kn [Sat, 4 Mar 2023 09:03:34 +0000 (09:03 +0000)]
properly initialise LIST head
This worked because the global head variable is zero-initialised,
but one must not rely on that.
OK mvs claudio
tb [Sat, 4 Mar 2023 06:25:42 +0000 (06:25 +0000)]
openssl/req: garbage collect a pointless EVP_MD_CTX_init()
Before do_sign_init(), the ctx is always allocated by EVP_MD_CTX_new()
aka calloc(). There is no point in doing EVP_MD_CTX_init(), aka bzero().
ok jsing
dtucker [Sat, 4 Mar 2023 03:22:59 +0000 (03:22 +0000)]
Use time_t instead of u_int for remaining x11 timeout checks for 64bit
time_t safety. From Coverity CIDs 405197 and 405028, ok djm@
dlg [Sat, 4 Mar 2023 01:23:40 +0000 (01:23 +0000)]
handle polling when cold in tipmic_thermal_opreg_handler().
this allows me to boot if acpitz is using tipmic instead of getting
stuck. tipmic would spin on tsleep, which returns immediately with
0 when cold, waiting for a value to be set by the tipmic interrupt
handler. cos the box is cold the interrupt is masked, so the tsleep
loop never ended.
patrick@ helped me find this
ok kettenis@
cheloha [Sat, 4 Mar 2023 00:00:25 +0000 (00:00 +0000)]
tee(1): explicitly check read(2) return value for 0 and -1
cheloha [Fri, 3 Mar 2023 20:16:44 +0000 (20:16 +0000)]
initclocks: don't reinitialize ticks, jiffies at runtime
Various drivers use ticks/jiffies before initclocks(). It isn't
generally safe to reinitialize them at runtime. Hoist the conditional
definition of HZ from param.c into sys/kernel.h so we can see it from
kern_clock.c and statically initialize ticks/jiffies to the desired
offset.
With this change, timeouts scheduled before initclocks() do not all
fire immediately during the first softclock().
With input from kettenis@.
Link: https://marc.info/?l=openbsd-tech&m=167753870803378&w=2
bluhm [Fri, 3 Mar 2023 16:22:57 +0000 (16:22 +0000)]
Process accounting and lastcomm(1) can detect execve(2) violations
of pinsyscall(2) policy. Report such findings in daily mail like
other security violations. User has to turn on accounting=YES in
rc.conf.local to utilize this feature.
OK deraadt@
job [Fri, 3 Mar 2023 16:19:05 +0000 (16:19 +0000)]
In filemode, print the certification path towards the Trust Anchor
with and OK tb@
claudio [Fri, 3 Mar 2023 13:03:29 +0000 (13:03 +0000)]
Use EXTRACT_16BITS() in default_print() instead of handrolling it.
OK bluhm@
dtucker [Fri, 3 Mar 2023 10:23:42 +0000 (10:23 +0000)]
Ensure ms_remain is always initialized, similar to what we do in
ssh_packet_write_wait. bz#2687, from jjelen at redhat.com.
dtucker [Fri, 3 Mar 2023 09:48:51 +0000 (09:48 +0000)]
Check for non-NULL before string comparison. From jjelen at redhat.com
via bz#2687.
jsg [Fri, 3 Mar 2023 08:08:15 +0000 (08:08 +0000)]
namservers -> nameservers
djm [Fri, 3 Mar 2023 05:00:34 +0000 (05:00 +0000)]
guard against getsockname(-1, ...) from Coverity CID 291832
djm [Fri, 3 Mar 2023 04:36:20 +0000 (04:36 +0000)]
some options are not first-match-wins. Mention that there are
exceptions at the start of the manpage and label some of them in
the option description.
