On 26.06.2010 15:16, Stuart Henderson wrote:
> On 2010/06/25 19:31, Carl-Daniel Hailfinger wrote:
>
>>> On OpenBSD we decided that those /dev/pci write access are similar to
>>> /dev/mem access, and thus decided to control it using the same sysctl,
>>> in order not to create more knobs.
>>>
>>>
>> So if I understand you correctly, full /dev/pci and /dev/mem access
>> should be possible with securelevel=0, and we shouldn't screw with
>> allowaperture at all?
>> No problem, I am happy to change the flashrom docs.
>>
>
> Ah, I've tracked down why securelevel gets changed from 0 to 1
> (which is what I was asking about re securelevels). It's init(8).
> To avoid this and have /dev/{pci,mem} access on a running system,
> temporarily set securelevel=-1 in /etc/rc.securelevel.
>
Ah right. So you change /etc/securelevel, reboot, run flashrom, change
securelevel again, reboot, and the system is back to the old secure
settings.
>> flashrom is something you won't run on every boot, so I think requiring
>> securelevel=0 for the few times you need to access flash is perfectly fine.
>>
>
> Agreed.
>
> It is at least going to take a reboot and either running in single-
> user mode or adjusting rc.securelevel.
Could I ask you to write one or two short sentences which will be
printed if flashrom detects insufficient permisions on OpenBSD? Maybe
something like this (feel free to change it completely):
"Error: Insufficient permissions to access hardware. Please set
securelevel=-1 in /etc/rc.securelevel and reboot, or reboot into single
user mode."
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
