i plan to release this as a standalone utility at
some point, once it's perfect (on its current
feature set)
Signed-off-by: Leah Rowe <leah@libreboot.org>
i will write a *manpage* at some point. for now, the
documentation on libreboot.org shall suffice.
i'm nearly ready to submit this code to coreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
explicitly declare the directory path for the given
file (nvmutil), otherwise it's implementation-defined;
on some systems, /bin/nvmutil means a directory named
nvmutil could then contain nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I also needed: #define _POSIX_C_SOURCE 200809L
I use -pedantic with -Wall -Wextra -Werror, which
forces very strict error handling and ISO C; this
means pread and pwrite aren't available.
The define fixes this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
only allow the long form: setmac [MAC]
specifying gbe.bin just shows the help/usage now.
this is a safety feature, so that someone doesn't
accidentally write the gbe file. we want it to be
that the user specifically requested setmac.
setmac with mac address as the 3rd argument is
also disabled. this is done as part of a general
simplification and safety improvement to nvmutil.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is an extremely dangerous feature, and serves
no purpose to the user.
this change is part of a series of extreme safety
improvements, part of a larger nvmutil audit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This feature is extremely dangerous, and we should
discourage against its use.
This is part of a series of changes that I've made
to make the code safer. You should only ever run
this on a valid GbE file, and nothing else.
Signed-off-by: Leah Rowe <leah@libreboot.org>
linear, top-down order. re-order the prototypes
also some general cleanup:
argc enums now validated. ifdefs for pledge
and arc4random now use a consistent naming
scheme.
feature change:
the "dump" command now fails if both checksums
are invalid, and won't show anything.
my next commit will disable setchecksum when
both checksums are invalid. this and the other
insane auditing i've done over the last few
days has been part of a major effort to make
nvmutil extremely safe, and robust.
Signed-off-by: Leah Rowe <leah@libreboot.org>
setchecksum and setmac update the checksum.
other commands don't.
this patch unified the logic, handling it
in write_gbe based on command[].chksum_write
Signed-off-by: Leah Rowe <leah@libreboot.org>
only pledge/unveil where available, on versions
that have it. this patch disables it on older
versions, allowing nvmutil to compile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i previously had this as a speed optimisation, but
removed it because it wouldn't make any real speed
difference, on most modern file systems / kernels.
however, this also has the dual purpose of ensuring
only what was verified gets written, on operations
that only touch the NVM area, since this relies on
checksum verification.
therefore, i have re-added this feature, but under
the new design of nvmutil. it is done policy-based,
instead of having if/else for specific commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
their functions now only return. not needed anymore.
these commands are still available, but they no longer
need helper functions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the existing verification is retained, an a few commands.
this is an additional security mechanism. redundancy is
best.
Signed-off-by: Leah Rowe <leah@libreboot.org>
