Must not exceed 79 lines. Some variables and functions have
been renamed, and there has been some minor re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I don't like using SPDX for actual copyright declarations.
I only want it to be used for the license identifier.
Also:
I made a *single* change to nvmutil.c in 2024, which means
that I have copyright in all years since and including 2022;
the file said 2022, 2023, 2025, but it's actually 2022-2025.
Signed-off-by: Leah Rowe <leah@libreboot.org>
under the current logic, errno would be ECANCELED
if neither checksum is valid, or I/O related if
pwrite fails; alternatively, the for loop exits
and the file has been written, where it is quite
correctly reset already.
ergo, the errno reset at the start of
writeGbeFile is superfluous. remove this bloat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, a bad checksum would have caused a non-zero
exit, even if the other checksum was correct (observed
when using the swap command)
Signed-off-by: Leah Rowe <leah@libreboot.org>
at this stage in the code, the file name will be NULL
value, so it would be improper to use it in a string.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the previous code size optimisations removed mention
of the file name, on file-related err() calls.
almost every error the user runs across will be file
related, so put the path on err() called from err_if()
Signed-off-by: Leah Rowe <leah@libreboot.org>
there is no need to have these as defines, when err_if
exists; get rid of xunveil and xpledge. use the bare
pledge and unveil functions directly, with err_if().
268 sloccount now on nvmutil.c, versus 289 sloccount
before this change, with no loss of functionality.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't really make sense to have nvmutil.h
since this is only a very small program and not
intended for use as a library
Signed-off-by: Leah Rowe <leah@libreboot.org>
The mentality behind pledge and unveil is that you should
think ahead, so that large parts of code can run under
extremely tight restrictions.
The pledge calls have been adjusted accordingly, also.
Disallow all unveil calls after the gbe file and the
file /dev/urandom have been unveiled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This replaces a check in the function for O_RDONLY, and
fixes the bug where the "dump" command triggers such error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
*Open* files at the start, then unveil. The same overall
behaviour is observed. In the case that invalid arguments
are given, simply opening a file does not cause much
performance impact (if any).
Restrict operations as early as possible in code.
Bonus:
writeGbeFile also hardened; if flags is O_RDONLY, it aborts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i screwed up in an earlier commit
this change fixes a bug where on rhex(), each
call would re-open /dev/urandom, resetting rfd
Signed-off-by: Leah Rowe <leah@libreboot.org>
in practise, the file was never written unless the checksum
was valid, but in the same of sloccount reduction i made it
do the swap/copy before checking. while functionally ok, it
never sat right with me. this is one example of where sloc
count doesn't mean everything. code correctness is critical
Signed-off-by: Leah Rowe <leah@libreboot.org>
the style was already quite similar, but extended lines in
bsd are indented by 4 spaces instead of a tab. this style
has grown on me, so i'm adopting it here
Signed-off-by: Leah Rowe <leah@libreboot.org>
They don't precisely *pertain* to nvmutil, but they are
useful helper functions for calling pledge/unveil in
OpenBSD. Ideally, the main file should only contain core
logic pertaining to the execution of *nvmutil*.
Put xpledge() and xunveil() in nvmutil.h.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Leah Rowe