ed8b0de5a3
"rm -rf" is bricking some peoples' laptops because of variables being used to store non-reinitializable firmware driver data that's required to POST the hardware. These are 100% bugs, and they need to be fixed, but in the mean time it shouldn't be easy to *accidentally* brick machines. We have to have delete working, and picking which variables do and don't work for deletion is quite intractable, so instead make everything immutable by default (except for a whitelist), and make tools that aren't quite so broad-spectrum unset the immutable flag. Signed-off-by: Peter Jones <pjones@redhat.com> Tested-by: Lee, Chun-Yi <jlee@suse.com> Acked-by: Matthew Garrett <mjg59@coreos.com> Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
23 lines
975 B
Text
23 lines
975 B
Text
|
|
efivarfs - a (U)EFI variable filesystem
|
|
|
|
The efivarfs filesystem was created to address the shortcomings of
|
|
using entries in sysfs to maintain EFI variables. The old sysfs EFI
|
|
variables code only supported variables of up to 1024 bytes. This
|
|
limitation existed in version 0.99 of the EFI specification, but was
|
|
removed before any full releases. Since variables can now be larger
|
|
than a single page, sysfs isn't the best interface for this.
|
|
|
|
Variables can be created, deleted and modified with the efivarfs
|
|
filesystem.
|
|
|
|
efivarfs is typically mounted like this,
|
|
|
|
mount -t efivarfs none /sys/firmware/efi/efivars
|
|
|
|
Due to the presence of numerous firmware bugs where removing non-standard
|
|
UEFI variables causes the system firmware to fail to POST, efivarfs
|
|
files that are not well-known standardized variables are created
|
|
as immutable files. This doesn't prevent removal - "chattr -i" will work -
|
|
but it does prevent this kind of failure from being accomplished
|
|
accidentally.
|