On 26.06.2010 15:16, Stuart Henderson wrote:
On 2010/06/25 19:31, Carl-Daniel Hailfinger wrote:
On OpenBSD we decided that those /dev/pci write access are similar to /dev/mem access, and thus decided to control it using the same sysctl, in order not to create more knobs.
So if I understand you correctly, full /dev/pci and /dev/mem access should be possible with securelevel=0, and we shouldn't screw with allowaperture at all? No problem, I am happy to change the flashrom docs.
Ah, I've tracked down why securelevel gets changed from 0 to 1 (which is what I was asking about re securelevels). It's init(8). To avoid this and have /dev/{pci,mem} access on a running system, temporarily set securelevel=-1 in /etc/rc.securelevel.
Ah right. So you change /etc/securelevel, reboot, run flashrom, change securelevel again, reboot, and the system is back to the old secure settings.
flashrom is something you won't run on every boot, so I think requiring securelevel=0 for the few times you need to access flash is perfectly fine.
Agreed.
It is at least going to take a reboot and either running in single- user mode or adjusting rc.securelevel.
Could I ask you to write one or two short sentences which will be printed if flashrom detects insufficient permisions on OpenBSD? Maybe something like this (feel free to change it completely): "Error: Insufficient permissions to access hardware. Please set securelevel=-1 in /etc/rc.securelevel and reboot, or reboot into single user mode."
Regards, Carl-Daniel