Repair some pain points (#546)

* Anti-fingerprint fixes and container fix

* fix import pathing

Author: ramseymcgrath

.gitignore

@@ -66,3 +66,5 @@ site/site/
 .github/copilot-instructions.md
 template_variables_report.json
 src/file_management/donor_info.json
+message.txt
+BUILD_LOG_ANALYSIS.md

Containerfile

@@ -63,6 +63,10 @@ RUN pip3 install --no-cache-dir -r requirements.txt -r requirements-tui.txt
 COPY src ./src
 COPY configs ./configs
 COPY pcileech.py .
+COPY pyproject.toml setup.py setup.cfg ./
+
+# Install the package itself so `from pcileechfwgenerator.xxx` imports work
+RUN pip3 install --no-cache-dir -e . || echo "Warning: Editable install failed, trying regular install" && pip3 install --no-cache-dir .
 
 # Copy voltcyclone-fpga from build stage (cloned during build)
 COPY --from=build /src/lib/voltcyclone-fpga ./lib/voltcyclone-fpga

configs/fallbacks.yaml

@@ -22,6 +22,19 @@ critical_variables:
   - device.class_code     # PCI Class Code (e.g., 020000 for network devices)
   - device.subsys_vendor_id  # PCI Subsystem Vendor ID
   - device.subsys_device_id  # PCI Subsystem Device ID
+  
+  # Timing configuration (MUST come from device profiling)
+  # Using fallbacks would create fingerprintable patterns
+  - timing_config.min_latency_cycles
+  - timing_config.max_latency_cycles
+  - timing_config.avg_latency_cycles
+  - timing_config.min_read_latency
+  - timing_config.max_read_latency
+  - timing_config.avg_read_latency
+  
+  # Template context device identifiers
+  - vendor_id_int         # Integer form of vendor ID
+  - device_id_int         # Integer form of device ID
 
 # Safe fallback values for non-critical variables
 # These will be used only if the variable is missing

install-sudo-wrapper.sh

@@ -26,8 +26,8 @@ log_error() {
 check_files() {
     local missing_files=()
 
-    if [ ! -f "pcileech-build-sudo" ]; then
-        missing_files+=("pcileech-build-sudo")
+    if [ ! -f "pcileech-sudo" ]; then
+        missing_files+=("pcileech-sudo")
     fi
 
     if [ ${#missing_files[@]} -ne 0 ]; then
@@ -59,14 +59,18 @@ if ! check_files; then
 fi
 
 # Copy the wrapper script to the installation directory
-log_info "Installing pcileech-build-sudo..."
-cp pcileech-build-sudo "$INSTALL_DIR/"
+log_info "Installing pcileech-sudo..."
+cp pcileech-sudo "$INSTALL_DIR/"
+chmod +x "$INSTALL_DIR/pcileech-sudo"
+
+# Also install as pcileech-build-sudo for backwards compatibility
+ln -sf "$INSTALL_DIR/pcileech-sudo" "$INSTALL_DIR/pcileech-build-sudo" 2>/dev/null || \
+    cp pcileech-sudo "$INSTALL_DIR/pcileech-build-sudo"
 chmod +x "$INSTALL_DIR/pcileech-build-sudo"
 
 log_info "Installed pcileech sudo wrapper to $INSTALL_DIR"
-log_info "You can now run builds with sudo using: pcileech-build-sudo build --bdf <device> --board <board>"
-log_warning "Note: The wrapper now uses the unified pcileech.py entrypoint"
-log_warning "Legacy usage is supported but consider using: sudo python3 pcileech.py build ..."
+log_info "You can now run commands with sudo using: pcileech-sudo <command> [args]"
+log_warning "Note: The wrapper uses the unified pcileech.py entrypoint"
 
