#!/bin/sh

#
# File: insmod-pax
#
# Description: script to load PAX driver
#
# Version: 1.4
#
# Copyright (C) 2009 Intel Corporation.  All Rights Reserved.
#
#     This file is part of SEP Development Kit
#
#     SEP Development Kit is free software; you can redistribute it
#     and/or modify it under the terms of the GNU General Public License
#     version 2 as published by the Free Software Foundation.
#
#     SEP Development Kit is distributed in the hope that it will be useful,
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#     GNU General Public License for more details.
#
#     You should have received a copy of the GNU General Public License
#     along with SEP Development Kit; if not, write to the Free Software
#     Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
#     As a special exception, you may use this file as part of a free software
#     library without restriction.  Specifically, if other files instantiate
#     templates or use macros or inline functions from this file, or you compile
#     this file and link it with other files to produce an executable, this
#     file does not by itself cause the resulting executable to be covered by
#     the GNU General Public License.  This exception does not however
#     invalidate any other reasons why the executable file might be covered by
#     the GNU General Public License.
#

# ------------------------------ CONSTANTS -----------------------------------

DRIVER_NAME=pax
DEFAULT_GROUP=${GROUP:-vtune}
BACKUP_GROUP=root
DEFAULT_PERMS=660

#error codes
SUCCESS=0
DRIVER_NOT_FOUND=213
INTREE_DRIVER_NOT_FOUND=214
PERMISSION_MISMATCH=215
NO_UDEV_MANAGER=225
DEV_CHANGE_PERMS_FAILED=229
DEV_CHANGE_GRP_OWN_FAILED=230
DEV_GROUP_NOT_SPECIFIED=231
DEV_NOT_CREATED=232
DEV_NOT_FOUND=233
DRIVER_LOAD_FAILED=234
MODULE_NOT_FOUND=235
DRIVER_ALREADY_LOADED=236
INVALID_MODULE_FORMAT=237
UNKOWN_SYMBOL_FOUND=238
DRIVER_NOT_SIGNED=239
DRIVER_UNLOAD_FAILED=245
UNSUPPORTED_PLATFORM=253
OPTIONS_ERROR=254
COMMANDS_TO_CHECK_FAILED=255

# ------------------------------- OUTPUT -------------------------------------

print_msg()
{
  MSG="$*"
  echo "$MSG"
}

print_nnl()
{
  MSG="$*"
  echo -n "$MSG"
}

print_err()
{
  MSG="$*"
  if [ -w /dev/stderr ] ; then
    echo "$MSG" >> /dev/stderr
  else
    echo "$MSG"
  fi
}

print_nnl_err()
{
    MSG="$*"
    if [ -w /dev/stderr ] ; then
        echo -n "$MSG" >> /dev/stderr
    else
        echo -n "$MSG"
    fi
}

# set the path to include "standard" locations so commands below can be found
PATH="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin/:/usr/local/sbin:/usr/local/bin:/usr/local/gnu/bin:"${PATH}""
export PATH
# ------------------------------ COMMANDS ------------------------------------

CHGRP="chgrp"
CHMOD="chmod"
CUT="cut"
DIRNAME="dirname"
GREP="grep"
PGREP="pgrep"
INSMOD="insmod"
MKNOD="mknod"
RM="rm"
SED="sed"
STAT="stat"
SU="su"
TR="tr"
UNAME="uname"
WHICH="which"
CAT="cat"
GROUPMOD="groupmod"
YPCAT="ypcat"
GROUPADD="groupadd"
MODINFO="modinfo"
LSMOD="lsmod"
GREP="grep"
OCTALDUMP="od"
EXPR="expr"

COMMANDS_TO_CHECK="${CUT} ${DIRNAME} ${GREP} ${PGREP} ${INSMOD} ${MKNOD} ${RM} ${SED} ${TR} ${UNAME} ${CAT} ${LSMOD} ${GREP} ${OCTALDUMP} ${EXPR}"

