efivars

[Greg KH]

On Thu, Sep 23, 2021 at 04:41:28AM -0400, Ruben Safir wrote:
> On Thu, Sep 23, 2021 at 09:32:00AM +0200, Bjørn Mork wrote:
> > Ruben Safir <ruben at mrbrklyn.com> writes:
> > 
> > > I really just want to know what efi varriables exist and why we have a
> > > sys file for them
> > 
> > The "why" question is answered here:
> > https://www.kernel.org/doc/Documentation/filesystems/efivarfs.rst
> 
> 
> Thanks
> 
> I read that, but for my purposes it is circular.
> 
> They created another virtual fielsystem because the current
> /sys and /proc entries seemed to fail to do something consistently 
> as UEFI developed and was grafted on the current kernel.

Creating new filesystems is trivial in the kernel, and these didn't fall
into the rules allowed by sysfs, so a new one was created.  Just because
it is a new filesystem does not mean anything here.

> It doesn't explain why these new variables were needed in the 
> first place.

They are exposed by UEFI for the OS and userspace to use for various
things.  The filenames should show you the functionality to look up in
the UEFI spec if you are curious about anything specific in there.

> > The "what" question doesn't have a short answer.  If you don't want the
> > long one, then that's fine.  You don't need to worry about efi
> > variables.  Leave them alone and they will do you no harm.
> 
> They are a problem and present a securilty risk.

What security risk specifically?

And what problem specifically?

> I can't change
> anything and nobody asks me about OS design, but it does cause 
> real problems and I run into them repeatedly at installfests.

What specifc problems do they cause with installing a distro?

Details please.

thanks,

greg k-h