djm [Fri, 3 Mar 2023 04:34:49 +0000 (04:34 +0000)]
actually print "channeltimeout none" in config dump mode;
spotted via Coverity CID 405022
dtucker [Fri, 3 Mar 2023 03:12:24 +0000 (03:12 +0000)]
Check return values of dup2. Spotted by Coverity, ok djm@
dtucker [Fri, 3 Mar 2023 02:37:58 +0000 (02:37 +0000)]
Use time_t for x11_refuse_time timeout. We need SSH_TIME_T_MAX for
this, so move from misc.c to misc.h so it's available. Fixes a Coverity
warning for 64bit time_t safety, ok djm@
dtucker [Fri, 3 Mar 2023 02:34:29 +0000 (02:34 +0000)]
Check return value from fctnl and warn on failure. Spotted by Coverity,
ok djm@
tb [Thu, 2 Mar 2023 21:17:35 +0000 (21:17 +0000)]
Simplify the ct Makefile slightly
tb [Thu, 2 Mar 2023 21:15:14 +0000 (21:15 +0000)]
Clean up the x509 regress make file a little
tb [Thu, 2 Mar 2023 21:08:14 +0000 (21:08 +0000)]
Remove a few more unnecessary line continuations
tb [Thu, 2 Mar 2023 21:07:21 +0000 (21:07 +0000)]
Nitpick error checks of BN_get_mem_data()
BN_get_mem_data() returns a non-positive long on error, so assigning
it to a size_t and displaying that in error messages is incorrect.
tb [Thu, 2 Mar 2023 20:45:11 +0000 (20:45 +0000)]
Some more Makefile cosmetics
The verbose evp test actually depends on the evptest binary. Use consistent
spacing and indentation.
tb [Thu, 2 Mar 2023 20:27:54 +0000 (20:27 +0000)]
The evp_ecx_test no longer needs static linking
tb [Thu, 2 Mar 2023 20:24:51 +0000 (20:24 +0000)]
Hide the hexdumps behind a verbose flags. Should have been part of
the previous commit.
tb [Thu, 2 Mar 2023 20:22:46 +0000 (20:22 +0000)]
Simplify evp test Makefile.
Make evptest silent by default: these pages of hexdumps are useless noise.
Add a verbose target for debugging.
tb [Thu, 2 Mar 2023 20:18:40 +0000 (20:18 +0000)]
evp_pkey_check: make this test silent on success
tb [Thu, 2 Mar 2023 20:04:42 +0000 (20:04 +0000)]
Remove a few unnecessary line continuations
jmc [Thu, 2 Mar 2023 17:11:33 +0000 (17:11 +0000)]
restructure the page into one single list for all routing commands;
while there, whack anything either out of date or not useful
joint work with claudio
jmc [Thu, 2 Mar 2023 17:09:52 +0000 (17:09 +0000)]
improve the Nd lines such that the format is consistent for the
various *d, *conf, *ctl files (where relevant) and simple;
also makes "man -k routing" more useful;
help from claudio and florian
ok claudio florian millert
deraadt [Thu, 2 Mar 2023 17:08:02 +0000 (17:08 +0000)]
sync
millert [Thu, 2 Mar 2023 16:58:43 +0000 (16:58 +0000)]
No need to protect exports from SIGHUP, the handler just sets a flag.
The signal handlers in mountd.c were made safe in rev 1.34 from 2001.
OK bluhm@ kn@
millert [Thu, 2 Mar 2023 16:21:51 +0000 (16:21 +0000)]
When parsing %s, the result should be in the local time zone.
Based on a patch from enh@google. OK tb@
millert [Thu, 2 Mar 2023 16:13:57 +0000 (16:13 +0000)]
rad_recv: verify length field in received auth_hdr_t before using it.
Reported by Peter J. Philipp. OK deraadt@
jsg [Thu, 2 Mar 2023 11:56:25 +0000 (11:56 +0000)]
add arch to Dt
jsg [Thu, 2 Mar 2023 11:49:45 +0000 (11:49 +0000)]
mention eephy(4)
ok jmatthew@
dtucker [Thu, 2 Mar 2023 11:10:27 +0000 (11:10 +0000)]
Remove SUDO in proxy command wrapper. Anything that needs sudo is
already run by it, and it breaks if root isn't in sudoers.
jmatthew [Thu, 2 Mar 2023 10:07:18 +0000 (10:07 +0000)]
mvodog(4) and mvortc(4)
jmatthew [Thu, 2 Mar 2023 09:59:29 +0000 (09:59 +0000)]
Enable mvodog(4) and mvortc(4)
jmatthew [Thu, 2 Mar 2023 09:57:43 +0000 (09:57 +0000)]
Add mvortc(4), a driver for the RTC on the ARMADA 38x series.
ok kettenis@ patrick@
jmatthew [Thu, 2 Mar 2023 09:56:52 +0000 (09:56 +0000)]
Add mvodog(4), a driver for the watchdog on the ARMADA 38x series.
ok kettenis@ patrick@
jmatthew [Thu, 2 Mar 2023 09:39:45 +0000 (09:39 +0000)]
Add eephy(4), found on the Turris Omnia's WAN port
dtucker [Thu, 2 Mar 2023 08:24:41 +0000 (08:24 +0000)]
Fix breakage on dhgex test.