# ------------------------------ FUNCTIONS -----------------------------------

intree_drivers_loc="/lib/modules/`${UNAME} -r`/kernel/drivers/platform/x86/sepdk/pax/"
# function to show usage and exit
print_usage_and_exit()
{
  err=${1:-0}
  print_msg ""
  print_msg "Usage: $0 [ options ]"
  print_msg ""
  print_msg " where \"options\" are the following:"
  print_msg ""
  print_msg "    -g | --group group"
  print_msg "      restricts access to the ${DRIVER_NAME} driver to users in the specified"
  print_msg "      group; if this option is not provided, the group \"${DEFAULT_GROUP}\""
  print_msg "      will be used"
  print_msg ""
  print_msg "    -p | --perms fileperms"
  print_msg "      restricts access to the ${DRIVER_NAME} driver based on the specified"
  print_msg "      file permissions; if this option is not provided, then file"
  print_msg "      permissions \"${DEFAULT_PERMS}\" (or equivalently, \"ug+rw\") will be used"
  print_msg ""
  print_msg "    -q | --query"
  print_msg "      returns 0 if driver is already loaded, non-zero otherwise;"
  print_msg "      if driver is loaded, information on group ownership"
  print_msg "      and file permissions on driver device will be displayed"
  print_msg ""
  print_msg "    -r | --reload"
  print_msg "      attempt to reload the driver; note that the driver will"
  print_msg "      not unload if it is still in use"
  print_msg ""
  print_msg "    -re | --restricted-environment"
  print_msg "      restricted environment mode: minimal requirements to the system runtime"
  print_msg "      like in busybox case"
  print_msg ""
  print_msg "    --no-udev"
  print_msg "      Create device files seapartely when no device manager is running"
  print_msg ""
  print_msg "    -lid | --load-in-tree-driver"
  print_msg "      install in-tree drivers, if any, available at ${intree_drivers_loc}"
  print_msg ""
  exit $err
}

# check for certain options
reload_driver=0
no_udev_mode=0
load_in_tree_driver=0

while [ $# -gt 0 ] ; do
  case "$1" in
    -h | --help)
      print_usage_and_exit ${SUCCESS}
      ;;
    -g | --group)
      DRIVER_GROUP=$2
      if [ -z "$DRIVER_GROUP" ] ; then
        print_err ""
        print_err "ERROR: must provide a group"
        print_usage_and_exit ${OPTIONS_ERROR}
      fi
      shift
      ;;
    -p | --perms)
      DRIVER_PERMS=$2
      if [ -z "$DRIVER_PERMS" ] ; then
        print_err ""
        print_err "ERROR: must provide the file permissions"
        print_usage_and_exit ${OPTIONS_ERROR}
      fi
      shift
      ;;
    -q | --query)
      err=0
      driver_loaded=`${LSMOD} | ${GREP} ${DRIVER_NAME}`
      if [ -z "$driver_loaded" ] ; then
        err=${DRIVER_NOT_FOUND}
        print_msg "${DRIVER_NAME} driver is not loaded."
      else
        if [ -e /dev/${DRIVER_NAME} ] ; then
          drv_group=`${STAT} -c "%G" /dev/${DRIVER_NAME}`
          drv_perms=`${STAT} -c "%a" /dev/${DRIVER_NAME}`
          print_msg "${DRIVER_NAME} driver is loaded and owned by group \"${drv_group}\" with file permissions \"${drv_perms}\"."
        else
          err=${DRIVER_NOT_FOUND}
          print_msg "${DRIVER_NAME} driver is not correctly loaded."
        fi
      fi
      exit $err
      ;;
    -r | --reload)
      reload_driver=1
      ;;
    -re | --restricted-environment)
      BUSYBOX_SHELL=yes
      ;;
    --no-udev)
      no_udev_mode=1
      ;;
    -lid | --load-in-tree-driver)
      load_in_tree_driver=1
      ;;
    *)
      print_err ""
      print_err "ERROR: unrecognized option \"$1\""
      print_usage_and_exit ${OPTIONS_ERROR}
      ;;
  esac
  shift
done

