| Age | Commit message (Collapse) | Author |
|---|
|
i previously had this as a speed optimisation, but
removed it because it wouldn't make any real speed
difference, on most modern file systems / kernels.
however, this also has the dual purpose of ensuring
only what was verified gets written, on operations
that only touch the NVM area, since this relies on
checksum verification.
therefore, i have re-added this feature, but under
the new design of nvmutil. it is done policy-based,
instead of having if/else for specific commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
up to a maximum number of retries
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
their functions now only return. not needed anymore.
these commands are still available, but they no longer
need helper functions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we centralise this now. better not to over-engineer
our over-engineering.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
errno must never be negative
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the existing verification is retained, an a few commands.
this is an additional security mechanism. redundancy is
best.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
3-arg arguments were broken, by recent generalisations.
this should fix it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
no more command-specific logic here. this should be the
same in the rest of the code now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now they only set checksums.
and generalised checksumming is next!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
get it out of main(), it's bloat there
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
gbe_write already checks this, but we should
also check inside the caller.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
nice bit of defense here
we absolutely need this code to be bullet proof
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
they should only access the nvm area, so rename
them accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make the code slightly easier to read
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
xstrxlen ftw
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
strnlen is not available on some older systems,
so now we provide our own portable version.
this version also aborts on NULL input, unlike
the standard function.
this version also does not permit empty strings.
this version also does not permit unterminated
strings.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
oops
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
arc4random is superior, so using /dev/urandom
would be a mistake. we only use that on linux,
or old/weird unix.
we would also use it on linux, but GNU prohibits
nice things (its implementations are spotty, and
old glibc doesn't have it - before 2022 there is
libbsd, but i'm not importing that).
not that it matters. we're not doing encryption.
i'm just a stickler for technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use the macro, introduced in the previous commit
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
to make it clearer what this variable does
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is a guard against mistakes by future maintainers
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make cmd a size_t and make the equivalent to NULL
be the number of items in command[]
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
don't set args here
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
instead of simply checking null, just do a bound check.
this would also cover NULL (-1)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
There, we use arc4random_buf which does not directly
access /dev/urandom on BSD; it uses a userspace method
instead, which bypasses this.
This is therefore much more restrictive, which is
exactly the point of unveil(2) and pledge(2); restrict
your program's operation while ensuring that it has what
it needs, to help with debugging and prevent common bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the current name is misleading. this function
specifically converts what's stored in memory,
in the nvm.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, it's a pointless computation
i also added a guard to mitigate this, in the
read file function. this should have been there
anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that way, it makes more sense sementantically
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
accidentally specified invert, for the brick
and setchecksum commands. oops!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
