On Thu, Aug 17, 2017 at 3:09 PM, Marc Joliet <[email protected]> wrote: > > I'm somewhat confused about the whole thing. Wasn't the core problem of > accidentally bricking devices solved by the kernel by making > a subset of EFI variables immutable? (Actaully, I found the commit, which > says that variables ar immutable by default and only whitelisted variables get > to be mutable, see https://github.com/torvalds/linux/commit/ > ed8b0de5a33d) Is there really that much value in additionally mounting > efivars RO? (Honestly curious! Was the change maybe not backported to older > kernels? Or can some other damage be done that I'm not aware of?) >
It was backported to 4.4, which makes me think it is 99% likely to be backported to every longterm, unless there is just some ancient one that doesn't even support EFI. I'll defer to others on whether anything else can break. -- Rich