#
# Note: Busybox has a restricted shell environment, and
#       conventional system utilities may not be present;
#       so need to account for this ...
#

# busybox binary check
if [ -z "${BUSYBOX_SHELL}" ]; then
  # if not forced by command line option -re
  BUSYBOX_SHELL=` ${GREP} --help 2>&1 | ${GREP} BusyBox`
fi

if [ -n "${BUSYBOX_SHELL}" ] ; then
  DEFAULT_GROUP=${GROUP:-0}
else
  COMMANDS_TO_CHECK="${CHGRP} ${CHMOD} ${STAT} ${SU} ${COMMANDS_TO_CHECK}"
fi

# if any of the COMMANDS_TO_CHECK are not executable, then exit script
OK="true"
for c in ${COMMANDS_TO_CHECK} ; do
  CMD=`${WHICH} $c 2>&1` ;
  ret_val=$?
  if [ ${ret_val} -ne 0 ] ; then
    OK="false"
    print_err "ERROR: unable to find command \"$c\" !"
  fi
done
if [ ${OK} != "true" ] ; then
  print_err "If you are using BusyBox, please re-run this script with the '-re' flag added"
  print_err "Otherwise, please add the above commands to your PATH and re-run the script ... exiting."
  exit ${COMMANDS_TO_CHECK_FAILED}
fi

# check if the device manager exists, and if not, then ask for the option
UDEVD_PID=`${PGREP} udevd`
if [ -z "${UDEVD_PID}" ] ; then
  if [ $no_udev_mode -eq 0 ] ; then
    print_err ""
    print_err "The udev deivce manager is not running on the system."
    print_err "Recompile the driver with the option '--no-udev'"
    print_err "Then, run this script with the option '--no-udev'"
    print_err ""
    exit ${UDEV_NOT_FOUND}
  fi
fi

# ------------------------------ VARIABLES -----------------------------------

SCRIPT=$0
PLATFORM=`${UNAME} -m`
KERNEL_VERSION=`${UNAME} -r`
PLATFORM=`${UNAME} -m`
DRIVER_DIRECTORY=`${DIRNAME} ${SCRIPT}`
DRIVER_GROUP=${DRIVER_GROUP:-${DEFAULT_GROUP}}
DRIVER_PERMS=${DRIVER_PERMS:-${DEFAULT_PERMS}}

# create a group if the group does not exist
# check if local group exists
${GROUPMOD} ${DRIVER_GROUP} > /dev/null 2>&1
verifygroup_err=$?
if [ ${verifygroup_err} -ne 0 ] ; then
  # check if nis group exists
  ${YPCAT} group 2> /dev/null | ${CUT} -d : -f1 | ${GREP} -E "^${DRIVER_GROUP}$" > /dev/null 2>&1
  verifygroup_err=$?
  if [ ${verifygroup_err} -ne 0 ] ; then
    getent group ${DRIVER_GROUP} 2> /dev/null | ${GREP} -E "^${DRIVER_GROUP}" > /dev/null 2>&1
    verifygroup_err=$?
    if [ ${verifygroup_err} -ne 0 ]; then
      print_nnl "Creating group ${DRIVER_GROUP} ... "
      ${GROUPADD} ${DRIVER_GROUP} > /dev/null 2>&1
      verifygroup_err=$?
      if [ ${verifygroup_err} -ne 0 ] ; then
        print_err ""
        print_err "Warning: ${DRIVER_GROUP} group creation failed ..."
        DRIVER_GROUP=${BACKUP_GROUP}
        print_err "         proceeding with group ${DRIVER_GROUP} instead ..."
        print_err ""
      else
        print_msg "done"
      fi
    fi
  fi
fi

#Get group id of based on group name
DRIVER_GROUP_ID=`getent group ${DRIVER_GROUP} | ${CUT} -d : -f3  2>&1`
if [ $? -ne 0 ] ; then
  print_err "Warning: Unable to get group id of ${DRIVER_GROUP}"
fi

