| 1 |
On Thu, 13 Jul 2017 12:35:50 +0100 M. J. Everitt wrote: |
| 2 |
> On 13/07/17 12:09, Rich Freeman wrote: |
| 3 |
> > Presumably you'd only want to remount it if it was mounted ro to |
| 4 |
> > start, since it sounds like openrc will be diverging from systemd |
| 5 |
> > behavior here. |
| 6 |
> > |
| 7 |
> > While it seems like a good idea I'm not sure how big an improvement it |
| 8 |
> > is in the larger scheme. We're worried about root accidentially |
| 9 |
> > modifying efivars, but we have no safeguards against root writing to |
| 10 |
> > /dev/sda, and the latter seems much more likely to cause harm, and is |
| 11 |
> > harder to fix. |
| 12 |
> > |
| 13 |
> In case you weren't aware, Rich, rewriting the efivars actually writes |
| 14 |
> to the system BIOS, which renders the computer completely unbootable .. |
| 15 |
> not quite the same as erasing the boot sector of your hard disk, where |
| 16 |
> you simply plug in another device, and Off you go ... |
| 17 |
|
| 18 |
It may be even worse. Some parts of efivars may be stored not in the |
| 19 |
BIOS chip, but on other chips like AC control or IME. So simple |
| 20 |
BIOS reflashing (e.g. from backup BIOS available on many boards) |
| 21 |
will not help. |
| 22 |
|
| 23 |
Best regards, |
| 24 |
Andrew Savchenko |
Archives