Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode
From: John Scott <jscott@posteo.net>
Date: Sat, 02 May 2020 23:25:18 -0400
Message-id: <[🔎] 158847631869.43114.11117877011574111432.reportbug@T450>
Reply-to: John Scott <jscott@posteo.net>, 959500@bugs.debian.org

Package: flashrom
Version: 1.2-5
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

It seems this is because I use my system with Secure Boot, so Lockdown
mode is enabled by default, but in principle I think it could be enabled by
anyone (maybe it's used by SELinux users as well)

# flashrom -p internal -r woo
flashrom v1.2 on Linux 5.5.0-2-amd64 (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
ERROR: Could not get I/O privileges (Operation not permitted).
You need to be root.
Error: Programmer initialization failed.

# dmesg | tail -3
[38836.060931] Lockdown: flashrom: raw io port access is restricted; see https://wiki.debian.org/SecureBoot
[38851.136762] Lockdown: flashrom: raw io port access is restricted; see https://wiki.debian.org/SecureBoot
[38865.113982] Lockdown: flashrom: raw io port access is restricted; see https://wiki.debian.org/SecureBoot

flashrom should say the actual semantic of the problem, that it couldn't
access a device, instead of its best guess.

- -- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'testing-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.5.0-2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages flashrom depends on:
ii  libc6         2.30-4
ii  libftdi1-2    1.4-2+b2
ii  libpci3       1:3.6.4-1
ii  libusb-1.0-0  2:1.0.23-2

flashrom recommends no packages.

flashrom suggests no packages.

- -- debconf-show failed

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQT287WtmxUhmhucNnhyvHFIwKstpwUCXq45lgAKCRByvHFIwKst
pxjXAQDidnYRdO0NEDDkPxcmxgT/+zsHnCovWtWTjGsbUS67XQEA9xFDpObphlMa
pb8aTi0E6hnwOqvk7p9qJDV9tf1IWg0=
=1538
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode
  - From: Gürkan Myczko <gurkan@phys.ethz.ch>
- Processed: Re: misleading 'You need to be root' when Linux is in Lockdown mode
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode
  - From: John Scott <jscott@posteo.net>

Prev by Date: Bug#959499: Enable riscv64 build
Next by Date: Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode
Previous by thread: Bug#959499: Enable riscv64 build
Next by thread: Bug#959500: misleading 'You need to be root' when Linux is in Lockdown mode
Index(es):
- Date
- Thread