# check if platform is supported
if [ "${PLATFORM}" = "x86_64" ] ; then
  ARCH="x32_64"
elif [ "${PLATFORM}" = "i386" -o "${PLATFORM}" = "i486" -o "${PLATFORM}" = "i586" -o "${PLATFORM}" = "i686" ] ; then
  ARCH="x32"
else
  print_err ""
  print_err "ERROR: Unsupported platform \"${PLATFORM}\" ... exiting."
  print_err ""
  exit ${UNSUPPORTED_PLATFORM}
fi

# check whether kernel is for UP or SMP
SMP=`${UNAME} -v | ${GREP} SMP`
if [ -z "${SMP}" ] ; then
  ARITY="up"
else
  ARITY="smp"
fi

# file name of driver to load
DRIVER_FILENAME=${DRIVER_NAME}-${ARCH}-${KERNEL_VERSION}${ARITY}.ko

# check if secure boot is enabled
secure_boot_enabled="Unknown"
print_msg "Detecting Secure Boot status..."
SEC_DIR="/sys/firmware/efi"
# check by mokutil first
result=`command -v mokutil &> /dev/null`
if [ ${result} ]; then
  status=`mokutil --sb-state| grep 'SecureBoot'|cut -f2 -d " "`
  if [ "$status" = "enabled" ]; then
      secure_boot_enabled="True"
  else
      secure_boot_enabled="False"
  fi
else
  # if mokutil is not avaliable, check again by OCTALDUMP as fallback mechanism
  if [ -d $SEC_DIR ]; then
    secure_boot_output=`${OCTALDUMP} --address-radix=n --format=u1 ${SEC_DIR}/efivars/SecureBoot* 2>&1`
    # secure boot is enabled if the 5th bit of above command is 1
    # mokutil --sb-state​, bootctl status can also be used to detect secure boot status
    if [ $? -eq 0 ] ; then
      len=`${EXPR} length "$secure_boot_output"`
      flag_index=5
      secure_boot_flag=`echo $secure_boot_output | ${CUT} -d" " -f${flag_index}`
      if [ $? -eq 0 -a $secure_boot_flag -eq 1 ] ; then
          secure_boot_enabled="True"
      else
          secure_boot_enabled="False"
      fi
    fi
  fi
fi

if [ ${secure_boot_enabled} = "True" ] ; then
  print_msg "Secure Boot is enabled"
elif [ ${secure_boot_enabled} = "False"  ]; then
  print_msg "Secure Boot is disabled"
else
  print_msg "Failed to detect Secure Boot status"
fi

# check Kernel Config - CONFIG_SECURITY_LOCKDOWN_LSM
${GREP} .config -we "CONFIG_SECURITY_LOCKDOWN_LSM=m" > /dev/null 2>&1
config_lockdown_enabled=$?

# check Kernel Config - CONFIG_MODULE_SIG_FORCE
${GREP} .config -we "CONFIG_MODULE_SIG_FORCE=m" > /dev/null 2>&1
config_module_force_enabled=$?

# ------------------------------- MAIN ---------------------------------------

# check if OS is ClearLinux/IntelNext Based
IS_INTREE_DRIVER_OS=0
IS_CLEAR_LINUX_OS=0
CLEAR_LINUX_OS_RELEASE="/usr/lib/os-release"
if ${GREP} -q "Clear Linux" ${CLEAR_LINUX_OS_RELEASE} ; then
  IS_CLEAR_LINUX_OS=1
  IS_INTREE_DRIVER_OS=1
elif ${ECHO} ${UNAME} -r | ${GREP} -q "intel-next" ; then
  IS_INTREE_DRIVER_OS=1
elif ${ECHO} ${UNAME} -r | ${GREP} -q "svos-next" ; then
  IS_INTREE_DRIVER_OS=1
fi

