Hrm As I tinkering around m1 things I think we made it hard

Question

Hrm As I tinkering around m1 things I think we made it hard We have pretty comprehensive support for platforms They re in the schema we expose a bitfield of them Etc But we don t expose any kind of architecture info It s not in `osquery info` It s not in the table schema Etc

sharvil · Answer

`cpu type` from `system info` should have that iirc

sharvil · Answer

or is that not what you mean gt

Mike Myers · Answer

Well it s not on the website where the user wants to know why the table exists or doesn t exist for them or why it s empty

Mike Myers · Answer

I think we have a gap in ownership of the osquery website there are a few things that could be improved about the schema view there

seph · Answer

Maybe a gap in ownership but I think it s a gap in knowledge To some degree nothing has an owner we re a loose collective But none of us are super knowledgable about js SPA stuff so the website is a bit grotty

seph · Answer

But I m not thinking about the website I m thinking about the schemas Kolide parses them and tracks a lot of what should work where But because osquery doesn t really differenciante by arch we hadn t either So now I m grafting it on But it s imperfect

seph · Answer

`cpu type` from `system info` is ideally what the system is But it is not what osquery was compiled for

Daniel Bretón Suárez · Answer

Out of curiosity is there any table that works doesn t work on a Linux with ARM architecture

seph · Answer

cpuid is intel specific There may be others

Mike Myers · Answer

Probably the tables that rely on SMBIOS <https github com osquery osquery issues 7588>

Stefano Bonicatti · Answer

SMBIOS works under Linux ARM it s only Apple M1 devices