> Hi Alois, > >> The reason for the failure is that since some time ago, Linux started >> creating EFI variables as immutable. > > I just quickly glanced at the upstream code at: > > https://github.com/lcp/mokutil > > We are indeed lagging quite far behind upstream but I could not > find a commit that would fix this in HEAD.
Indeed, the upstream fix is actually spread over multiple upstreams, and multiple commits. Mokutil uses libefivar for its handling of EFI variables since [0] (which happened after the point that is included in Debian). Libefivar introduced handling of immutable EFI variables in [1] (I based my patch in the initial message on this, and then fixed it until mokutil worked). That patch was broken however, and libefivar fixed that shortly later in [2]. > >> Our old version of mokutil does not care about this. > > Are you saying this definitely works in a new version? I think it should work with a new upstream version. I will build a package of mokutil HEAD against the Debian version of libefivar now, and tell shortly whether that thing works. > > Best wishes, > [0]: https://github.com/lcp/mokutil/commit/7b49e834284659527c9f7cf554f223748c00564b [1]: https://github.com/rhboot/efivar/commit/df78c364a1d362655f5495e781b647553b5ae144 [2]: https://github.com/rhboot/efivar/commit/df78c364a1d362655f5495e781b647553b5ae144
