Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751395AbcCWVHs (ORCPT ); Wed, 23 Mar 2016 17:07:48 -0400 Received: from mail-wm0-f51.google.com ([74.125.82.51]:37493 "EHLO mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750909AbcCWVHr (ORCPT ); Wed, 23 Mar 2016 17:07:47 -0400 Date: Wed, 23 Mar 2016 21:07:45 +0000 From: Matt Fleming To: Mario Limonciello Cc: LKML , Matthew Garrett , Peter Jones Subject: Re: [PATCH] Add fwupdate and Mok GUID's to the EFI variable immutable whitelist Message-ID: <20160323210745.GJ11676@codeblueprint.co.uk> References: <1458682653-25831-1-git-send-email-mario_limonciello@dell.com> <56F20129.9020202@dell.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <56F20129.9020202@dell.com> User-Agent: Mutt/1.5.24+41 (02bc14ed1569) (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 909 Lines: 19 On Tue, 22 Mar, at 09:36:25PM, Mario Limonciello wrote: > > Actually, I think this patch should be discarded unless there is a > desire to make the kernel work with older userspace tools. > > I later realized that efivar 0.22 will actually handle working with > immutable variables properly. This means that mokutil 0.2 won't work > with this kernel commit, but mokutil 0.3 which uses efivar > (https://github.com/lcp/mokutil/commit/7b49e834284659527c9f7cf554f223748c00564b) > should work properly. > > fwupdate works properly in most instances except for an install time > cleanup script that removes stale variables. This is fixed with a > trivial change: > https://github.com/rhinstaller/fwupdate/pull/50/commits/535d3a0f9c096d452cc7e2b5be79cf964e2d6d5b Indeed. Given that the kernel patch works around such a serious problem, I'm inclined to encourage distributions to upgrade mokutil and fwupdate.