[S] Change in flashrom[master]: hwaccess_x86_io: Improve IO permission error messages - flashrom-gerrit

29 May 2023

Anastasia Klimchuk has submitted this change. ( https://review.coreboot.org/c/flashrom/+/62878?usp=email )
Change subject: hwaccess_x86_io: Improve IO permission error messages
......................................................................
hwaccess_x86_io: Improve IO permission error messages
- Display the BSD hints only when compiled for a specific BSD
- On Linux check the user's uid to see if flashrom run with
  root privileges
- Add a note about the dmesg check if the flashrom run as
  root and have no IO privilege
TEST=Run flashrom with internal programmed on a
Secure boot enabled machine. You should not get the
privilege level error, but rather a suggestion about
the security policies.
Change-Id: I6a6f60a5f0ac8f2b51c74661f7dad30571819680
Signed-off-by: Miklós Márton martonmiklosqdev@gmail.com
Reviewed-on: https://review.coreboot.org/c/flashrom/+/62878
Reviewed-by: Anastasia Klimchuk aklm@chromium.org
Reviewed-by: Peter Marheine pmarheine@chromium.org
Tested-by: build bot (Jenkins) no-reply@coreboot.org
---
M hwaccess_x86_io.c
1 file changed, 14 insertions(+), 2 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Anastasia Klimchuk: Looks good to me, approved
  Peter Marheine: Looks good to me, approved

diff --git a/hwaccess_x86_io.c b/hwaccess_x86_io.c
index a883ed4..93d29d8 100644
--- a/hwaccess_x86_io.c
+++ b/hwaccess_x86_io.c
@@ -66,6 +66,7 @@
#if defined(__linux__) && !defined(__ANDROID__)
 #include <sys/io.h>
+#include <unistd.h>
#define IO_PORT_PERMISSION USE_IOPL
 #define IO_PORT_FUNCTION USE_LIBC_TARGET_LAST
@@ -263,13 +264,24 @@
    	register_shutdown(platform_release_io_perms, NULL);
    	return 0;
    }
+
    msg_perr("ERROR: Could not get I/O privileges (%s).\n", strerror(errno));
-	msg_perr("Make sure you are root. If you are root, your kernel may still\n"
-		 "prevent access based on security policies.\n");
+#if defined(__linux__) && !defined(__ANDROID__)
+	if (getuid() != 0) {
+		msg_perr("Make sure you are running flashrom with root privileges.\n");
+	} else {
+		msg_perr("Your kernel may prevent access based on security policies.\n"
+		 "Issue a 'dmesg | grep flashrom' for further information\n");
+	}
+#elif defined(__OpenBSD__)
    msg_perr("On OpenBSD set securelevel=-1 in /etc/rc.securelevel and\n"
    	 "reboot, or reboot into single user mode.\n");
+#elif defined(__NetBSD__)
    msg_perr("On NetBSD reboot into single user mode or make sure\n"
    	 "that your kernel configuration has the option INSECURE enabled.\n");
+#else
+	msg_perr("Make sure you are running flashrom with root privileges.\n");
+#endif
    return 1;
 }
-- 
To view, visit https://review.coreboot.org/c/flashrom/+/62878?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I6a6f60a5f0ac8f2b51c74661f7dad30571819680
Gerrit-Change-Number: 62878
Gerrit-PatchSet: 7
Gerrit-Owner: Miklós Márton martonmiklosqdev@gmail.com
Gerrit-Reviewer: Anastasia Klimchuk aklm@chromium.org
Gerrit-Reviewer: Peter Marheine pmarheine@chromium.org
Gerrit-Reviewer: Thomas Heijligen src@posteo.de
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    