| 1 |
On Thu, Aug 17, 2017 at 3:09 PM, Marc Joliet <marcec@×××.de> wrote: |
| 2 |
> |
| 3 |
> I'm somewhat confused about the whole thing. Wasn't the core problem of |
| 4 |
> accidentally bricking devices solved by the kernel by making |
| 5 |
> a subset of EFI variables immutable? (Actaully, I found the commit, which |
| 6 |
> says that variables ar immutable by default and only whitelisted variables get |
| 7 |
> to be mutable, see https://github.com/torvalds/linux/commit/ |
| 8 |
> ed8b0de5a33d) Is there really that much value in additionally mounting |
| 9 |
> efivars RO? (Honestly curious! Was the change maybe not backported to older |
| 10 |
> kernels? Or can some other damage be done that I'm not aware of?) |
| 11 |
> |
| 12 |
|
| 13 |
It was backported to 4.4, which makes me think it is 99% likely to be |
| 14 |
backported to every longterm, unless there is just some ancient one |
| 15 |
that doesn't even support EFI. |
| 16 |
|
| 17 |
I'll defer to others on whether anything else can break. |
| 18 |
|
| 19 |
-- |
| 20 |
Rich |
Archives