Seonghyun Park shpark

Arch Linux installation and setup trouble shootings

Network Configuartion

Here are the summary of how to connect to the network (wireless/ethernet) during the installation.

Wireless

This link provides good explanation on how to connect to a WPA/WPA2 Wi-Fi network.

Keybase proof

I hereby claim:

I am shpark on github.
I am shpark1 (https://keybase.io/shpark1) on keybase.
I have a public key whose fingerprint is 6A32 BB2B 46E3 0437 44DE 705A 358D F6DB 75F4 67E2

To claim this, I am signing this object:

Create root file system image

cd $IMAGE/
wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-image.sh -O create-image.sh
chmod +x create-image.sh
./create-image.sh

-d buster for Debian 10, and -s 16384 for larger disk size.

Look at the following x86 assembly code (from lua repository).

static inline void coco_switch(coco_ctx from, coco_ctx to)
{
  __asm__ __volatile__ (
    "call 1f\n" "1:\tpopl %%eax\n\t" "addl $(2f-1b),%%eax\n\t"
    "movl %%eax, (%0)\n\t" "movl %%esp, 4(%0)\n\t"
    "movl %%ebp, 8(%0)\n\t" "movl %%ebx, 12(%0)\n\t"
 "movl 12(%1), %%ebx\n\t" "movl 8(%1), %%ebp\n\t"

SO link.

Add export GPG_TTY=$(tty) to .bashrc.
git config --global user.signingkey <key id>; <key id> can be found in the output of gpg --list-keys (public key?).
Example ~/.gnupg/gpg-agent.conf:

pinentry-program /usr/bin/pinentry-curses
allow-loopback-pinentry

Reload gpg-agent: gpg-connect-agent reloadagent /bye.

/usr/local/bin/qemu-system-x86_64 -enable-kvm -cpu EPYC -machine q35 -smp 4,maxcpus=64 -m 4096M,slots=5,maxmem=30G -no-reboot -drive if=pflash,format=raw,unit=0,file=/usr/local/share/qemu/OVMF_CODE.fd,readonly -drive if=pflash,format=raw,unit=1,file=/home/sev-host/amdsev/focal.fd -netdev user,id=vmnic -device e1000,netdev=vmnic,romfile= -drive file=/home/sev-host/amdsev/focal.qcow2,if=none,id=disk0,format=qcow2 -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true -device scsi-hd,drive=disk0 -object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1 -machine memory-encryption=sev0,vmport=off -nographic -vnc :0 -monitor pty -monitor unix:monitor,server,nowait

Notes

<image_name>.fd (e.g., focal.fd) is automatically generated. It is copied from OVMF_VARS.fd.
-object sev-guest,id=sev0,policy=0x5,cbitpos=47,reduced-phys-bits=1 -machine memory-encryption=sev0,vmport=off enables sev-es.
-device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true virtio-sc

On Ubuntu, you can use lsinitramfs or unmkinitramfs tools to play with initrd.

Linux netns cheat sheet

TL;DR. You first create a network namesmace (netns), and a veth device (you also create a peer). Then you assign one end to another netns. You can talk to another netns via the veth.

TODO: How to use a different device instead of veth for communication across netns?

	#!/usr/bin/env bash

	KERNEL=$1
	DISKIMG=$2

	# NOTE: You can omit `virtio_mmio.device=4K@0xd0000000:5`
	qemu-system-x86_64 -machine microvm \
	-drive file=$DISKIMG,format=raw,id=id0 \
	-device virtio-blk-device,drive=id0 \
	-m 4G -smp 8 \

	qemu-system-x86_64 -enable-kvm -m 2G -smp 4 --machine q35 -nographic -drive if=pflash,format=raw,file=OVMF_CODE.fd,readonly=on -drive if=pflash,format=raw,file=OVMF_VARS.fd,readonly=on -drive if=none,file=fat:rw:esp,id=esp0,format=raw -device virtio-blk-pci,drive=esp0,num-queues=4
	SecCoreStartupWithStack(0xFFFCC000, 0x820000)
	Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE
	Install PPI: 8C8CE578-8A3D-4F1C-9935-896185C32DD3
	Install PPI: 5473C07A-3DCB-4DCA-BD6F-1E9689E7349A
	The 0th FV start address is 0x00000820000, size is 0x000E0000, handle is 0x820000
	Register PPI Notify: 49EDB1C1-BF21-4761-BB12-EB0031AABB39
	Register PPI Notify: EA7CA24B-DED5-4DAD-A389-BF827E8F9B38
	Install PPI: B9E0ABFE-5979-4914-977F-6DEE78C278A6
	Install PPI: DBE23AA9-A345-4B97-85B6-B226F1617389