[arch-general] efivars mounted read-write, but "operation not permitted, "
Kyle Terrien
kyleterrien at gmail.com
Thu Aug 4 00:42:53 UTC 2016
On Wed, 3 Aug 2016 13:03:41 -0700
Zachary Kline <zkline at speedpost.net> wrote:
> Hi All,
>
> This is admittedly more about Linux in general than Arch
> specifically, but I’m wondering if anybody has insight into why I
> can’t delete EFI variables, when efivarfs is mounted read-write. For
> anybody interested, I am wanting to remove the default boot entry
> created by systemd-boot, but receive an “Operation not permitted,”
> message when trying to do so, even as root.
>
> Any insight would be appreciated.
> Thanks much,
> Zack.
I remember there were some kernel patches that went in a few months ago.
Brief summary of what happened:
* Someone ran 'rm -rf /' on his system to wipe it. It was hard bricked,
not even able to POST. [0] (You need an Arch BBS account to view
that thread.)
* All Hell broke loose. Tech blogs had a field day. [1] A bug was
filed in systemd [2]. For some reason beyond me, systemd requires
that efivars be mounted read-write. (Probably bad design)
* A kernel patch was submitted to try to protect efivars somewhat [3].
I think you are seeing the direct consequence of this patch.
--Kyle
[0]: https://bbs.archlinux.org/viewtopic.php?id=207549
[1]: https://www.phoronix.com/scan.php?page=news_item&px=UEFI-rm-root-directory
[2]: https://github.com/systemd/systemd/issues/2402
[3]: https://gist.github.com/mjg59/8d9d494da56fbe6d8992
--
The computer can't tell you the emotional story. It can give you the
exact mathematical design, but what's missing is the eyebrows.
- Frank Zappa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20160803/c42cd1e8/attachment.asc>
More information about the arch-general
mailing list