util/nvmutil: fix unveil usage

arandom probably isn't available on super old obsd right?????? rather, unveil isn't. on systems that have arandom yet we should not unveil something that may not exist on modern systems just don't unveil arandom, and don't check arandom if unveil is enabled Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-16 17:30:03 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-26 06:59:41 +0000
commit: 28a499e556a883165c9aeb93fcb1247c4e2b342e (patch)
tree: 258bd3f7ac84103c9cec981764a0391b27b0960f /util/nvmutil/nvmutil.c
parent: 96dde65d16b8c83a920d641689abc3ab0b282ffc (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 851eb0fb..1f91de0a 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -756,6 +756,8 @@ main(int argc, char *argv[])
 		err(errno, "pledge, unveil");
 	if (unveil("/dev/urandom", "r") == -1)
 		err(errno, "unveil: /dev/urandom");
+	if (unveil("/dev/random", "r") == -1)
+		err(errno, "unveil: /dev/random");
 #else
 	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
 		err(errno, "pledge");
@@ -1415,8 +1417,10 @@ read_urandom(void)
 	if (fd < 0) {
 
 		fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK);
+#ifndef NVMUTIL_UNVEIL
 		if (fd < 0) /* older openbsd */
 			fd = open("/dev/arandom", O_RDONLY | O_NONBLOCK);
+#endif
 		if (fd < 0) /* super old unix (could block) */
 			fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
author	Leah Rowe <leah@libreboot.org>	2026-03-16 17:30:03 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-26 06:59:41 +0000
commit	28a499e556a883165c9aeb93fcb1247c4e2b342e (patch)
tree	258bd3f7ac84103c9cec981764a0391b27b0960f /util/nvmutil/nvmutil.c
parent	96dde65d16b8c83a920d641689abc3ab0b282ffc (diff)