kernel-packages team mailing list archive

Thread
Date

[Bug 1223195] [NEW] efivarfs built as a module in saucy, so not mounted at boot

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
Date: Tue, 10 Sep 2013 06:26:33 -0000
Reply-to: Bug 1223195 <1223195@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The efivarfs driver in the saucy amd64 kernel is built as a module
instead of being built in. As a consequence, when mountall checks
/proc/filesystems to see what optional filesystems are supported, it
doesn't find efivarfs there and efivarfs is never mounted at boot.  This
in turn means that secureboot-db will not be able to apply secureboot
database updates to firmware, potentially leaving systems vulnerable to
boot exploits.

This used to all work in raring and earlier, where efivarfs was built
into the kernel (which was the only option).  Please fix the config to
make efivarfs built-in again (CONFIG_EFIVARFS=y).

For reference, please note that any kernel filesystem that mountall has
flagged as "optional" in /lib/init/fstab must be a built-in driver in
order to get the correct results.  In addition to efivarfs, this
includes debugfs, securityfs, spufs, binfmt_misc, and fusectl.

** Affects: linux (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: linux (Ubuntu Saucy)
     Importance: High
         Status: Triaged

** Changed in: linux (Ubuntu)
   Importance: Undecided => High

** Changed in: linux (Ubuntu)
       Status: New => Triaged

** Changed in: linux (Ubuntu)
    Milestone: None => ubuntu-13.10

** Also affects: linux (Ubuntu Saucy)
   Importance: High
       Status: Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1223195

Title:
  efivarfs built as a module in saucy, so not mounted at boot

Status in “linux” package in Ubuntu:
  Triaged
Status in “linux” source package in Saucy:
  Triaged

Bug description:
  The efivarfs driver in the saucy amd64 kernel is built as a module
  instead of being built in. As a consequence, when mountall checks
  /proc/filesystems to see what optional filesystems are supported, it
  doesn't find efivarfs there and efivarfs is never mounted at boot.
  This in turn means that secureboot-db will not be able to apply
  secureboot database updates to firmware, potentially leaving systems
  vulnerable to boot exploits.

  This used to all work in raring and earlier, where efivarfs was built
  into the kernel (which was the only option).  Please fix the config to
  make efivarfs built-in again (CONFIG_EFIVARFS=y).

  For reference, please note that any kernel filesystem that mountall
  has flagged as "optional" in /lib/init/fstab must be a built-in driver
  in order to get the correct results.  In addition to efivarfs, this
  includes debugfs, securityfs, spufs, binfmt_misc, and fusectl.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1223195/+subscriptions

Follow ups

[Bug 1223195] Re: efivarfs built as a module in saucy, so not mounted at boot
From: Launchpad Bug Tracker, 2013-09-11
[Bug 1223195] Re: efivarfs built as a module in saucy, so not mounted at boot
From: Tim Gardner, 2013-09-10
[Bug 1223195] Re: efivarfs built as a module in saucy, so not mounted at boot
From: Joseph Salisbury, 2013-09-10
[Bug 1223195] Re: efivarfs built as a module in saucy, so not mounted at boot
From: Tim Gardner, 2013-09-10
[Bug 1223195] [NEW] efivarfs built as a module in saucy, so not mounted at boot
From: Steve Langasek, 2013-09-10

References

[Bug 1223195] [NEW] efivarfs built as a module in saucy, so not mounted at boot
From: Steve Langasek, 2013-09-10