hwaccess_x86_io: Improve IO permission error messages

- Display the BSD hints only when compiled for a specific BSD - On Linux check the user's uid to see if flashrom run with root privileges - Add a note about the dmesg check if the flashrom run as root and have no IO privilege TEST=Run flashrom with internal programmed on a Secure boot enabled machine. You should not get the privilege level error, but rather a suggestion about the security policies. Change-Id: I6a6f60a5f0ac8f2b51c74661f7dad30571819680 Signed-off-by: Miklós Márton <martonmiklosqdev@gmail.com> Reviewed-on: https://review.coreboot.org/c/flashrom/+/62878 Reviewed-by: Anastasia Klimchuk <aklm@chromium.org> Reviewed-by: Peter Marheine <pmarheine@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2025-04-26 22:52:34 +02:00 · 2022-03-16 23:04:46 +01:00 · 2022-03-16 23:04:46 +01:00 · b09aad573b
commit b09aad573b
parent 385b3374e3
1 changed files with 14 additions and 2 deletions
--- a/hwaccess_x86_io.c
+++ b/hwaccess_x86_io.c
@ -66,6 +66,7 @@

 #if defined(__linux__) && !defined(__ANDROID__)
 #include <sys/io.h>
+#include <unistd.h>

 #define IO_PORT_PERMISSION USE_IOPL
 #define IO_PORT_FUNCTION USE_LIBC_TARGET_LAST
@ -263,13 +264,24 @@ int rget_io_perms(void)
 		register_shutdown(platform_release_io_perms, NULL);
 		return 0;
 	}
+
 	msg_perr("ERROR: Could not get I/O privileges (%s).\n", strerror(errno));
-	msg_perr("Make sure you are root. If you are root, your kernel may still\n"
-		 "prevent access based on security policies.\n");
+#if defined(__linux__) && !defined(__ANDROID__)
+	if (getuid() != 0) {
+		msg_perr("Make sure you are running flashrom with root privileges.\n");
+	} else {
+		msg_perr("Your kernel may prevent access based on security policies.\n"
+		 "Issue a 'dmesg | grep flashrom' for further information\n");
+	}
+#elif defined(__OpenBSD__)
 	msg_perr("On OpenBSD set securelevel=-1 in /etc/rc.securelevel and\n"
 		 "reboot, or reboot into single user mode.\n");
+#elif defined(__NetBSD__)
 	msg_perr("On NetBSD reboot into single user mode or make sure\n"
 		 "that your kernel configuration has the option INSECURE enabled.\n");
+#else
+	msg_perr("Make sure you are running flashrom with root privileges.\n");
+#endif
 	return 1;
 }