if [ "${load_in_tree_driver}" -eq 1 ]; then
  if [ "${IS_INTREE_DRIVER_OS}" -eq 1 ]; then
    LINUX_SEP_DRIVER_PATH=`${MODINFO} ${DRIVER_NAME} | ${GREP} filename | ${CUT} -d : -f2 | ${TR} -d "[:blank:]" 2> /dev/null`
    if [ -f "${LINUX_SEP_DRIVER_PATH}" ] ; then
      DRIVER_DIRECTORY=`echo ${LINUX_SEP_DRIVER_PATH} | ${SED} -e "s/\/${DRIVER_NAME}.ko//g"`
      DRIVER_FILENAME=${DRIVER_NAME}.ko
    else
      print_err ""
      print_err "Error: ${DRIVER_NAME} is not found in ${intree_drivers_loc}"
      print_err "       Re-run the script without --load-in-tree-driver option to load the drivers available in the installation package"
      print_err ""
      exit ${INTREE_DRIVER_NOT_FOUND}
    fi
  else
    print_err ""
    print_err "WARNING: invalid option --load-in-tree-driver, in-tree driver is not available"
    print_err "         Continuing with ${DRIVER_NAME} driver available in the installation package"
    print_err ""
  fi
fi

# check if driver is signed
signed="False"
mod_infos=`${MODINFO} ${DRIVER_DIRECTORY}/${DRIVER_FILENAME}`
for info in mod_infos ; do
  if [ ${info} = 'sig_id:' ] ; then
    signed="True"
  fi
done

# check if driver devices exist, and if so, then exit
print_nnl "Checking for PMU arbitration service (PAX) ... "
DEVNUM=`${GREP} ${DRIVER_NAME} /proc/devices | ${TR} -s ' ' | ${CUT} -d ' ' -f 1`
if [ -n "${DEVNUM}" ] ; then
  print_msg "detected."
  if [ $reload_driver -ne 1 ] ; then
    if [ -n "${BUSYBOX_SHELL}" ] ; then
      drv_group=0
      drv_perms=664
      drv_group_id=0
    else
      drv_group=`${STAT} -c "%G" /dev/${DRIVER_NAME}`
      drv_perms=`${STAT} -c "%a" /dev/${DRIVER_NAME}`
      drv_group_id=`${STAT} -c "%g" /dev/${DRIVER_NAME}`
    fi
    # if file doesn't exist, reload the latest version
    if [ ! -f "/proc/pax_version" ]; then
      print_msg "An old version of the pax driver found. Attempting to restart PAX service ..."
      reload_driver=1
    else
      if [ "$drv_group" != "$DRIVER_GROUP" -a "$drv_group_id" != "$DRIVER_GROUP_ID" ] ; then
        group_conflict=1
      fi
      if [ "$drv_perms" = "666" -o "$drv_perms" = "777" ] ; then
        access_to_all=1
      fi
      # print to stderr when group conflict exists with restricted driver access
      if [ -n "$group_conflict" -a -z "$access_to_all" ] ; then
        print_nnl_err "The ${DRIVER_NAME} driver is already loaded and is accessible "
      else
        print_nnl "The ${DRIVER_NAME} driver is already loaded and is accessible "
      fi
      if [ -n "$access_to_all" ] ; then
        print_msg "to all users. Use ${DRIVER_DIRECTORY}/rmmod-${DRIVER_NAME} to unload it."
        exit ${DRIVER_ALREADY_LOADED}
      else
        if [ -n "$group_conflict" ] ; then
          print_err "to users in group \"$drv_group\"."
        else
          print_msg "to users in group \"$drv_group\"."
        fi
      fi
      if [ -n "$group_conflict" ] ; then
        print_err ""
        print_err "ERROR: ${DRIVER_NAME} driver access group \"${drv_group}\""
        print_err "  conflicts with group \"$DRIVER_GROUP\". Groups must match"
        print_err "  or the file permissions on PAX driver must be unrestricted."
        exit ${PERMISSION_MISMATCH}
      fi
      exit ${DRIVER_ALREADY_LOADED}
    fi
  fi
fi

print_msg "not detected."
print_msg "Attempting to start PAX service ..."

