| 1 |
On Thu, Jul 13, 2017 at 9:29 AM, Mike Gilbert <floppym@g.o> wrote: |
| 2 |
|
| 3 |
> |
| 4 |
> We are actually talking about protecting people who run something like |
| 5 |
> rm -rf /sys/firmware/efi/efivars/ as root. |
| 6 |
> |
| 7 |
> If you are dumb enough to do something like that, you almost deserve |
| 8 |
> to spend a couple hundred on a new motherboard. |
| 9 |
> |
| 10 |
> While I can think of a few ways you can accidentally do this via |
| 11 |
bindmounts and such, I think it's also worth mentioning that this |
| 12 |
"bricking" only happens on a very very small number of systems with a |
| 13 |
specific buggy UEFI implementation, the vast majority of UEFI hardware will |
| 14 |
not be "bricked" by wiping efivars. |
| 15 |
|
| 16 |
I'm still onboard with protecting users from this out of the box, but it's |
| 17 |
not like without this change, we'll have gentoo boxes dropping dead all |
| 18 |
over the place every week. We're protecting from something that requires |
| 19 |
both a very specific firmware bug AND serious user error, to trigger. |
| 20 |
|
| 21 |
-Ben |
Archives