[arch-general] Instructions to mount efivars as readonly should be linked to in Beginner's Guide

Kyle Terrien kyleterrien at gmail.com
Mon Feb 1 21:40:54 UTC 2016


Tomasz Kramkowski wrote:
> Since when does "do something dumb" and "potentially hard brick your
> motherboard" become synonymous when speaking in terms of computers?
> 
> There's doing something dumb (by accident or otherwise) and then there's
> bricking your motherboard, people make accidents all the time but since
> modern day computers are quite nice and rugged, the only losses are data
> losses.

You would think that a modern day machine is nice and rugged, but with
EFI/UEFI, it isn't.  There are way too many moving gears involved.

The preboot environment has one primary task: find a bootable medium and
boot it.  Ideally, you should be able to configure it to tell it which
medium to boot from.  In the absence of a bootable medium, it should
throw an error.  Simple!

This is how things worked before EFI.  Sure, getting an OS to load was a
magic trick in the early days ("pulling oneself up by one's
bootstraps"), but today it is a finely honed procedure.  There is
nothing broken with this procedure.  (After all, it boots!)

Enter EFI and UEFI.  From my (somewhat limited) experience with EFI, it
seems like whoever designed it attempted to solve some fringe problem
while creating 5 more problems in its place.  Why do OSes need to modify
the boot order entries?  Why do some motherboards refuse to fallback to
legacy BIOS?  To make things worse, many hardware implementations are
buggy and cannot be fixed (because there are already thousands/millions
of units in production).

So, if you want a modern day computer to be rugged:

* Use legacy BIOS.  There is nothing wrong with it.
* Mount efivars (and related stuff) as ro by default.  I read the
  systemd bug [0], but I still don't understand why so many tools need
  to write to it.  How often do you need to change motherboard
  parameters after you get an OS set up?  At that point, POST should be
  "find a device and boot it".

> I might shed a few tears over the loss of some not-backed up data, but I
> would be quite a bit more pissed off if I lost a valuable and expensive
> piece of hardware (granted, it would have to have a misconfigured and
> shitty EFI, but since when is "being misconfigured and shitty" a rare
> occurance?).

I wish I could answer the philosophical question of whether rm should be
able to brick hardware.  I suggest someone mail Brian Kernighan, Robert
Pike, or Ken Thompson.  I would be really curious to hear what they
think about this efivars thing.

--Kyle

[0]: https://github.com/systemd/systemd/issues/2402

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20160201/55b161e6/attachment.asc>


More information about the arch-general mailing list