# check if USER is root
if [ -z "${BUSYBOX_SHELL}" ] ; then
  if [ "${USER}x" != "rootx" ] ; then
    if [ ! -w /dev ] ; then
      print_msg "NOTE:  super-user or \"root\" privileges are required in order to continue."
      print_nnl "Please enter \"root\" "
      OPTIONS="-g ${DRIVER_GROUP} -p ${DRIVER_PERMS}"
      if [ $reload_driver -eq 1 ] ; then
        OPTIONS="$OPTIONS -r"
      fi
      exec ${SU} -c "/bin/sh ${SCRIPT} ${OPTIONS}"
      print_msg ""
      exit ${SUCCESS}
    fi
  fi
fi

# if requested, reload driver
if [ $reload_driver -eq 1 ] ; then
  ${DRIVER_DIRECTORY}/rmmod-${DRIVER_NAME}
  err=$?
  if [ $err -ne ${SUCCESS} ] ; then
    print_err ""
    print_err "ERROR: failed to reload ${DRIVER_NAME} driver"
    print_err ""
    exit $err
  fi
fi

if [ ! -r ${DRIVER_DIRECTORY}/${DRIVER_FILENAME} ] ; then
  print_err ""
  print_err "ERROR: ${DRIVER_NAME} driver \"${DRIVER_FILENAME}\""
  print_err "was not found in directory \"${DRIVER_DIRECTORY}\" !"
  print_err ""
  print_err "This means you may need to build ${DRIVER_NAME} driver from the provided"
  print_err "driver sources.  Please see the driver README for instructions."
  print_err ""
  print_err "Note: Ensure that the driver is built for kernel version `uname -r`"
  print_err ""
  exit ${MODULE_NOT_FOUND}
fi


# insmod command to execute
INSMOD_CMD="${INSMOD} ${DRIVER_DIRECTORY}/${DRIVER_FILENAME}"

# execute the command
print_msg "Executing: ${INSMOD_CMD}"
INSMOD_OUTPUT=`${INSMOD_CMD} 2>&1`
INSMOD_RESULT=$?

# this lets a system to handle device file creation
sleep 1

# abort if unable to load the driver
if [ ${INSMOD_RESULT} -ne 0 ] ; then

  print_err "${INSMOD_OUTPUT}"
  print_err ""
  print_err "ERROR: ${DRIVER_NAME} driver failed to load!"
  print_err ""

  module_output_check=`echo ${INSMOD_OUTPUT} | ${GREP} -i "Invalid module format" 2> /dev/null`
  module_output_result=$?
  if [ ${module_output_result} -eq 0 ]; then
    print_err ""
    print_err "ERROR: Unable to load module."
    dmesg_output=`dmesg | tail -1 2> /dev/null`
    if [ $? -eq 0 ] ; then
      module_dmesg_check=`echo ${dmesg_output} | ${GREP} -i "version magic" 2> /dev/null`
      if [ $? -eq 0 ] ; then
        print_err "dmesg output: ${dmesg_output}"
      fi
    fi
    print_err "Invalid driver module format found. Please rebuild the driver for kernel version `uname -r`."
    print_err ""
    exit ${INVALID_MODULE_FORMAT}
  fi

  # check if operation is permitted
  operation_check=`echo ${INSMOD_OUTPUT} | ${GREP} -i "Operation not permitted" 2> /dev/null`
  if [ $? -eq 0 -a ${secure_boot_enabled} = "True" -a ${config_lockdown_enabled} -ne 0 -a ${signed} = "False" ] ; then
    print_err ""
    print_err "The driver must be signed because the secure boot is enabled and LOCKDOWN_LSM kernel config is set on the system."
    print_err ""
    exit ${DRIVER_NOT_SIGNED}
  fi

