On Fri, Jul 3, 2020, at 9:52 AM, Peter Humphrey wrote:
> On Friday, 3 July 2020 03:05:34 BST Andrew Udvare wrote:
> > On 02/07/2020 06:56, Peter Humphrey wrote:
> > > But then,
> > > # bootctl set-default 30-gentoo-5.7.7.conf
> > > Failed to update EFI variable: Invalid argument
> >
> > Probably the kernel is blocking write access to EFI. This is on purpose
> > for safety as you can damage your firmware quite easily. systemd-boot
> > and others do not have this restriction.
>
> Is there some way for me to remove this restriction temporarily?
>
> > You also should be careful writing to the EFI too much as the NVRAM flash
> > may
> > not be of high quality.
>
> Yes, I do only write to it when I have to. I hope Asus would use decent-
> quality components though.
>
They may not have a choice. The flash memory made for "embedded" applications
can be very low quality.
Typically I see write capability maxing out at 100k. Some devices only offer
10k due to inappropriate cost optimization. These numbers can be particularly
visible if there is no wear levelling, which there usually isn't.
Anything higher seems to be only available for storage applications.
> > https://lwn.net/Articles/674940/
>
> Interesting - thanks.
>
> > You can try using `chattr -i` against the files like:
> >
> > chattr -i /sys/firmware/efi/efivars/Boot*
> >
> > Then you can try with bootctl and others, but this is not guaranteed to
> > work.
>
> Those files were already among the 17 that were mutable. It seems I
> need to find
> which of the other 117 files I need to make mutable.
>
> > On my ASUS motherboard I haven't been able to write to EFI variables
> > from within Linux for a long time. I have to add my keys in the BIOS and
> > set the default in systemd-boot.
>
> Looks like I'm in the same boat. Except that setting the default in systemd-
> boot is exactly what I can't do!
>
> > The logic to write to a file in efivars is here:
> >
> > https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L15
> >
> > If you use strace with bootctl you'll probably see one of these errno
> > values.
>
> I think what I'm seeing comes from this:
>
> if (attributes & ~(EFI_VARIABLE_MASK))
> return -EINVAL;
>
> Perhaps I should just stop here and revert to setting the default at the UEFI
> boot-choice screen.
>
> Many thanks for your help, Andrew.
>
> --
> Regards,
> Peter.
>
>
>
>
>
