Re: accessing efivarfs in debian-installer

To: debian-boot@lists.debian.org
Subject: Re: accessing efivarfs in debian-installer
From: Hendrik Boom <hendrik@topoi.pooq.com>
Date: Fri, 27 May 2016 13:58:11 -0400
Message-id: <[🔎] 20160527175811.GA24549@topoi.pooq.com>
In-reply-to: <[🔎] 1464361735.2762.40.camel@decadent.org.uk>
References: <[🔎] 1488973.RVaAoNrEnF@okeanos> <[🔎] 20160525143122.GA21583@mraw.org> <[🔎] 8718208.t4aWRF2oa1@okeanos> <[🔎] 20160527095935.GB30107@einval.com> <[🔎] 20160527131327.GA22703@topoi.pooq.com> <[🔎] 1464361735.2762.40.camel@decadent.org.uk>

On Fri, May 27, 2016 at 04:08:55PM +0100, Ben Hutchings wrote:
> On Fri, 2016-05-27 at 09:13 -0400, Hendrik Boom wrote:
> > On Fri, May 27, 2016 at 10:59:35AM +0100, Steve McIntyre wrote:
> > > On Fri, May 27, 2016 at 10:41:39AM +0200, Francesco De Vita wrote:
> > > > Hi
> > > > 
> > > > On 25/5/2016 16:31, Cyril Brulebois wrote:
> > > > > Francesco De Vita <fradev@inventati.org> (2016-05-24):
> > > > > > So, is it possible to access the efivarfs interface and retrieve
> > > > > > the required nvram-file inside the DI environment?
> > > > > 
> > > > > I'm pretty sure we can do that from d-i since that's needed to get
> > > > > UEFI support working AFAICT. Looking at udebs, it seems you want to
> > > > > be loading this one, probably manually if you're at an early stage:
> > > > > efi-modules-4.5.0-2-amd64-di_4.5.4-1_amd64.udeb
> > > > > 
> > > > > It contains:
> > > > >   ./lib/modules/4.5.0-2-amd64/kernel/drivers/firmware/efi/efivars.ko
> > > > > 
> > > > > which is likely to make it possible to access efivars, allowing you
> > > > > to mount them on the mount point (which you mentioned, exists
> > > > > already).
> > > > 
> > > > This time I'm using the Stretch Alpha 6 DI. I successfully loaded the 
> > > > efivars module as you suggested, however the efivarfs interface remains 
> > > > inaccessible, it still cannot be mounted.
> > > > 
> > > > I suppose that the efivarfs module has to be loaded too but there is no 
> > > > trace of efivarfs.ko in the DI and I didn't find any udeb containing 
> > > > it. Should I load it someway from an external source?
> > > 
> > > Ah, that's your problem. It looks like we're not including that module
> > > yet. Most EFI variable users like efibootmgr will fall back to the
> > > older interfaces, so we've not noticed this yet.
> > > 
> > > I'll go and fix that now.
> > 
> > Wasn't mounting the efivars as a file system implicated in the complete 
> > bricking of someone's hardware a while ago?  The problem being that it 
> > was too easy to rm those files, which deleted those efi variables, 
> > which included variable that were essential to making booting possible?  
> > Not just that it wouldn't boot the installed system any more; it could 
> > no longer boot anything, not even an operating-system installer?
> 
> Fixed in Linux 4.5-rc5 and in 4.4.4.  Now only variables on a known-
> safe whitelist are allowed to be deleted.
> 
> [...]
> > Juat be very careful with efivars.
> 
> We are.

Excellent.

-- hendrik

Reply to:

References:
- accessing efivarfs in debian-installer
  - From: Francesco De Vita <fradev@inventati.org>
- Re: accessing efivarfs in debian-installer
  - From: Cyril Brulebois <kibi@debian.org>
- Re: accessing efivarfs in debian-installer
  - From: Francesco De Vita <fradev@inventati.org>
- Re: accessing efivarfs in debian-installer
  - From: Steve McIntyre <steve@einval.com>
- Re: accessing efivarfs in debian-installer
  - From: Hendrik Boom <hendrik@topoi.pooq.com>
- Re: accessing efivarfs in debian-installer
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Bug#822678: jessie-pu: package partman-ext3/86~deb8u1
Next by Date: partman-btrfs is marked for autoremoval from testing
Previous by thread: Re: accessing efivarfs in debian-installer
Next by thread: Processed: reassign 218598 to partitioner, fixed 218598 in 0.58+rm
Index(es):
- Date
- Thread