[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System

Mon Feb 1 19:44:48 UTC 2016
Chris Adams <linux at cmadams.net>

Once upon a time, m.roth at 5-cent.us <m.roth at 5-cent.us> said:
> Excerpt:
> Running rm -rf / on any UEFI Linux distribution can potentially
> perma-brick your system.

Did someone think running "rm -rf /" is a good idea?

> Ok, *now* tell me why we shouldn't hate systemd?

This has zero to do with systemd.  This is a by-product of how the
kernel driver and user-space tools for EFI are implemented.  The kernel
driver exposes EFI variables in a writable sysfs filesystem, and so
that's how the user-space tools set/update/delete the variables.  Trying
to force a change on that interaction from an intermediary is just
wrong.  If the maintainers for the EFI-related code think it should
change, they'll need to coordinate that change between the kernel and
user-space.

The bigger issue is that there is apparently some UEFI implementations
that can't handle certain variables being deleted or overwritten.  Yes,
that could happen from an errant rm, but there are other ways that could
happen.  Vendors that can't recover in some way (like BIOS CMOS
corruption can be recovered with a jumper) should be named-and-shamed as
well as potentially blacklisted in some way in the EFI driver.

-- 
Chris Adams <linux at cmadams.net>