Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode
Package: flashrom
Version: 1.2-5
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
It seems this is because I use my system with Secure Boot, so Lockdown
mode is enabled by default, but in principle I think it could be enabled by
anyone (maybe it's used by SELinux users as well)
# flashrom -p internal -r woo
flashrom v1.2 on Linux 5.5.0-2-amd64 (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
ERROR: Could not get I/O privileges (Operation not permitted).
You need to be root.
Error: Programmer initialization failed.
# dmesg | tail -3
[38836.060931] Lockdown: flashrom: raw io port access is restricted; see https://wiki.debian.org/SecureBoot
[38851.136762] Lockdown: flashrom: raw io port access is restricted; see https://wiki.debian.org/SecureBoot
[38865.113982] Lockdown: flashrom: raw io port access is restricted; see https://wiki.debian.org/SecureBoot
flashrom should say the actual semantic of the problem, that it couldn't
access a device, instead of its best guess.
- -- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing'), (2, 'unstable'), (1, 'testing-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages flashrom depends on:
ii libc6 2.30-4
ii libftdi1-2 1.4-2+b2
ii libpci3 1:3.6.4-1
ii libusb-1.0-0 2:1.0.23-2
flashrom recommends no packages.
flashrom suggests no packages.
- -- debconf-show failed
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQT287WtmxUhmhucNnhyvHFIwKstpwUCXq45lgAKCRByvHFIwKst
pxjXAQDidnYRdO0NEDDkPxcmxgT/+zsHnCovWtWTjGsbUS67XQEA9xFDpObphlMa
pb8aTi0E6hnwOqvk7p9qJDV9tf1IWg0=
=1538
-----END PGP SIGNATURE-----
Reply to: