Eric ideologysec

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

Reddit post (Archived)

Table of Content

What to expect?
- Some TLDR about the idea behind
Prerequisites
- Hardware
- System & Software
Update: Attention for MUXless laptop

Docker on Qubes

Since this page is apparently the top result on google, Heres a link to how to do it.

https://martingladdish.co.uk/technology/setting-up-docker-under-qubesos/

That page has more detail, but here are the instructions in case its down.

Install docker engine, following the instruction on https://www.docker.com. NOT DESKTOP as that wont work in Qubes (unless you enable nested virtualization)

機種

MacBook Pro 13inch, 2016, Four Thunderbolt 3 Ports
CPU 3.3GHz Intel i7
MEM 16G
Intel Iris Graphics

現象

満充電状態にして、100%充電状態であることを確認後、電源を外して、ラップトップの画面を閉じて持ち歩いたり、机に放置しおく
その後まったく使ってないのに残容量 0%だったり、少しだけ残ってる状態になる
一日中、バックの中が生暖かく保たれる

	import openai
	import boto3
	import json
	import time
	from typing import Dict, List

	openai.api_key = '### SET YOUR OPENAPI API KEY HERE ###'
	session = boto3.session.Session()
	client = session.client('iam')

	<?xml version="1.0"?>
	<SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy">
	<VersionEx>10.0.0.0</VersionEx>
	<BasePolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</BasePolicyID>
	<PolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyID>
	<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
	<Rules>
	<Rule>
	<Option>Enabled:UMCI</Option>
	</Rule>

	1) Start in uefi mode.

	At Line 216 use:

	echo password \| zpool create -f \
	-o ashift=12 \
	-O compression=lz4 \
	-O acltype=posixacl \
	-O xattr=sa \
	-O relatime=on \

	# Run as root
	# sudo -i

	# Prepare LiveCD Environment

	add-apt-repository -y ppa:jonathonf/zfs
	apt install -y zfs-dkms
	systemctl stop zfs-zed.service
	modprobe -r zfs
	modprobe zfs

	<?xml version="1.0" encoding="utf-8"?>
	<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
	<VersionEx>10.0.0.0</VersionEx>
	<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
	<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
	<Rules>
	<Rule>
	<Option>Enabled:Unsigned System Integrity Policy</Option>
	</Rule>
	<Rule>

	#!/usr/bin/python

	import os
	import sys

	from CoreFoundation import (CFPreferencesAppValueIsForced,
	CFPreferencesCopyAppValue,
	CFPreferencesCopyValue,
	kCFPreferencesAnyUser,
	kCFPreferencesAnyHost,