[arch-general] efivars mounted read-write, but "operation not permitted, "

Kyle Terrien kyleterrien at gmail.com
Thu Aug 4 00:42:53 UTC 2016

On Wed, 3 Aug 2016 13:03:41 -0700
Zachary Kline <zkline at speedpost.net> wrote:
> Hi All,
> This is admittedly more about Linux in general than Arch
> specifically, but I’m wondering if anybody has insight into why I
> can’t delete EFI variables, when efivarfs is mounted read-write. For
> anybody interested, I am wanting to remove the default boot entry
> created by systemd-boot, but receive an “Operation not permitted,”
> message when trying to do so, even as root.
> Any insight would be appreciated.
> Thanks much,
> Zack.

I remember there were some kernel patches that went in a few months ago.

Brief summary of what happened:

* Someone ran 'rm -rf /' on his system to wipe it.  It was hard bricked,
  not even able to POST.  [0]  (You need an Arch BBS account to view
  that thread.)
* All Hell broke loose.  Tech blogs had a field day.  [1] A bug was
  filed in systemd [2].  For some reason beyond me, systemd requires
  that efivars be mounted read-write.  (Probably bad design)
* A kernel patch was submitted to try to protect efivars somewhat [3].
  I think you are seeing the direct consequence of this patch.


[0]: https://bbs.archlinux.org/viewtopic.php?id=207549
[1]: https://www.phoronix.com/scan.php?page=news_item&px=UEFI-rm-root-directory
[2]: https://github.com/systemd/systemd/issues/2402
[3]: https://gist.github.com/mjg59/8d9d494da56fbe6d8992

The computer can't tell you the emotional story.  It can give you the
exact mathematical design, but what's missing is the eyebrows.
- Frank Zappa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20160803/c42cd1e8/attachment.asc>

More information about the arch-general mailing list