From b09aad573b6a92087141ee1f4c8f86a0abaa75d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikl=C3=B3s=20M=C3=A1rton?= <martonmiklosqdev@gmail.com>
Date: Wed, 16 Mar 2022 23:04:46 +0100
Subject: [PATCH] hwaccess_x86_io: Improve IO permission error messages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Display the BSD hints only when compiled for a specific BSD
- On Linux check the user's uid to see if flashrom run with
  root privileges
- Add a note about the dmesg check if the flashrom run as
  root and have no IO privilege

TEST=Run flashrom with internal programmed on a
Secure boot enabled machine. You should not get the
privilege level error, but rather a suggestion about
the security policies.

Change-Id: I6a6f60a5f0ac8f2b51c74661f7dad30571819680
Signed-off-by: Miklós Márton <martonmiklosqdev@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/62878
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 hwaccess_x86_io.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/hwaccess_x86_io.c b/hwaccess_x86_io.c
index a883ed418..93d29d82d 100644
--- a/hwaccess_x86_io.c
+++ b/hwaccess_x86_io.c
@@ -66,6 +66,7 @@
 
 #if defined(__linux__) && !defined(__ANDROID__)
 #include <sys/io.h>
+#include <unistd.h>
 
 #define IO_PORT_PERMISSION USE_IOPL
 #define IO_PORT_FUNCTION USE_LIBC_TARGET_LAST
@@ -263,13 +264,24 @@ int rget_io_perms(void)
 		register_shutdown(platform_release_io_perms, NULL);
 		return 0;
 	}
+
 	msg_perr("ERROR: Could not get I/O privileges (%s).\n", strerror(errno));
-	msg_perr("Make sure you are root. If you are root, your kernel may still\n"
-		 "prevent access based on security policies.\n");
+#if defined(__linux__) && !defined(__ANDROID__)
+	if (getuid() != 0) {
+		msg_perr("Make sure you are running flashrom with root privileges.\n");
+	} else {
+		msg_perr("Your kernel may prevent access based on security policies.\n"
+		 "Issue a 'dmesg | grep flashrom' for further information\n");
+	}
+#elif defined(__OpenBSD__)
 	msg_perr("On OpenBSD set securelevel=-1 in /etc/rc.securelevel and\n"
 		 "reboot, or reboot into single user mode.\n");
+#elif defined(__NetBSD__)
 	msg_perr("On NetBSD reboot into single user mode or make sure\n"
 		 "that your kernel configuration has the option INSECURE enabled.\n");
+#else
+	msg_perr("Make sure you are running flashrom with root privileges.\n");
+#endif
 	return 1;
 }