This was due to the sshd logs being written to the wrong log file.
While there, make save_debug_logs less verbose, write the name of the
tarball to regress.log and use $SUDO to remove the old symlinks (which
shouldn't be needed, but won't hurt). Initial problem spotted by anton@.
dtucker [Thu, 2 Mar 2023 08:14:52 +0000 (08:14 +0000)]
Quote grep and log message better.
dtucker [Thu, 2 Mar 2023 06:41:56 +0000 (06:41 +0000)]
Ensure we always call fclose when writing checkpoints. In the case of
an fprintf failure we would not call fclose which would leak the FILE
pointer. While we're there, try to clean up the temp file on failure.
Spotted by Coverity, ok djm@
millert [Wed, 1 Mar 2023 23:27:46 +0000 (23:27 +0000)]
Fix potentially uninitialized use of variable fsb on error.
OK mbuhl@
sthen [Wed, 1 Mar 2023 22:45:25 +0000 (22:45 +0000)]
/etc/examples/iked.conf tweaks:
- show a demo of a strong random string for psk, for some types of
configuration psk makes sense. the previous example hinted at.not
using it.
- change the EAP MSCHAPv2 example so that more than one client can
connect (previous used address config but with only a single address not
a pool), and use the newer keywords to show how to route all traffic
from dynamic-ip clients over the tunnel
ok tobhe@
dtucker [Wed, 1 Mar 2023 21:54:50 +0000 (21:54 +0000)]
Remove old log symlinks before creating new ones. In -portable some
platforms don't like overwriting existing symlinks.
ajacoutot [Wed, 1 Mar 2023 17:27:45 +0000 (17:27 +0000)]
Bogus full stop.
tb [Wed, 1 Mar 2023 12:34:12 +0000 (12:34 +0000)]
Comment out glob for JSON webcrypto tests for now
Allows test to pass with the old version of the wycheproof-testvectors
package.
tb [Wed, 1 Mar 2023 11:28:30 +0000 (11:28 +0000)]
Link evp/cipher_method_lib.c to the build
ok jsing
tb [Wed, 1 Mar 2023 11:27:37 +0000 (11:27 +0000)]
Convert EVP_CIPHER_meth_dup() to using calloc()
There is no reason for this to call EVP_CIPHER_meth_new(), as the flags
will be copied a line later anyway. Simplify this.
Requested by jsing
tb [Wed, 1 Mar 2023 11:25:25 +0000 (11:25 +0000)]
Make cipher_method_lib.c compile with LibreSSL
OPENSSL_zalloc() -> calloc(), OPENSSL_free() -> free() and a few assorted
cosmetic tweaks to match our style better.
ok jsing
tb [Wed, 1 Mar 2023 11:17:22 +0000 (11:17 +0000)]
Add EVP_CIPHER_meth_* prototypes to evp.h
As usual, this will be guarded by LIBRESSL_INTERNAL || LIBRESSL_NEXT_API
until the next bump.
ok jsing
tb [Wed, 1 Mar 2023 11:16:06 +0000 (11:16 +0000)]
Make the cleanup() method return an int again
This partially reverts jsing's OpenBSD commit
b8185953, but without adding
back the error check that potentialy results in dumb leaks. No cleanup()
method in the wild returns anything but 1. Since that's the signature in
the EVP_CIPHER_meth_* API, we have no choice...
ok jsing
tb [Wed, 1 Mar 2023 11:08:37 +0000 (11:08 +0000)]
Fix line wrapping of function pointer arguments
ok jsing
tb [Wed, 1 Mar 2023 11:07:25 +0000 (11:07 +0000)]
First KNF approximation as per knfmt(1)
ok jsing
tb [Wed, 1 Mar 2023 11:06:23 +0000 (11:06 +0000)]
Drop the EVP_CIPHER_METH_get_* functions
Nothing interesting uses them. There's a Debian SSH-1 module and
corresponding ncrack bits. That's not reason enough to have this
garbage.
ok jsing
tb [Wed, 1 Mar 2023 11:04:17 +0000 (11:04 +0000)]
Add RCS tag
tb [Wed, 1 Mar 2023 11:02:25 +0000 (11:02 +0000)]
Revert OpenSSL commit
aa6bb135
This reinstates the original license on this file. Don't bother bumping
the copyright year. Nothing interesting has happened in here since the
initial commit.
