Начало Каталог Помощ
Вход
canoeboot
/
cbwww
Наблюдаван 2
Харесван 0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
ИН на ревизия: f65ea1ebe4
Клонове Маркери
cbwww
/
site
/
docs
/
install
/
devmem.md

devmem.md 3.3 KB
История Директен файл

title: Disabling /dev/mem protections x-toc-enable: true ...

This section applies to any program that makes use of lower memory below 1MB. This applies to flashprog and dell-flash-unlock plus any other tool that uses lower memory and/or port I/O

Port I/O is up to you, BUT it is recommended that you re-disable lower memory access once you no longer need it, as this is a useful security layer against any wrongful operations that you may later inadvertently run as root.

Also disable SecureBoot

If you're using a UEFI setup, it's probably because you're using a latter Intel platform and want to flash Canoeboot internally, from the factory firmware to Canoeboot.

If the factory firmware implements UEFI, and this is how you boot when using the factory firmware, please ensure that SecureBoot is disabled, because it will interfere with lower memory accesses if left enabled.

FLASH ERRORS (and workarounds)

NOTE: Canoeboot standardises on flashprog now, which is a fork of flashrom.

This section relates to installing Canoeboot on supported targets.

Right out of the gate, some users may experience errors with flashprog when using the internal programmer. They are:

/dev/mem access error

NOTE: if running flashprog -p internal for software based flashing, and you get an error related to /dev/mem access, you should reboot with iomem=relaxed kernel parameter before running flashprog, or use a kernel that has CONFIG_STRICT_DEVMEM not enabled.

On NetBSD and OpenBSD systems, the equivalent to iomem=relaxed in this case is kernel.securelevel=-1; see NetBSD securelevel manual and OpenBSD securelevel manual.

ERROR: Could not get I/O privileges

Error message: ERROR: Could not get I/O privileges (Function not implemented)

If you get this while running flashprog -p internal -w filename.rom (or any internal flash operation), note: flashprog heavily uses ioperm/iopl functions to operate the internal flasher, at least on x86 machines.

See: https://lwn.net/Articles/804143/

Yeah, just enable CONFIG_X86_IOPL_IOPERM in your Linux kernel. This is a build-time option, so you must re-compile your kernel, or find a build that has this option enabled (IOPL emulation). Many default kernel configurations now disable this option.

Here's a handy-dandy guide for building a kernel from source: https://www.cyberciti.biz/tips/compiling-linux-kernel-26.html

BSD users: On OpenBSD and NetBSD if you get similar errors, note that it should work here, but you need to boot with kern.securelevel=-1. See: NetBSD securelevel manual and OpenBSD securelevel manpage.

Otherwise, if you get such errors, it may just be that you're not root. You must run flashprog as root, at least to use the internal flasher (using external USB flashing dongles doesn't normally require root).

NOTE: BSD kernels seem to still enable IOPL by default. However, many modern Linux setups disable it by default these days, so it may be in teh future that most users will start needing to compile their own kernels. (go BSD!)