| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.
this code is written for c90 spec so lacks uintptr
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
technically we're never supposed to do arithmetic on
pointers (there's uintptr for that)
very anal fix
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not available on older systems. can just pass
the relevant flag in the compiler:
HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i already also guard other toctuo attacks :)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
if someone deletes gbe.bin while operating, nvmutil
will now abort
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
too over engineered and cumbersome.
the new security in prw() makes it brittle,
and i'd rather not move checks outside of it.
the fallback rand is random enough.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
slow, per call. prw should be generic.
do it just for gbe files, once
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
build flag
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the last lseek there is only there to reset
state, so its errors are irrelevant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
write all at once, then sync all at once,
then verify all at once.
this increases the chancce that all data
gets written first, in the case of power
less, because fsync may take a while on
some systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the post-verification stage deserves a function
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we already covered this in prw() which is
what ultimately gets called, but still.
it's logically correct not to check it here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
read it back and check. sync to disk first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it should be is equal, not not equal
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
makes more sense in code
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
compliant posix systems should never meet this
check, but i put it here.
spec != implementation
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do it at the very end
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the cat function can be greatly simplified
handle it conditionally, because not all
functions should use it
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
move the gbe-specific parts out of it
what remains is a relatively generic
function; a very conservative implementation,
wrapping around libc functions but with
a few additional safety checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
