[flashrom] flashrom, hardened gentoo (grsecurity) and iopl()
Michael Karcher
flashrom at mkarcher.dialup.fu-berlin.de
Tue May 10 08:07:10 CEST 2011
Am Montag, den 09.05.2011, 22:48 -0700 schrieb Stefan Reinauer:
> > Are there way to make port access without iopl()?
> No. The whole reason of CONFIG_GRKERSEC_IO is to prevent you from
> running tools like flashrom. ;-)
Which is (although there is a smiley) not a joke. Hardware drivers
belong to the kernel, which is deemed "trusted" in models like
grsecurity, and anything doing direct hardware access circumventing the
kernel is deemed to be evil. So it does not target flashrom in special,
but it is meant in fact for (or more likely against) programs "like
flashrom". I would not be surprised if grsecurity also prevents r/w
mapping of the BIOS chip.
Regards,
Michael Karcher
More information about the flashrom
mailing list