On Thu, Jul 13, 2017 at 7:35 AM, M. J. Everitt <m.j.ever...@iee.org> wrote: > On 13/07/17 12:09, Rich Freeman wrote: >> Presumably you'd only want to remount it if it was mounted ro to >> start, since it sounds like openrc will be diverging from systemd >> behavior here. >> >> While it seems like a good idea I'm not sure how big an improvement it >> is in the larger scheme. We're worried about root accidentially >> modifying efivars, but we have no safeguards against root writing to >> /dev/sda, and the latter seems much more likely to cause harm, and is >> harder to fix. >> > In case you weren't aware, Rich, rewriting the efivars actually writes > to the system BIOS, which renders the computer completely unbootable .. > not quite the same as erasing the boot sector of your hard disk, where > you simply plug in another device, and Off you go ... >
We are actually talking about protecting people who run something like rm -rf /sys/firmware/efi/efivars/ as root. If you are dumb enough to do something like that, you almost deserve to spend a couple hundred on a new motherboard.