On Thu, 13 Jul 2017 12:35:50 +0100 M. J. Everitt wrote: > On 13/07/17 12:09, Rich Freeman wrote: > > Presumably you'd only want to remount it if it was mounted ro to > > start, since it sounds like openrc will be diverging from systemd > > behavior here. > > > > While it seems like a good idea I'm not sure how big an improvement it > > is in the larger scheme. We're worried about root accidentially > > modifying efivars, but we have no safeguards against root writing to > > /dev/sda, and the latter seems much more likely to cause harm, and is > > harder to fix. > > > In case you weren't aware, Rich, rewriting the efivars actually writes > to the system BIOS, which renders the computer completely unbootable .. > not quite the same as erasing the boot sector of your hard disk, where > you simply plug in another device, and Off you go ... It may be even worse. Some parts of efivars may be stored not in the BIOS chip, but on other chips like AC control or IME. So simple BIOS reflashing (e.g. from backup BIOS available on many boards) will not help.
Best regards, Andrew Savchenko
pgpEd02MrkduP.pgp
Description: PGP signature
