Remounting efivars as ro to safeguard hardware. Best practice?

Head_on_a_Stick · 2016-02-01 20:51:52

Trilby wrote:

Does anyone know how this ro mounting of efivars compares to the kernel option "noefi" or to blacklisting the efivars module? It seems if one is paranoid, the latter options might be better as then the efivars don't need to be remounted ro as they are simply not mounted in the first place.

The noefi kernel parameter would disable all EFI runtime services support.

Just mounting /sys/firmware/efi read only at least gives the option of remounting it rw -- this would allow modification of the variables without rebooting.

TheSaint · 2016-02-02 07:50:55

Anybody's trying to find side effects.
I think the only use on efivars are to change boot order or boot properties. So that's not a daily use.

graysky · 2016-02-02 08:11:29

TheSaint wrote:

Anybody's trying to find side effects.
I think the only use on efivars are to change boot order or boot properties. So that's not a daily use.

+1

My fstab has it ro since I posted and I have not found an side effect with normal use.

Soukyuu · 2016-02-02 21:19:02

Same here. I've also forwarded the suggestion to my friends with UEFI boards and haven't heard anything (negative ) from them so far.

Alad · 2016-02-03 16:57:34

https://lists.archlinux.org/pipermail/a … 40586.html

Arch Linux

#26 2016-02-01 20:51:52

Re: Remounting efivars as ro to safeguard hardware. Best practice?

#27 2016-02-02 07:50:55

Re: Remounting efivars as ro to safeguard hardware. Best practice?

#28 2016-02-02 08:11:29

Re: Remounting efivars as ro to safeguard hardware. Best practice?

#29 2016-02-02 21:19:02

Re: Remounting efivars as ro to safeguard hardware. Best practice?

#30 2016-02-03 16:57:34

Re: Remounting efivars as ro to safeguard hardware. Best practice?

Board footer