[M] Change in flashrom[master]: flashrom: Skip read/write/erase/verify ops on inaccessable flash regions - flashrom-gerrit

30 Nov 2022


      Attention is currently required from: Edward O'Callaghan, Nikolai Artemiev.
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/70128 )
Change subject: flashrom: Skip read/write/erase/verify ops on inaccessable flash regions
......................................................................
Patch Set 6:
(2 comments)
Commit Message:
https://review.coreboot.org/c/flashrom/+/70128/comment/2c24b6ae_add81200 
PS6, Line 10: invalid
`unreadable` or `read-protected` would be more accurate.
https://review.coreboot.org/c/flashrom/+/70128/comment/447835a0_cfea9341 
PS6, Line 11: platforms with active an CSME coprocessor.
Currently, the way to use flashrom to erase/write parts of a flash chip when some other regions are not readable is to use a layout (e.g. `--ifd`) and specify `--noverify-all` to skip verifying non-targeted regions. Looks like this approach silently ignores non-readable and non-writable regions, which is dangerous as it can trick the user into thinking that something went well when it did not. As people don't usually read flashrom logs (the `--noverify-all` thing is explained in the flashrom log, and we've pointed at it too many times after people asked for help about "transaction error"), an error message alone won't cut it: we *need* to bail out if flashrom can't do what the user asked for (except if the user explicitly asked to `force-I-want-a-brick`).
How about adapting these changes to error out when the requested operations cannot be performed because of read/write restrictions? This means bailing out if trying to read a read-protected region or trying to erase/write a write-protected region. The latter would be especially useful as flashrom currently tries to erase/write when something (SMM BIOS write protection or protected ranges) prevents doing so, which risks bricking devices and will fail with a scary error message. See https://mail.coreboot.org/hyperkitty/list/flashrom@flashrom.org/thread/PIZM2... for an example of unnecessary risk that could be avoided.
-- 
To view, visit https://review.coreboot.org/c/flashrom/+/70128
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I9b96fb04b863625d2c9f9a00b97c35b3ddb0871b
Gerrit-Change-Number: 70128
Gerrit-PatchSet: 6
Gerrit-Owner: Nikolai Artemiev nartemiev@google.com
Gerrit-Reviewer: Edward O'Callaghan quasisec@chromium.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Angel Pons th3fanbus@gmail.com
Gerrit-Attention: Edward O'Callaghan quasisec@chromium.org
Gerrit-Attention: Nikolai Artemiev nartemiev@google.com
Gerrit-Comment-Date: Wed, 30 Nov 2022 12:12:52 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment