From: "David Arroyo" <droyo@aqwari.net>
To: 9front@9front.org, 9fans@9fans.net
Subject: [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv)
Date: Mon, 29 Dec 2025 05:57:48 -0500 [thread overview]
Message-ID: <760adea1-7ed3-4c91-a320-8e54267cb01c@app.fastmail.com> (raw)
On Sun, Dec 14, 2025, at 07:43, sirjofri wrote:
> More ideally, but also offtopic, I's like to have a factotum usb drive,
> where the secrets never leave the usb device. It would talk 9p directly
> over the serial bus.
I think this is a great idea; an HSM-like device with an interface that
doesn't suck. After some discussion about this idea on IRC, I want to
try and implement it. I purchased the "security" variant of this family
of microcontrollers:
https://tomu.im/
It's an STM32L432KC (Arm v7) in the form factor of a yubikey nano,
so it's nearly flush with a USB Type-A port. It has a capacitive button
which would work nice with the `confirm` attribute of factotum to require
human presence before using a key.
It is still in the mail, so I am exploring the firmware it ships with,
and trying to prove things out with qemu. If our tc compiler can produce
code for this microcontroller, I will probably replace their firmware,
otherwise I will adapt their firmware to run factotum. It could be nice
to retain the webauthn abilities of their firmware.
I'm trying to figure out how to serve 9P over USB, which I know very
little about. My initial plan is to make the device a USB serial
device that expects 9P, then try to mount the /dev/eiaUN device.
However, nusb(4) states that the nusb/serial driver only works for two
chips, so I'd have to add support for this one. That's not a problem,
but am I going in the right direction? There are a number of USB
device classes, maybe a different one is more suitable to carrying 9P?
If this works out it would be great if I could also mount it under
Linux, with v9fs or 9pfuse, but that's not a priority.
David
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T969c381dcd9c760d-M076fe1fcc6f57d1f2db9913f
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next reply other threads:[~2025-12-29 13:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-29 10:57 David Arroyo [this message]
2025-12-29 14:40 ` [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) sirjofri via 9fans
2025-12-30 6:28 ` David Arroyo
2025-12-30 17:56 ` [9fans] Solo factotum Dworkin Muller
2025-12-30 21:37 ` sirjofri via 9fans
2025-12-30 23:29 ` ori
2025-12-31 4:24 ` Steve Simon
2025-12-31 5:21 ` David Arroyo
2025-12-31 17:31 ` ori
2025-12-31 21:47 ` Steve Simon
2025-12-31 9:40 ` sirjofri via 9fans
2025-12-31 16:26 ` ori
2025-12-31 8:51 ` Skip Tavakkolian
2025-12-29 15:32 ` [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) Shawn Rutledge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=760adea1-7ed3-4c91-a320-8e54267cb01c@app.fastmail.com \
--to=droyo@aqwari.net \
--cc=9fans@9fans.net \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).