From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-81414-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C676F139694
	for <garchives@archives.gentoo.org>; Thu, 13 Jul 2017 11:43:20 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0E85BE0DA2;
	Thu, 13 Jul 2017 11:43:15 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id AC122E0D97
	for <gentoo-dev@lists.gentoo.org>; Thu, 13 Jul 2017 11:43:14 +0000 (UTC)
Received: from localhost (unknown [91.246.102.171])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: bircoph)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 60D9C3416E7
	for <gentoo-dev@lists.gentoo.org>; Thu, 13 Jul 2017 11:43:12 +0000 (UTC)
Date: Thu, 13 Jul 2017 14:43:08 +0300
From: Andrew Savchenko <bircoph@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] newsitem: openrc-0.28 mounts efivars read only
Message-Id: <20170713144308.3e0dd3139d5be936e28c3e7d@gentoo.org>
In-Reply-To: <CAGfcS_=fdA3HBr-tFw02tSGkC+yNBCAZBBapEw7oPej-89ix4g@mail.gmail.com>
References: <20170712154236.GA10286@whubbs1.gaikai.biz>
	<CAJ0EP43wsGZfBqM604LKy9K0tx6h03gOumShAEawYkdrVj=inw@mail.gmail.com>
	<20170712214408.GA13328@whubbs1.gaikai.biz>
	<CAEdQ38G4SZ13PTcUkEx1ra4T9BXs9upG7Yfqth0WJPNZT_6wpA@mail.gmail.com>
	<CAKkjsY_WD1AmDkNNf3d3Q-Zyoid7ux0Cgs6ZT=zbuCkwb2cW+g@mail.gmail.com>
	<CAEdQ38G4VcM48bM460Q0o-Gm0MjFwksCMfH6uXQVGdEhKZHGCA@mail.gmail.com>
	<20170713093021.2b0bcf21b6ebb6921245fbe0@gentoo.org>
	<CAGfcS_=fdA3HBr-tFw02tSGkC+yNBCAZBBapEw7oPej-89ix4g@mail.gmail.com>
X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.30; i686-pc-linux-gnu)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="PGP-SHA512";
 boundary="Signature=_Thu__13_Jul_2017_14_43_08_+0300_3EwCSL74pJL_isrh"
X-Archives-Salt: d39dd3d6-99cb-4030-b34c-3d5203097de6
X-Archives-Hash: f8e367e154b20ce9ac9f86c9f99b6dcf

--Signature=_Thu__13_Jul_2017_14_43_08_+0300_3EwCSL74pJL_isrh
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, 13 Jul 2017 07:09:45 -0400 Rich Freeman wrote:
> On Thu, Jul 13, 2017 at 2:30 AM, Andrew Savchenko <bircoph@gentoo.org> wr=
ote:
> > On Wed, 12 Jul 2017 17:42:50 -0700 Matt Turner wrote:
> >> On Wed, Jul 12, 2017 at 5:29 PM, Lucas Ramage <ramage.lucas94@gmail.co=
m> wrote:
> >> > What needs to be changed for the bootloaders? I may be able to assis=
t.
> >>
> >> The documentation should be updated to say that with OpenRC 0.28 that
> >> you'll have to remount efivars as RW before you can install the
> >> bootloader (e.g., grub-install)
> >>
> >> The command I use locally to remount rw (since I have configured
> >> efivars to be mounted read-only in fstab) is
> >>
> >> mount -o remount,rw /sys/firmware/efi/efivars
> >
> > We don't have that much efi bootloaders. Maybe it will be better
> > to update their scripting to remount efivars rw and back ro when
> > needed? The same way we have non-efi bootloaders to mount /boot
> > partition when needed.
> >
>=20
> Presumably you'd only want to remount it if it was mounted ro to
> start, since it sounds like openrc will be diverging from systemd
> behavior here.
>=20
> While it seems like a good idea I'm not sure how big an improvement it
> is in the larger scheme.  We're worried about root accidentially
> modifying efivars, but we have no safeguards against root writing to
> /dev/sda, and the latter seems much more likely to cause harm, and is
> harder to fix.

Writing to /dev/sda may kill data stored there, but hardware itself
will survive. Writing to efivars kills hardware and this is the
motivation for this change. See [1] and [2] for details. Poettering
says this is OK to hard brick device, well fine, this is systemd
way. OpenRC is smarter here and protects users from unintended
disaster.

Data can be restored from backup, but hard bricked hardware may
become completely dead beyond repair or require a very complicated
soldering. So I see this issue much more serious than writing
to /dev/sda.

[1] https://github.com/openrc/openrc/issues/134
[2] https://github.com/systemd/systemd/issues/2402

Best regards,
Andrew Savchenko

--Signature=_Thu__13_Jul_2017_14_43_08_+0300_3EwCSL74pJL_isrh
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAllnXMwACgkQ9lNaM7oe
5I1vAw/+MqSYuttvqrBVucTrDYb0IZN9kUN5cJimeGDF8XcGRZjJt0rvrqJjsjPL
qraJS9nlyheQuNiTRTOpMDAVFCU09jC3sRbSka63fR4lkcDD38HdraFt8f/HmnkL
l7qVTj9LKH4pIwzl3D3g+dPmzwE6KxdQzkRnWkDG0RHvTDwSsrO959HiUBrXJgC4
tP0XZlgEhu8AyVDYhVMZScY7Odmyp1zLz2b3qAsxgjKXZsZFmg0H2Fsy2nctPUnA
/lsNVTK/6cC0lliFB7IzhAspt15xIMjsXlLj9fasO7jmdwN8f5E0fgE+XgxIM6jA
haEoqeK9YSYZMhQeth6+M4dZEvEA71ZmQI06sk0oLpIHKMlC2I3ZZbclgRXpo6Vv
1QddH9gyK0hT770dQFk3eXXu8j8zMBkY8xmXbg5PCuVE3xXj/x1Tco0sGlcBybXc
YrrMBrqO64v1ov9OltfpR1qPcciHt+R/k2nEdI0tLXfhSxw23XACCFC+nEdaRYKm
5TWPCgNDlmFvZagbVYcwTYWu0VhfhXQwHx9z7Bd87pTwWWfnr7R1RFrkiORzlcyn
Ar3x/r53TcaNnVBS0jiJK3TizUn0qprGruS+NrNJmsKvZ8ea9o3V2EfrPkzq9EYI
Q5MbSzhcxIO62o1bcvuGGDmsZ6frAFRNogl7jLe8OYrMDz0xI9g=
=t0Dw
-----END PGP SIGNATURE-----

--Signature=_Thu__13_Jul_2017_14_43_08_+0300_3EwCSL74pJL_isrh--