mirror of
				https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git
				synced 2025-10-26 17:04:24 +10:00 
			
		
		
		
	"rm -rf" is bricking some peoples' laptops because of variables being used to store non-reinitializable firmware driver data that's required to POST the hardware. These are 100% bugs, and they need to be fixed, but in the mean time it shouldn't be easy to *accidentally* brick machines. We have to have delete working, and picking which variables do and don't work for deletion is quite intractable, so instead make everything immutable by default (except for a whitelist), and make tools that aren't quite so broad-spectrum unset the immutable flag. Signed-off-by: Peter Jones <pjones@redhat.com> Tested-by: Lee, Chun-Yi <jlee@suse.com> Acked-by: Matthew Garrett <mjg59@coreos.com> Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
		
			
				
	
	
		
			24 lines
		
	
	
		
			975 B
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			24 lines
		
	
	
		
			975 B
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| 
 | |
| efivarfs - a (U)EFI variable filesystem
 | |
| 
 | |
| The efivarfs filesystem was created to address the shortcomings of
 | |
| using entries in sysfs to maintain EFI variables. The old sysfs EFI
 | |
| variables code only supported variables of up to 1024 bytes. This
 | |
| limitation existed in version 0.99 of the EFI specification, but was
 | |
| removed before any full releases. Since variables can now be larger
 | |
| than a single page, sysfs isn't the best interface for this.
 | |
| 
 | |
| Variables can be created, deleted and modified with the efivarfs
 | |
| filesystem.
 | |
| 
 | |
| efivarfs is typically mounted like this,
 | |
| 
 | |
| 	mount -t efivarfs none /sys/firmware/efi/efivars
 | |
| 
 | |
| Due to the presence of numerous firmware bugs where removing non-standard
 | |
| UEFI variables causes the system firmware to fail to POST, efivarfs
 | |
| files that are not well-known standardized variables are created
 | |
| as immutable files.  This doesn't prevent removal - "chattr -i" will work -
 | |
| but it does prevent this kind of failure from being accomplished
 | |
| accidentally.
 |