| 1 |
On Thu, Jul 13, 2017 at 7:43 AM, Andrew Savchenko <bircoph@g.o> wrote: |
| 2 |
> On Thu, 13 Jul 2017 07:09:45 -0400 Rich Freeman wrote: |
| 3 |
>> On Thu, Jul 13, 2017 at 2:30 AM, Andrew Savchenko <bircoph@g.o> wrote: |
| 4 |
>> > On Wed, 12 Jul 2017 17:42:50 -0700 Matt Turner wrote: |
| 5 |
>> >> On Wed, Jul 12, 2017 at 5:29 PM, Lucas Ramage <ramage.lucas94@×××××.com> wrote: |
| 6 |
>> >> > What needs to be changed for the bootloaders? I may be able to assist. |
| 7 |
>> >> |
| 8 |
>> >> The documentation should be updated to say that with OpenRC 0.28 that |
| 9 |
>> >> you'll have to remount efivars as RW before you can install the |
| 10 |
>> >> bootloader (e.g., grub-install) |
| 11 |
>> >> |
| 12 |
>> >> The command I use locally to remount rw (since I have configured |
| 13 |
>> >> efivars to be mounted read-only in fstab) is |
| 14 |
>> >> |
| 15 |
>> >> mount -o remount,rw /sys/firmware/efi/efivars |
| 16 |
>> > |
| 17 |
>> > We don't have that much efi bootloaders. Maybe it will be better |
| 18 |
>> > to update their scripting to remount efivars rw and back ro when |
| 19 |
>> > needed? The same way we have non-efi bootloaders to mount /boot |
| 20 |
>> > partition when needed. |
| 21 |
>> > |
| 22 |
>> |
| 23 |
>> Presumably you'd only want to remount it if it was mounted ro to |
| 24 |
>> start, since it sounds like openrc will be diverging from systemd |
| 25 |
>> behavior here. |
| 26 |
>> |
| 27 |
>> While it seems like a good idea I'm not sure how big an improvement it |
| 28 |
>> is in the larger scheme. We're worried about root accidentially |
| 29 |
>> modifying efivars, but we have no safeguards against root writing to |
| 30 |
>> /dev/sda, and the latter seems much more likely to cause harm, and is |
| 31 |
>> harder to fix. |
| 32 |
> |
| 33 |
> Writing to /dev/sda may kill data stored there, but hardware itself |
| 34 |
> will survive. Writing to efivars kills hardware and this is the |
| 35 |
> motivation for this change. See [1] and [2] for details. Poettering |
| 36 |
> says this is OK to hard brick device, well fine, this is systemd |
| 37 |
> way. OpenRC is smarter here and protects users from unintended |
| 38 |
> disaster. |
| 39 |
|
| 40 |
Reading through those apparently bricking is considered to be a |
| 41 |
hardware bug. Granted, it is still desirable to avoid. |
| 42 |
|
| 43 |
In any case, tools would still need to be compatible with both |
| 44 |
approaches. Apparently there are commands like systemctl reboot |
| 45 |
--firmware-setup that expect this to be writable. If we aren't going |
| 46 |
to make the default ro under systemd then tools will need to handle |
| 47 |
both cases. If we decide to change the default for systemd (or put a |
| 48 |
line in the default fstab) then this issue would go away. |
| 49 |
|
| 50 |
-- |
| 51 |
Rich |
Archives