Arnt Karlsen <arnt@???> writes:


[...]

>> > /sys/firmware/ and everything in it is mounted rw on my Gigabyte
>> > legacy board with Devuan installed.
>>
>> That's true on my non=efi system, too, but it has
>> no /sys/firmware/efi.
>
> ..can an efi board set up with legacy boot and running e.g. sys-v,
> be tricked into bricking itself e.g. by reading an "ad" flash movie
> off a web site and writing it into a new bad /sys/firmware/efi and
> then "try" a kexec reboot? Etc?

As far as I remember, I'm using an EFI-capable system in legacy mode[*]
and the efivarfs module can't be inserted into my kernel. It's rejected
with

ERROR: could not insert 'efivarfs': No such device

But this may be different on other systems and there's reportedly also a
/sys-based older interface for accessing the EFI variable service. It
should be possible to test this with

modprobe efivarfs

one could also remove the module (mine is called

4.5.0-rc2-net/kernel/fs/efivarfs/efivarfs.ko

) or compile a kernel without support for the efivarfs (File systems/
Pseudo filesystems/ EFI Variable filesystem) or without any support for
EFI runtime services (Processor type and features/ EFI runtime service
support)

[*] I installed that by taking the disk out and connecting it to my former
    work computer, followed by copying the old system and then switched
    everything off which looked unfamiliar/ fishy during first boot of the
    new one without paying much attention to that.