Recovering lost GPG public keys from your YubiKey

Have you ever generated GPG keys, loaded them into your YubiKey, and then thrown away/erased your computer? You’ll discover that when you take your YubiKey to a new computer, GPG refuses to automatically import your key when running --card-status.

The common wisdom on the Internet is that this is because YubiKeys (and Smart Cards in general) don’t store your public keys at all, they only store your private keys, so you must import your public keys from a backup or a public keyserver instead. If you don’t have such a backup, you’re screwed.

However, I investigated this and found that this common wisdom wasn’t true. I was able to recover my public keys from my YubiKey 4 even on a brand new, erased computer. Here’s how you can, too.

Continue reading Recovering lost GPG public keys from your YubiKey

Installing macOS 12 “Monterey” Developer Beta on Proxmox 6

This tutorial for installing macOS Monterey Developer Beta has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode of my OpenCore release on my GitHub here.

Requirements

Since Monterey is still in closed Developer Beta, you need to be an Apple Developer and have access to a Mac (or Mac VM) to download it. If you don’t have access to that, maybe you’d like to try my Big Sur tutorial instead while you wait for the public release.

Your Proxmox host computer’s CPU must support SSE 4.2, so for Intel your CPU must be at least as new as Nehalem, which was the first CPU generation to bear the “Core” i5/i7 branding. Older CPUs will cause Illegal Instruction crashes when apps/extensions attempt to use these missing instructions.

Modern AMD CPUs also support SSE 4.2 and will work with this guide.

Continue reading Installing macOS 12 “Monterey” Developer Beta on Proxmox 6

Magic Trackpad 2 causes kernel heap corruption when passed to a Proxmox guest, GPFs

In mid-December I rebooted to upgrade my Proxmox kernel to pve-kernel-5.4.78-2-pve, but I immediately started having an issue where the kernel would trigger a GPF (general protection fault) and reset about 5-20 minutes after starting my macOS VM. I suspected that the new kernel was at fault, but I rolled back to the previous kernel and the problem persisted. I hadn’t experienced this fault before so I was a bit baffled about what change I made before that reboot could have triggered it.

To track down the issue, I built a version of Proxmox’s kernel with KASAN enabled. KASAN is the Kernel Address Sanitiser, it can detect kernel bugs like double-frees or out-of-bounds reads and writes by instrumenting the kernel to add checks around every memory access. This adds a bunch of CPU and memory space overhead, but the impact is bearable so long as your guest doesn’t need much service from the host kernel.

Continue reading Magic Trackpad 2 causes kernel heap corruption when passed to a Proxmox guest, GPFs

Running Tails as a VM with persistence on Proxmox

In this guide I’ll explain how you can run Tails as a VM in Proxmox while retaining the persistence feature, and keeping support for Proxmox backups and snapshots.

Firstly, note that running Tails as a VM defeats a lot of the security features it offers, since you now need to trust the hypervisor to be secure. The VM’s memory could be swapped to disk in the host’s swapfile or persisted in a guest snapshot (if the “include RAM” option is ticked), which will leak the contents of the guest onto the host’s persistent storage, including secret encryption key material.

Continue reading Running Tails as a VM with persistence on Proxmox

Working around the AMD GPU Reset bug on Proxmox using vendor-reset

Most modern AMD GPUs suffer from the AMD Reset Bug: The card cannot be reset properly, so it can only be used once per host power-on. The second time the card is tried to be used Linux will attempt to reset it and fail, causing the VM launch to fail, or the guest, host or both to hang.

gnif’s new vendor-reset project is an attempt to work around this AMD reset issue by replacing AMD’s missing FLR support with vendor-specific reset quirks.

Continue reading Working around the AMD GPU Reset bug on Proxmox using vendor-reset

Solving macOS VM kernel panics on heavily-loaded Proxmox/QEMU/KVM servers

Recently I needed to solve a problem where macOS VMs running on an overloaded Proxmox server (regularly pegged at 100% CPU, load >100) would kernel-panic and reboot about once every 15 minutes. All of the VMs on the box were running a CI workload, so Proxmox was effectively running a CPU torture-test similar to building Chrome in a loop. However, only the macOS guests were experiencing kernel panics.

Continue reading Solving macOS VM kernel panics on heavily-loaded Proxmox/QEMU/KVM servers

Installing macOS 11 “Big Sur” on Proxmox 6

This tutorial for installing macOS Big Sur Final using OpenCore has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode on my GitHub here.

Requirements

I’ll assume you already have Proxmox 6 installed. You also need a real Mac available in order to fetch the OSK key.

Your Proxmox host computer’s CPU must support SSE 4.2, so for Intel your CPU must be at least as new as Nehalem, which was the first CPU generation to bear the “Core” i5/i7 branding. Older CPUs will cause the finder to repeatedly crash after installation completes (with an Illegal Instruction exception in the graphics code).

Modern AMD CPUs also support SSE 4.2 and will work with this guide.

Continue reading Installing macOS 11 “Big Sur” on Proxmox 6

Installing macOS Catalina 10.15 on Proxmox 6.1 or 6.2 using OpenCore

macOS 11 Big Sur has now been released! If you’d like that version instead then please use my new Big Sur installation guide!

This tutorial for installing macOS Catalina using OpenCore has been adapted for Proxmox from Kholia’s OSX-KVM project and Leoyzen’s OpenCore configuration for KVM. You can get the full sourcecode on my GitHub here.

If you’d like to use Clover instead, use my older tutorial, but OpenCore works better!

Requirements

I’ll assume you already have Proxmox 6.1 or 6.2 installed. You also need a real Mac available in order to fetch the OSK key.

Your Proxmox host computer’s CPU must support SSE 4.2, so for Intel your CPU must be at least as new as Nehalem, which was the first CPU generation to bear the “Core” i5/i7 branding. Older CPUs will cause the finder to repeatedly crash after installation completes (with an Illegal Instruction exception in the graphics code).

Modern AMD CPUs also support SSE 4.2 and will work with this guide.

Continue reading Installing macOS Catalina 10.15 on Proxmox 6.1 or 6.2 using OpenCore

Using a Canon DSLR as a webcam on macOS with Zoom

With the COVID-19 lockdown, I needed to do some videoconferencing with zoom.us, but I wanted something higher quality than my MacBook’s built-in webcam. So instead I wanted to use my Canon 5D III. (These instructions are for macOS only, not Windows)

First we need to export your camera’s proprietary liveview into a video stream we can use. To do this you can install v002-Camera-Live:

https://github.com/v002/v002-Camera-Live

Turn on your camera and connect it to your computer with USB, then run Camera Live and double click your camera in the list to activate it. This makes the liveview output from your Canon camera available as a Syphon video stream.

But zoom.us doesn’t support Syphon video directly, it only supports webcams. So you now need to convert the Syphon stream into a virtual webcam using CamTwist Studio:

Continue reading Using a Canon DSLR as a webcam on macOS with Zoom

createinstallmedia for macOS Sierra is a fork bomb!

Apple have posted a set of download links for installers for older versions of macOS on their website here:

https://support.apple.com/en-us/HT201372

There’s a teeny-tiny problem with the macOS Sierra installer though: running the createinstallmedia command as suggested ends up with an infinite loop of createinstallmedia spawning new copies of itself, until the computer’s resources are exhausted (a fork bomb)!

Continue reading createinstallmedia for macOS Sierra is a fork bomb!