(There was one interesting commit though: "Don't care openssl_zmalloc()",
which is interesting due to the lack of care, not because it's copyright
worthy)
ok jsing
tb [Wed, 1 Mar 2023 10:57:08 +0000 (10:57 +0000)]
libcrypto: import a copy of OpenSSL 1.1's cmeth_lib.c
This is the file as of OpenSSL 1.1.1 commit
82dfb986. Call the file
cipher_method_lib.c since the short names in this directory are hard
enough to read. This is a first step towards providing the poorly
named EVP_CIPHER_meth_* API which is needed by some projects because
of EVP_CIPHER opacity.
ok jsing
dtucker [Wed, 1 Mar 2023 09:29:32 +0000 (09:29 +0000)]
Rework logging for the regression tests. Previously we would log to
ssh.log and sshd.log, but that is insufficient for tests that have more
than one concurent ssh/sshd.
Instead, we'll log to separate datestamped files in a $OBJ/log/ and
leave a symlink at the previous location pointing at the most recent
instance with an entry in regress.log showing which files were created
at each point. This should be sufficient to reconstruct what happened
even for tests that use multiple instances of each program. If the test
fails, tar up all of the logs for later analysis.
This will let us also capture the output from some of the other tools
which was previously sent to /dev/null although most of those will be
in future commits.
claudio [Wed, 1 Mar 2023 08:17:53 +0000 (08:17 +0000)]
Change fatal() to fatalx() since the errno has no meaning here.
OK tb@
claudio [Wed, 1 Mar 2023 08:15:58 +0000 (08:15 +0000)]
KNF, no functional change.
dtucker [Tue, 28 Feb 2023 21:31:50 +0000 (21:31 +0000)]
fatal out if allocating banner string fails to avoid potential null
deref later in sscanf. Spotted by Coverity, ok deraadt@
sthen [Tue, 28 Feb 2023 16:58:36 +0000 (16:58 +0000)]
+sync
sthen [Tue, 28 Feb 2023 16:12:13 +0000 (16:12 +0000)]
add 7.4 fw key
jsing [Tue, 28 Feb 2023 12:29:57 +0000 (12:29 +0000)]
Rewrite/simplify BN_from_montgomery_word() and BN_from_montgomery().
Rename BN_from_montgomery_word() to bn_montgomery_reduce() and rewrite it
to be simpler and clearer, moving further towards constant time in the
process. Clean up BN_from_montgomery() in the process.
ok tb@
tb [Tue, 28 Feb 2023 10:46:27 +0000 (10:46 +0000)]
Explicitly skip the json_web* tests now.
tb [Tue, 28 Feb 2023 10:45:46 +0000 (10:45 +0000)]
Add a few missing NIDs for new Wycheproof tests.
tb [Tue, 28 Feb 2023 10:43:21 +0000 (10:43 +0000)]
Skip FRP256v1 curve in ECDH tests. We do not support it.
claudio [Tue, 28 Feb 2023 10:04:50 +0000 (10:04 +0000)]
Adjust default_print() to not run over snapend.
Kill default_print_unaligned() and adjust default_print() to also work
with unaligned buffers. There is no need for two functions doing the
same thing.
Pass the right length in nsh_print to default_print(). Fixes on place
that makes tcpdump crash.
