Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 627964 - OpenRC-0.28 causes efibootmgr to fail without warning
Summary: OpenRC-0.28 causes efibootmgr to fail without warning
Status: RESOLVED WORKSFORME
Alias: None
Product: Gentoo Hosted Projects
Classification: Unclassified
Component: OpenRC (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: OpenRC Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-15 21:00 UTC by MickKi
Modified: 2017-10-12 17:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description MickKi 2017-08-15 21:00:46 UTC
OpenRC-0.28 mounts efivarfs read only which causes sys-boot/efibootmgr-14 to fail without warning.

Reproducible: Always

Steps to Reproduce:
1. Run efibootmgr to write changes to the UEFI NVRAM.
2.
3.
Actual Results:  
As an example:

efibootmgr --create --disk /dev/sda --part 1  --loader "\EFI\BOOT\bootx64-4.12.5-gentoo.efi" --label "gentoo-4.12.5-15_Aug"                            
Could not prepare Boot variable: Read-only file system

Indeed the efivarfs is mounted by OpenRC as 'ro':

# mount | grep efi
efivarfs on /sys/firmware/efi/efivars type efivarfs (ro,relatime)

Expected Results:  
Given the OpenRC now mounts efivarfs as read only for security reasons, users should either have received a portage news item informing them of the change and guiding them to remount the efivarfs themselves as 'rw' when they need to;

OR,

efibootmgr, GRUB and other boot manager installers, any other applications could issue necessary warnings and seek confirmation to remount efivarfs 'rw' before they execute, then remount 'ro' when they finish;

OR,

at least inform the user to remount efivarfs manually, before running the command afresh.
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-08-16 13:55:09 UTC
> at least inform the user to remount efivarfs manually, before running the command afresh.

...but isn't that what the error message

> Could not prepare Boot variable: Read-only file system

tries to tell you?

I am also unsure about your expectation: OpenRC never promised to mount efivarfs writable. So a change doesn't have to be announced via news item. However, it was mentioned in OpenRC' NEWS file and changelog.
Comment 3 Mike Gilbert gentoo-dev 2017-08-16 14:28:43 UTC
> Given the OpenRC now mounts efivarfs as read only for security reasons

Just to clarify: it's not a security issue, but rather a measure taken to prevent admins from shooting themselves in the foot by accidentally removing EFI variables by unlinking items in efivarfs.

> efibootmgr, GRUB and other boot manager installers, any other applications could issue necessary warnings and seek confirmation to remount efivarfs 'rw' before they execute, then remount 'ro' when they finish;

Upstream feature request:

https://github.com/rhboot/efibootmgr/issues/76
Comment 4 MickKi 2017-08-16 15:16:28 UTC
(In reply to Thomas Deutschmann from comment #1)
> > at least inform the user to remount efivarfs manually, before running the command afresh.
> 
> ...but isn't that what the error message
> 
> > Could not prepare Boot variable: Read-only file system
> 
> tries to tell you?

Hi Thomas,

The message is somewhat vague, or open to (mis)interpretation.  I initially assumed I hadn't mounted /boot, or mounted it with the wrong permissions.  Then I looked into efibootmgr before I concluded that the issue was related to efivarfs, which eventually brought me to OpenRC as the culprit of why I was no longer able to run efibootmgr in the same reliable way I have been using for the last 4 years.

> I am also unsure about your expectation: OpenRC never promised to mount
> efivarfs writable. So a change doesn't have to be announced via news item.
> However, it was mentioned in OpenRC' NEWS file and changelog.

My reasonable expectation is to be informed of the impact changes on one package is having on other packages, at least when the effect is as significant as not being able to run the OS boot manager.  Sure, NEWS/Changelog items of OpenRC clearly state the change and it is a commendable change as it can avoid bricking a box.  However, not every Gentoo user would read such sources of information in a timely fashion *before* they update their system, for every @system package that might have changed recently in portage.

Of course OpenRC is not just any package.  Changes in OpenRC can be magnified in their impact as they affect critical OS functionality. Any departure in system behaviour from historical norm due to OpenRC changes usually comes with a portage warning, but not this time.[1]  I can see from the links Charles has shared (thank you) that the efibootmgr wiki has been updated and eventually the HandBook will be updated so this will deal with new installs and users, but I think a portage news item would have helped to inform the rest of us during an update.

[1] As an example I recall 'OpenRC 0.22 updates'. 
-- 
Kind regards,
Mick
Comment 5 William Hubbs gentoo-dev 2017-08-16 15:39:32 UTC
I actually wrote a newsitem, but several in the community felt that the
openrc NEWS and ChangeLog updates were sufficient [1].

[1]
https://archives.gentoo.org/gentoo-dev/message/35304b0db4de9e06fea322275379fa81
Comment 6 MickKi 2017-08-16 16:02:35 UTC
(In reply to William Hubbs from comment #5)
> I actually wrote a newsitem, but several in the community felt that the
> openrc NEWS and ChangeLog updates were sufficient [1].
> 
> [1]
> https://archives.gentoo.org/gentoo-dev/message/
> 35304b0db4de9e06fea322275379fa81

Thanks William, Rich shared your news item in the gentoo-user mailing list.  All these sources of information are sufficient for devs who use such sources exhaustively and remain valuable for users who come across them.  Every day sysadmins only dip in & out when they have the time, or when ... they brake their systems. LOL! For them to be informed reliably before they impact their systems a portage news item is IMHO the best route.
-- 
Kind regards,
Mick
Comment 7 MickKi 2017-08-18 07:55:38 UTC
Hi All, 

It was mentioned in the gentoo-user M/L that Linus set a subset of EFI variables as immutable in the kernel:

https://github.com/torvalds/linux/commit/ed8b0de5a33d

Not sure if this means the mounting of efivarfs as 'ro' is even necessary, but either way a warning for the user is necessary to know what to do when running boot manager commands which affect the efivarfs.
-- 
Kind regards,
Mick
Comment 8 William Hubbs gentoo-dev 2017-10-12 17:03:09 UTC
There was actually a newsitem posted to -dev, and there was some
controversy about whether a newsitem was necessary for this since
the upstream NEWS.md and ChangeLog at the time cover it [1].

I am closing this as worksforme for now based on the discussion on the
thread which I am citing in this comment.

[1] https://archives.gentoo.org/gentoo-dev/message/35304b0db4de9e06fea322275379fa81