[flashrom] flashrom, hardened gentoo (grsecurity) and iopl()

Michael Karcher flashrom at mkarcher.dialup.fu-berlin.de
Sun May 8 12:04:06 CEST 2011

Am Sonntag, den 08.05.2011, 12:05 +0400 schrieb Антон Кочков:
> And found this theme http://forums.grsecurity.net/viewtopic.php?t=1654
> So, for access ioperm() and iopl() you need disable "Disable
> Privileged I/O (CONFIG_GRKERSEC_IO)" option in kernel config.
> Can we print this message when found such configuration?
> Are there way to make port access without iopl()?

The only way to make some I/O port access without iopl() is with
ioperm(), and the limites ioperm sets (no ports above 0x3ff) are making
it nearly useless for flashrom. And as even ioperm is forbidden, there
are no ways remaining. And that's intentional. With iopl() you are able
not only to flash a BIOS rootkit, but also for example to write random
data to random sectors of parallel ATA hard drives. The latter also
works with ioperm in typical PC configurations.

  Michael Karcher

More information about the flashrom mailing list