Reported by Peter J. Philipp (pjp at delphinusdns dot org)
OK mbuhl@
dtucker [Tue, 28 Feb 2023 08:45:24 +0000 (08:45 +0000)]
Explicitly ignore return from fchmod similar to other calls to
prevent warning.
dtucker [Mon, 27 Feb 2023 22:12:40 +0000 (22:12 +0000)]
Plug mem leak on globbed ls error path. Spotted by Coverity, ok deraadt@
deraadt [Mon, 27 Feb 2023 15:00:17 +0000 (15:00 +0000)]
use the correct size of the execve syscall stub
deraadt [Mon, 27 Feb 2023 14:59:33 +0000 (14:59 +0000)]
Calculate the size of the static (and profiled static) execve syscall stub
and store it in a const variable for use by crt0.
help from kettenis and miod
jmc [Mon, 27 Feb 2023 14:53:38 +0000 (14:53 +0000)]
sort VEB and add "rules"; ok stsp
stsp [Mon, 27 Feb 2023 13:30:59 +0000 (13:30 +0000)]
Add missing documentation of veb(4) ioctls to the ifconfig(8) VEB section.
These ifconfig commands are supported by veb(4) but were undocumented:
deladdr flushrule maxaddr rule rulefile static timeout up
As was done before, copy relevant prose from the BRIDGE section.
ok jmc@
jmatthew [Mon, 27 Feb 2023 09:59:46 +0000 (09:59 +0000)]
Pass MII flags depending on the phy mode specified in the device tree.
With this, the WAN port on the Turris Omnia works.
tested on Turris MOX by kettenis@
ok patrick@
jan [Mon, 27 Feb 2023 09:35:32 +0000 (09:35 +0000)]
Turn off TSO if interface is added to layer 2 devices.
ok bluhm@, claudio@
otto [Mon, 27 Feb 2023 06:47:54 +0000 (06:47 +0000)]
There is no reason to-be-cleared chunks cannot participate in delayed
freeing; ok tb@
jsg [Mon, 27 Feb 2023 02:04:12 +0000 (02:04 +0000)]
drm/i915: Remove __maybe_unused from mtl_info
From Lucas De Marchi
44610f4c3093bbce3061b77d37bdf1bed8e379da in linux-6.1.y/6.1.14
fff758698842fb6722be37498d8773e0fb47f000 in mainline linux
jsg [Mon, 27 Feb 2023 02:01:38 +0000 (02:01 +0000)]
drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
From Ankit Nautiyal
0deb50618944aed143269214daea0ba2ddf2222d in linux-6.1.y/6.1.14
18feaf6d0784dcba888859109676adf1e0260dfd in mainline linux
deraadt [Mon, 27 Feb 2023 00:58:38 +0000 (00:58 +0000)]
sync
afresh1 [Mon, 27 Feb 2023 00:18:00 +0000 (00:18 +0000)]
Include varags types in sys/syscalls.h comment
Separated with the existing "..." requested by deraadt@
OK gnezdo@
cheloha [Sun, 26 Feb 2023 23:00:42 +0000 (23:00 +0000)]
clockintr: add a kernel-facing API
We need an API for creating, scheduling, and rescheduling clock
interrupts.
- Add struct clockintr, a schedulable clock interrupt callback.
- Add clockintr_establish(). Allocates a new struct clockintr and
binds it to the given clockintr_queue.
- Add clockintr_expiration(). Returns the clockintr's absolute
expiration uptime.
- Add clockintr_nsecuptime(). Returns the clockintr's parent queue's
cached uptime. Using a cached timestamp is cheaper than calling
nsecuptime(9) repeatedly when we don't absolutely need to.
- Add clockintr_schedule(). Schedules the clock interrupt to run at
or after the given absolute uptime.
- Add clockintr_advance(). Reschedules the clock interrupt in the
future on the given period relative to the parent queue's cached
uptime.
With the above pieces in place we can push most of the scheduling
code for hardclock()/statclock()/schedclock() from clockintr_dispatch()
into the wrapper functions clockintr_hardclock(), clockintr_statclock(),
and clockintr_schedclock(). These wrappers are temporary. I don't
want to muck up the wrapped functions while things are still moving
around.
For the moment these interfaces are internal to kern_clockintr.c. In
a later patch we will move the prototypes into <sys/clockintr.h> so
anyone can use them. We first need to add a data structure for
sorting the clockintr structs. We also need to add a mutex to
clockintr_queue to allow arbitrary threads to safely manipulate clock
interrupts established on other CPUs.
Shown on hackers@. Tweaked by mlarkin@.
ok mlarkin@, "no objections" kettenis@
miod [Sun, 26 Feb 2023 15:09:53 +0000 (15:09 +0000)]
Add a few missing bounds checks when processing terminal escape sequences.
Without them, the kernel could be made to crash or reboot after receiving some
specially crafted terminal escape sequences.
