Install grpcurl:
cd $(mktemp -d)
curl -LO https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz
tar -xvzf grpcurl_1.8.7_linux_x86_64.tar.gz
sudo mv grpcurl /usr/local/bin
Magnus Kulke mkulke
mkulke
/ 0001-accel-mshv-Remove-remap-overlapping-mappings-code.patch
Last active
May 12, 2026 13:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 626e5dc999353d2c4a89febd46301bfec6daa3a7 Mon Sep 17 00:00:00 2001 | |
| From: Magnus Kulke <magnuskulke@linux.microsoft.com> | |
| Date: Tue, 13 Jan 2026 16:37:08 +0100 | |
| Subject: [PATCH] accel/mshv: Remove remap overlapping mappings code | |
| This change removes userland code that worked around a restriction | |
| in the mshv driver in the 6.18 kernel: regions from userland | |
| couldn't be mapped to multiple regions in the kernel. We maintained a | |
| shadow mapping table in qemu and used a heuristic to swap in a requested | |
| region in case of UNMAPPED_GPA exits. |
mkulke
/ Dockerfile
Created
May 11, 2026 12:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # syntax=docker/dockerfile:1.3-labs | |
| FROM quay.io/centos/centos:stream9 AS payload-builder | |
| RUN dnf -y update && dnf -y install \ | |
| mtools \ | |
| wget \ | |
| dosfstools | |
| RUN wget https://cloud-images.ubuntu.com/minimal/releases/jammy/release/ubuntu-22.04-minimal-cloudimg-amd64.img -O /tmp/os-image.qcow2 | |
| RUN mkdir cidata | |
| COPY <<EOF cidata/meta-data |
mkulke
/ launch-libvirt-vm.sh
Created
December 3, 2024 07:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| VM_NAME="${1:-mgns}" | |
| SCREEN_SESSION="vm-console" | |
| virt-install \ | |
| --name "$VM_NAME" \ | |
| --osinfo name=fedora40 \ |
mkulke
/ Dockerfile.kbs
Last active
August 23, 2023 12:12
Cloud Api Adaptor image decryption with cc_kbc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM rust:1.71-slim-bullseye as builder | |
| ARG KBS_COMMIT=81f3de7 | |
| RUN apt-get update && apt-get install -y curl gnupg2 | |
| RUN curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - | |
| RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' > /etc/apt/sources.list.d/intel-sgx.list | |
| RUN apt-get update && apt-get install -y \ | |
| build-essential \ | |
| clang \ | |
| git \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| # login to GHCR | |
| pass github/token/packages | docker login ghcr.io -u USERNAME --password-stdin | |
| # Encryption | |
| # Provides the GRPC api for skopeo/ocicrypt. it performs no attestation |
mkulke
/ secret_key_release.md
Created
May 24, 2023 14:34
mkulke
/ client_side_encryption.py
Created
May 5, 2023 13:51
Client Side Key Encryption with Azure Blob Storage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os, uuid | |
| from azure.identity import DefaultAzureCredential | |
| from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient | |
| from cryptography.hazmat.backends import default_backend | |
| from cryptography.hazmat.primitives.keywrap import aes_key_wrap, aes_key_unwrap | |
| from base64 import b64decode | |
| KEK_B64 = 'DGLwgnzlaBYAlxRuuCkthRgYRfUWryR8Cqo79g88Gek=' | |
| class KeyWrapper: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ts 4.2.0 | |
| // fp-ts 2.9.5 | |
| import * as RE from 'fp-ts/lib/Reader'; | |
| import { pipe } from 'fp-ts/lib/pipeable'; | |
| import * as assert from 'assert'; | |
| interface Dependencies { | |
| logger: { log: (message: string) => void }; | |
| env: 'development' | 'production'; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // typescript v4.1.3 | |
| type _0 = 0; | |
| type Increment<N> = [N, 1]; | |
| type Eq<A, B extends A> = true; | |
| type _1 = Increment<_0>; | |
| type _2 = Increment<_1>; | |
| type _3 = Increment<_2>; | |
| type _4 = Increment<_3>; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat mapping.json | jq 'map(select(.categories | map(startswith("blacklisted")) | any)) | map(.code)' > blacklisted_expressions.json |
NewerOlder