Anastasia Klimchuk submitted this change.

View Change

Approvals: build bot (Jenkins): Verified Anastasia Klimchuk: Looks good to me, approved Peter Marheine: Looks good to me, approved 
hwaccess_x86_io: Improve IO permission error messages

- Display the BSD hints only when compiled for a specific BSD
- On Linux check the user's uid to see if flashrom run with
  root privileges
- Add a note about the dmesg check if the flashrom run as
  root and have no IO privilege

TEST=Run flashrom with internal programmed on a
Secure boot enabled machine. You should not get the
privilege level error, but rather a suggestion about
the security policies.

Change-Id: I6a6f60a5f0ac8f2b51c74661f7dad30571819680
Signed-off-by: Miklós Márton <martonmiklosqdev@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/62878
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
M hwaccess_x86_io.c
1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/hwaccess_x86_io.c b/hwaccess_x86_io.c
index a883ed4..93d29d8 100644
--- a/hwaccess_x86_io.c
+++ b/hwaccess_x86_io.c
@@ -66,6 +66,7 @@
 
 #if defined(__linux__) && !defined(__ANDROID__)
 #include <sys/io.h>
+#include <unistd.h>
 
 #define IO_PORT_PERMISSION USE_IOPL
 #define IO_PORT_FUNCTION USE_LIBC_TARGET_LAST
@@ -263,13 +264,24 @@
 		register_shutdown(platform_release_io_perms, NULL);
 		return 0;
 	}
+
 	msg_perr("ERROR: Could not get I/O privileges (%s).\n", strerror(errno));
-	msg_perr("Make sure you are root. If you are root, your kernel may still\n"
-		 "prevent access based on security policies.\n");
+#if defined(__linux__) && !defined(__ANDROID__)
+	if (getuid() != 0) {
+		msg_perr("Make sure you are running flashrom with root privileges.\n");
+	} else {
+		msg_perr("Your kernel may prevent access based on security policies.\n"
+		 "Issue a 'dmesg | grep flashrom' for further information\n");
+	}
+#elif defined(__OpenBSD__)
 	msg_perr("On OpenBSD set securelevel=-1 in /etc/rc.securelevel and\n"
 		 "reboot, or reboot into single user mode.\n");
+#elif defined(__NetBSD__)
 	msg_perr("On NetBSD reboot into single user mode or make sure\n"
 		 "that your kernel configuration has the option INSECURE enabled.\n");
+#else
+	msg_perr("Make sure you are running flashrom with root privileges.\n");
+#endif
 	return 1;
 }

To view, visit change 62878. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I6a6f60a5f0ac8f2b51c74661f7dad30571819680
Gerrit-Change-Number: 62878
Gerrit-PatchSet: 7
Gerrit-Owner: Miklós Márton <martonmiklosqdev@gmail.com>
Gerrit-Reviewer: Anastasia Klimchuk <aklm@chromium.org>
Gerrit-Reviewer: Peter Marheine <pmarheine@chromium.org>
Gerrit-Reviewer: Thomas Heijligen <src@posteo.de>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-MessageType: merged