Reported by David Leadbeater (dgl, dgl dot cx)
kettenis [Sun, 26 Feb 2023 13:28:12 +0000 (13:28 +0000)]
Defragment mbufs in the tx path to work around a (not fully understood)
issue on the StarFive JH7100 SoC where packets spanning multiple mbufs
are corrupted. Makes ethernet work reliably on the StarFive VisionFive 1
board.
ok patrick@
kettenis [Sun, 26 Feb 2023 12:39:48 +0000 (12:39 +0000)]
RK3588 support.
ok patrick@
kettenis [Sun, 26 Feb 2023 12:39:07 +0000 (12:39 +0000)]
RK3588 support.
ok patrick@
kettenis [Sun, 26 Feb 2023 12:37:58 +0000 (12:37 +0000)]
Modern Rockchip SoCs, such as the RK356x and RK3588, use a different
register layout where the upper 16 bits decide which of the lower 16 bits
apply when writing to a register. Handle this new variant.
ok patrick@
bcook [Sat, 25 Feb 2023 15:39:40 +0000 (15:39 +0000)]
Use separate lines instead of semicolons.
macOS aarch64 assembly dialect treats ; as comment instead of a newline
ok tb@, jsing@
mvs [Sat, 25 Feb 2023 09:56:17 +0000 (09:56 +0000)]
regen
mvs [Sat, 25 Feb 2023 09:55:46 +0000 (09:55 +0000)]
Unlock select(2), pselect(2), poll(2) and ppoll(2).
The assertion within tsleep(9) was relaxed to allow calls on special
`nowake' channel without kernel lock held. So the sisguspend(2) like
cases "select(0, NULL, NULL, NULL, NULL)" and "poll(NULL, 0, INFTIM)"
should not trigger it. Commit reverted diff back.
ok claudio@
aoyama [Fri, 24 Feb 2023 23:36:10 +0000 (23:36 +0000)]
Change to use the default bsd.prog.mk "install" target.
This also brings to install boot.8 man page correctly.
ok miod@
deraadt [Fri, 24 Feb 2023 16:30:19 +0000 (16:30 +0000)]
Try to warn about syscall() possibly being deleted from libc in the
future. The ports team is already running around with axes and mops,
but don't worry such an action won't happen quickly.
with tb
deraadt [Fri, 24 Feb 2023 16:28:26 +0000 (16:28 +0000)]
switch mips64 ld.lld to execute-only, in case someone uses it
(the mips64 default is still ld.bfd)
deraadt [Fri, 24 Feb 2023 16:27:17 +0000 (16:27 +0000)]
disable jump tables by default on sparc64, in prep for xonly by default
ok miod
mpi [Fri, 24 Feb 2023 15:17:48 +0000 (15:17 +0000)]
Do not held the vm_map lock while flushing pages in msync(2) and madvise(2).
Mark the VM map as busy instead to prevent any sibling thread to request an
exclusive version of the vm_map. This is necessary to let any PG_BUSY page,
found in the UVM vnode object, to be released by a sibling in the middle of
a page-fault.
Note: the page-fault handler releases & re-grab a shared version of the
vm_map lock and expect it to be available to make progress.
Prevent a 3-Threads deadlock between msync(2), page-fault and mmap(2). The
deadlock reported on bugs@ by many occured as follow:
..ThreadA faults & grabs the shared `vmmaplk' then release it before calling
..uvn_get() which might sleep to allocate pages and mark them as PG_BUSY.
..Once the lock is released, threadB calls uvn_flush(). It sees at least a
..PG_BUSY page and sleeps on the `vmmaplk' waiting for threadA to un-busy
..the page.
..At the same time threadC asked for an exclusive version of the lock and
..sleeps until all reader are done with it. This prevents threadA to
..acquire a shared-version of the lock and finish the page fault.
This issue is similar to NetBSD's PR #56952 and the fix is from Chuck Silvers.
Tested by many on bugs@, thanks!
ok kettenis@
miod [Thu, 23 Feb 2023 19:48:21 +0000 (19:48 +0000)]
Remove dangerous user-settable "addr" variable from MI boot loader, and
only compile tty-related code (stty command, tty variable) on platforms
where it makes sense for the boot loader to control it, rather than the
PROM/firmware/whatever.