. We will highl ight the newly developed components\, such as a custom UEFI boot stub and c ompanion Linux userspace tool\, which are both written in Rust. Finally\, w e will explain the current state of upstreaming Secure Boot support in NixO S.
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/nix_and_nixos_towards_secure_boot / LOCATION:H.2214 END:VEVENT BEGIN:VEVENT LAST-MODIFIED:20230124T121532Z DTSTAMP:20230124T121532Z UID:9a9aae4a-43b7-428b-831c-3b1c0bde9fe3 SUMMARY:News from the ODF Toolkit STATUS:CONFIRMED ATTENDEE;CN=Svante Schubert;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:invalid: nomail CATEGORIES:LibreOffice Technology Development Platform DTSTART:20230204T170000 DTEND:20230204T171000 METHOD:PUBLISH TZID:Europe-Brussels DESCRIPTION:Quick overview: Intro\, use cases &\; updates from the p ast months and likely future!
CLASS:PUBLIC URL:https:/fosdem.org/2023/schedule/event/lotech_odftoolkit/ LOCATION:H.1308 (Rolin) END:VEVENT END:VCALENDAR