| Age | Commit message (Collapse) | Author |
|---|
|
don't cast unsigned to signed.
no behaviour is changed, but this will prevent some
silly compilers complaining about -Wsign-conversion
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i removed this before, but it's good to put it
here defensively, in case i ever mess up
the urandom read function again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i forgot to handle it in the previous refactor
not really a problem in practise, since the first
read probably succeeds anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
split them up into their own functions, since they
no longer operate according to the same policy.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
on bsd
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
urandom_fd is unavailable on bsd
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also handles possible overflows in read_gbe_file_exact
it removes dead code on both paths: arc4random and
urandom
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not bsd
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we rely on uint16_t wrapping, but some platforms may
behave weirdly.
cast as uint32_t and then cast back, on return, with
an explicit mask beforehand.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
n could be zero under weird regression cases
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some platforms might get this wrong. define it
explicitly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
cast buf[x] directly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some older systems have 32-bit off_t. this makes them
have 64-bit off_t
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some older systems need it for pread/pwrite
it must come before stat.h
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
with this new define, we can target even older systems
from the late 90s.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
put it at the start of the message
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i plan to release this as a standalone utility at
some point, once it's perfect (on its current
feature set)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i will write a *manpage* at some point. for now, the
documentation on libreboot.org shall suffice.
i'm nearly ready to submit this code to coreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that option there is already defined in the code
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
merge it into one
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and with this, i'm probably done for a while
i've obsessively audited this code for a week
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
explicitly declare the directory path for the given
file (nvmutil), otherwise it's implementation-defined;
on some systems, /bin/nvmutil means a directory named
nvmutil could then contain nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
makefile is correct, but lots of people don't read it.
putting it iin code helps people avoid confusion.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I also needed: #define _POSIX_C_SOURCE 200809L
I use -pedantic with -Wall -Wextra -Werror, which
forces very strict error handling and ISO C; this
means pread and pwrite aren't available.
The define fixes this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
only allow the long form: setmac [MAC]
specifying gbe.bin just shows the help/usage now.
this is a safety feature, so that someone doesn't
accidentally write the gbe file. we want it to be
that the user specifically requested setmac.
setmac with mac address as the 3rd argument is
also disabled. this is done as part of a general
simplification and safety improvement to nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is an extremely dangerous feature, and serves
no purpose to the user.
this change is part of a series of extreme safety
improvements, part of a larger nvmutil audit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This feature is extremely dangerous, and we should
discourage against its use.
This is part of a series of changes that I've made
to make the code safer. You should only ever run
this on a valid GbE file, and nothing else.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
linear, top-down order. re-order the prototypes
also some general cleanup:
argc enums now validated. ifdefs for pledge
and arc4random now use a consistent naming
scheme.
feature change:
the "dump" command now fails if both checksums
are invalid, and won't show anything.
my next commit will disable setchecksum when
both checksums are invalid. this and the other
insane auditing i've done over the last few
days has been part of a major effort to make
nvmutil extremely safe, and robust.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
setchecksum and setmac update the checksum.
other commands don't.
this patch unified the logic, handling it
in write_gbe based on command[].chksum_write
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
only pledge/unveil where available, on versions
that have it. this patch disables it on older
versions, allowing nvmutil to compile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