  # check if key is rejected
  key_reject_check=`echo ${INSMOD_OUTPUT} | ${GREP} -i "Key was rejected by service" 2> /dev/null`
  if [ $? -eq 0 -a ${config_module_force_enabled} -ne 0 -a ${signed} = "False" ] ; then
    print_err ""
    print_err "The driver must be signed because MODULE_SIG_FORCE kernel config is set on the system."
    print_err ""
    exit ${DRIVER_NOT_SIGNED}
  fi

  sign_check=`echo ${INSMOD_OUTPUT} | ${GREP} -i "required key not available" 2> /dev/null`
  if [ $? -eq 0 -a $secure_boot_enabled = 'True' ] ; then
    print_err ""
    print_err "The driver must be signed because the secure boot is enabled on the system."
    print_err ""
    exit ${DRIVER_NOT_SIGNED}
  fi

  print_err "You may need to build ${DRIVER_NAME} driver for your kernel."
  print_err "Please see the ${DRIVER_NAME} driver README for instructions."
  print_err ""
  exit ${DRIVER_LOAD_FAILED}
fi


# check if the driver has been loaded into the kernel
DEVNUM=`${GREP} ${DRIVER_NAME} /proc/devices | ${TR} -s ' ' | ${CUT} -d ' ' -f 1`
if [ -z "${DEVNUM}" ] ; then
  print_err ""
  print_err "ERROR: unable to find device \"${DRIVER_NAME}\" in /proc/devices !"
  print_err ""
  exit ${DEV_NOT_FOUND}
fi

if [ $no_udev_mode -eq 1 ] ; then
  # remove the devices that were previously created by the insmod script
  if [ -e /dev/${DRIVER_NAME} ] ; then
    print_nnl "Deleting previously created /dev/${DRIVER_NAME} base devices ... "
    sleep 1
    ${RM} -f /dev/${DRIVER_NAME}
    print_msg "done."
  fi

  # create the devices
  print_nnl "Creating /dev/${DRIVER_NAME} device with major number ${DEVNUM} ... "
  sleep 1
  ${MKNOD} /dev/${DRIVER_NAME} c ${DEVNUM} 0
  MKNOD_RESULT=$?
  if [ ${MKNOD_RESULT} -ne 0 ] ; then
    print_err ""
    print_err "ERROR: unable to create required /dev/${DRIVER_NAME} device !"
    print_err ""
    exit ${DEV_NOT_CREATED}
  fi
  print_msg "done."
fi

# change group ownership to whichever group is permitted to open the driver
if [ -z "${BUSYBOX_SHELL}" ] ; then
  if [ -z "${DRIVER_GROUP}" ] ; then
    print_err ""
    print_err "ERROR: no group ownership specified for /dev/${DRIVER_NAME} devices ... exiting."
    print_err ""
    exit ${DEV_GROUP_NOT_SPECIFIED}
  fi
  print_nnl "Setting group ownership of devices to group \"${DRIVER_GROUP}\" ... "
  ${CHGRP} ${DRIVER_GROUP} /dev/${DRIVER_NAME}
  CHGRP_RESULT=$?
  if [ ${CHGRP_RESULT} -ne 0 ] ; then
    print_err ""
    print_err "ERROR: unable to change group ownership of devices!"
    print_err ""
    exit ${DEV_CHANGE_GRP_OWN_FAILED}
  fi
  print_msg "done."
  print_nnl "Setting file permissions on devices to \"${DRIVER_PERMS}\" ... "
  ${CHMOD} ${DRIVER_PERMS} /dev/${DRIVER_NAME}
  CHMOD_RESULT=$?
  if [ ${CHMOD_RESULT} -ne 0 ] ; then
    print_err ""
    print_err "ERROR: unable to change permissions to ${DRIVER_PERMS} on devices!"
    print_err ""
    exit ${DEV_CHANGE_PERMS_FAILED}
  fi
  print_msg "done."
fi

# show that the driver was successfully loaded
print_msg "The ${DRIVER_NAME} driver has been successfully loaded."

exit ${SUCCESS}