 # Add the directory to PATH if it's not already there
 if [[ ":$PATH:" != *":$INSTALL_DIR:"* ]]; then
@@ -106,9 +110,9 @@ fi
 log_info "Installation complete!"
 log_info ""
 log_info "Usage examples:"
-log_info "  pcileech-build-sudo build --bdf 0000:03:00.0 --board pcileech_35t325_x1"
-log_info "  pcileech-build-sudo tui"
-log_info "  pcileech-build-sudo check --device 0000:03:00.0"
+log_info "  pcileech-sudo build --bdf 0000:03:00.0 --board pcileech_35t325_x1"
+log_info "  pcileech-sudo check --device 0000:03:00.0"
+log_info "  pcileech-sudo tui"
 log_info ""
-log_info "Alternative (recommended):"
+log_info "Alternative (from project directory):"
 log_info "  sudo python3 pcileech.py build --bdf 0000:03:00.0 --board pcileech_35t325_x1"

pcileech-sudo

@@ -0,0 +1,57 @@
+#!/bin/bash
+# pcileech-sudo - Run pcileech commands with elevated privileges
+# 
+# This wrapper script handles:
+# 1. Automatic virtual environment detection
+# 2. Running pcileech.py with sudo while preserving the Python environment
+#
+# Usage: pcileech-sudo <command> [args...]
+# Example: pcileech-sudo build --bdf 0000:03:00.0 --board pcileech_35t325_x1
+#          pcileech-sudo check --device 0000:03:00.0
+#          pcileech-sudo tui
+
+set -euo pipefail
+
+# Find the script directory (where pcileech.py is located)
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Check if pcileech.py exists in the script directory
+if [ ! -f "$SCRIPT_DIR/pcileech.py" ]; then
+    # Try to find it relative to installed location
+    if [ -f "/app/pcileech.py" ]; then
+        SCRIPT_DIR="/app"
+    else
+        echo "Error: Could not find pcileech.py in $SCRIPT_DIR or /app"
+        echo "Please run this script from the PCILeechFWGenerator directory"
+        exit 1
+    fi
+fi
+
+# Determine the Python interpreter to use
+PYTHON_CMD=""
+
+# Check for active virtual environment first
+if [ -n "${VIRTUAL_ENV:-}" ]; then
+    PYTHON_CMD="$VIRTUAL_ENV/bin/python3"
+elif [ -f "$SCRIPT_DIR/.venv/bin/python3" ]; then
+    # Check for local .venv
+    PYTHON_CMD="$SCRIPT_DIR/.venv/bin/python3"
+elif [ -f "$HOME/.pcileech-venv/bin/python3" ]; then
+    # Check for user-level venv
+    PYTHON_CMD="$HOME/.pcileech-venv/bin/python3"
+else
+    # Fall back to system Python
+    PYTHON_CMD="python3"
+fi
+
+# Verify the Python interpreter exists
+if [ ! -x "$PYTHON_CMD" ] && ! command -v "$PYTHON_CMD" &> /dev/null; then
+    echo "Error: Python interpreter not found: $PYTHON_CMD"
+    echo "Please ensure Python 3 is installed and accessible"
+    exit 1
+fi
+
+# Execute pcileech.py with sudo, preserving the Python environment
+# Using 'sudo -E' to preserve environment variables
+cd "$SCRIPT_DIR"
+exec sudo -E "$PYTHON_CMD" "$SCRIPT_DIR/pcileech.py" "$@"

pcileech.py

@@ -23,6 +23,24 @@
 sys.path.insert(0, str(project_root))
 sys.path.insert(0, str(project_root / "src"))
 
+# Create pcileechfwgenerator namespace mapping for direct script execution
+# This is needed because pyproject.toml maps pcileechfwgenerator -> src/
+# but that only works when the package is installed via pip
+_src_path = project_root / "src"
+if _src_path.exists() and "pcileechfwgenerator" not in sys.modules:
+    import importlib.util
+    
+    # Check if package is already installed (editable or regular install)
+    _spec = importlib.util.find_spec("pcileechfwgenerator")
+    if _spec is None:
+        # Package not installed, create the namespace mapping manually
+        # This allows "from pcileechfwgenerator.x import y" to work as "from src.x import y"
+        import types
+        _pkg = types.ModuleType("pcileechfwgenerator")
+        _pkg.__path__ = [str(_src_path)]
+        _pkg.__file__ = str(_src_path / "__init__.py")
+        sys.modules["pcileechfwgenerator"] = _pkg
+
 
 def get_version():
     """Get the current version from the centralized version resolver."""

