Am Dienstag, 15. August 2017, 22:02:19 CEST schrieb Mike Gilbert: > On Tue, Aug 15, 2017 at 2:17 PM, Rich Freeman <ri...@gentoo.org> wrote: > > On Tue, Aug 15, 2017 at 11:04 AM, Mick <michaelkintz...@gmail.com> wrote: > >> I can't recall if I did this myself in a moment of security induced > >> inspiration. I doubt I did. So how did this happen? What is > >> responsible for mounting this fs? > > > > It looks like this never did turn into a news item: > > https://archives.gentoo.org/gentoo-dev/message/35304b0db4de9e06fea32227537 > > 9fa81 > > > > You can remount it as rw if your tools don't do it automatically. It > > might not hurt to file a bug if one doesn't already exist for the tool > > that isn't remounting it. > > Please bother efibootmgr upstream about it, or bother the OpenRC > maintainer who decided to break things.
I'm somewhat confused about the whole thing. Wasn't the core problem of accidentally bricking devices solved by the kernel by making a subset of EFI variables immutable? (Actaully, I found the commit, which says that variables ar immutable by default and only whitelisted variables get to be mutable, see https://github.com/torvalds/linux/commit/ ed8b0de5a33d) Is there really that much value in additionally mounting efivars RO? (Honestly curious! Was the change maybe not backported to older kernels? Or can some other damage be done that I'm not aware of?) -- Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup
signature.asc
Description: This is a digitally signed message part.
