Use kernel with CONFIG_IO_STRICT_DEVMEM=n
SystemRescue currently uses the stock linux-lts kernel package. This has the option CONFIG_IO_STRICT_DEVMEM=y set.
Help text for this option:
If this option is disabled, you allow userspace (root) access to all io-memory regardless of whether a driver is actively > using that range. Accidental access to this is obviously disastrous, but specific access can be used by people debugging kernel drivers.
If this option is switched on, the /dev/mem file only allows userspace access to idle io-memory ranges (see /proc/iomem) > This may break traditional users of /dev/mem (dosemu, legacy X, etc...) if the driver using a given range cannot be disabled.
So enabling this is a reasonable choice for a regular use linux workstation or server.
But unfortunately access to /dev/mem for io memory regions is necessary for some operations that are part of the project objectives of SystemRescue:
Especially the flashrom program is affected, which allows to directly write the BIOS flash IC without the BIOS software interfering. This is not supported by all mainboards, but on the ones it is, this is usually superior to the mechanisms offered by the vendor.
Also reprogramming network cards (setting WoL options, uploading a new PXE flash, changing MAC addresses) or storage controllers is affected. On some systems also access to an internal I2C bus requires IO access.
All this worked before, I have an ancient SystemRescueCD 4.8.0 which I currently use for these tasks. But it is showing it's age and I'd prefer to use a current version for these tasks too.
I have built a custom linux-lts kernel package with CONFIG_IO_STRICT_DEVMEM=n and tested flashrom with it. It works without problems. Once I use the default kernel with CONFIG_IO_STRICT_DEVMEM=y it aborts with a permissions error.
So I think having this in SystemRescue would be nice, especially since most other distros today come with CONFIG_IO_STRICT_DEVMEM=y, making SystemRescue an easy way to solve problems that require CONFIG_IO_STRICT_DEVMEM=n.
It seems like SystemRescue currently doesn't have a mechanism to automatically patch and rebuild Arch packages. So using this option would complicate building SystemRescue. I currently don't have an easy solution for this, but am open to discuss ways to improve the build system.