scripts/vfio_container_manager.py

@@ -23,6 +23,7 @@
 sys.path.insert(0, str(Path(__file__).parent.parent))
 
 from src.cli.vfio_handler import (
+    DeviceInfo,
     VFIOBinder,
     VFIOBindError,
     VFIOPermissionError,

src/cli/vfio_diagnostics.py

@@ -231,6 +231,9 @@ class Diagnostics:
     def __init__(self, device_bdf: Optional[str] = None):
         self.device_bdf = device_bdf
         self.checks: List[Check] = []
+        # Store device vendor/device IDs for remediation commands
+        self._vendor_id: Optional[str] = None
+        self._device_id: Optional[str] = None
 
     # Public API --------------------------------------------------------------
     def run(self) -> Report:
@@ -591,6 +594,9 @@ def _device_exists(self):
             path_manager = VFIOPathManager(self.device_bdf)
             if path_manager.device_path.exists():
                 vendor_id, device_id = path_manager.get_vendor_device_id()
+                # Store IDs for use in remediation commands (without 0x prefix)
+                self._vendor_id = vendor_id
+                self._device_id = device_id
                 # Add 0x prefix for display consistency with existing behavior
                 vendor = f"0x{vendor_id}"
                 device = f"0x{device_id}"
@@ -828,22 +834,49 @@ def _device_driver_binding(self):
                 commands=self._bind_commands(self.device_bdf, None),
             )
 
-    @staticmethod
-    def _bind_commands(bdf: str, current: Optional[str]) -> List[str]:
-        cmds: list[str] = [
-            (
+    def _bind_commands(self, bdf: str, current: Optional[str]) -> List[str]:
+        """Generate commands to bind device to vfio-pci driver.
+        
+        Uses the new_id approach which is more robust:
+        1. Unbind from current driver (if any)
+        2. Register device IDs with vfio-pci via new_id (this auto-binds)
+        
+        The new_id approach is preferred because:
+        - It works even when the device has no current driver
+        - It doesn't require the device to be pre-registered with vfio-pci
+        - It handles the binding automatically after registration
+        """
+        cmds: list[str] = []
+        
+        # Step 1: Unbind from current driver if one is bound
+        if current:
+            cmds.append(
                 safe_format(
                     "echo '{bdf}' | sudo tee /sys/bus/pci/devices/{bdf}/driver/unbind",
                     bdf=bdf,
                 )
-                if current
-                else ""
-            ),
-            safe_format(
-                "echo '{bdf}' | sudo tee /sys/bus/pci/drivers/vfio-pci/bind", bdf=bdf
-            ),
-        ]
-        return [c for c in cmds if c]
+            )
+        
+        # Step 2: Use new_id to register and auto-bind to vfio-pci
+        # This is the recommended approach and works regardless of prior driver state
+        if self._vendor_id and self._device_id:
+            cmds.append(
+                safe_format(
+                    "echo '{vid} {did}' | sudo tee /sys/bus/pci/drivers/vfio-pci/new_id",
+                    vid=self._vendor_id,
+                    did=self._device_id,
+                )
+            )
+        else:
+            # Fallback to direct bind if we don't have device IDs
+            # This may fail if the device IDs aren't pre-registered
+            cmds.append(
+                safe_format(
+                    "echo '{bdf}' | sudo tee /sys/bus/pci/drivers/vfio-pci/bind", bdf=bdf
+                )
+            )
+        
+        return cmds
 
     def _device_node(self):
         link = Path(

src/device_clone/__init__.py

@@ -22,6 +22,9 @@
     TimingPattern,
 )
 
+# Import the module itself for patching purposes
+from pcileechfwgenerator.device_clone import board_config
+
 # Core device cloning functionality
 from pcileechfwgenerator.device_clone.board_config import (
     get_board_info,

src/templates/sv/pcileech_bar_impl_device.sv.j2

@@ -214,7 +214,7 @@ module pcileech_bar_impl_device #(
 
     // Device-specific timing seed for jitter
     // Uses vendor_id XOR device_id for deterministic but unique timing
-    localparam [15:0] INT_TIMING_SEED = {{ "16'h%04X" % ((vendor_id | 0x8086) ^ (device_id | 0x1234)) }};
+    localparam [15:0] INT_TIMING_SEED = {{ "16'h%04X" % ((vendor_id|bitor(0x8086))|bitxor(device_id|bitor(0x1234))) }};
 
     // LFSR for interrupt timing jitter (matches tlp_latency_emulator approach)
     reg [15:0] int_lfsr;