Running

Running rm -rf / on any UEFI Linux distro can potentially perma-brick your system, Windows PCs also vulnerable

Running a trivial rm -rf/ on your UEFI Linux distro can permanently brick it. The problem comes down to UEFI variables being mounted with read/write permissions and when recursively deleting everything, the UEFI variables get wiped too.

For the uninitiated, UEFI is Unified Extensible Firmware Interface, a specification that defines a software interface between an operating system and platform firmware. UEFI replaces the Basic Input/Output System (BIOS) firmware interface originally present in all IBM PC-compatible personal computers, with most UEFI firmware implementations providing legacy support for BIOS services.

Most newer system utilizing UEFI, running rm -rf / is enough to permanently brick the Linux based systemWindows and other operating systems are also prone to this issue when using UEFI. The problem comes down to UEFI variables being mounted with read/write permissions and when recursively deleting everything, the UEFI variables get wiped too. Systemd developers have rejected mounting the EFI variables as read-only, since there are valid use-cases for writing to them. Mounting them read-only can also break other applications, so for now there is no good solution to avoid potentially bricking your system, but kernel developers are investigating the issue.

An user, Laloch detailed this systemd bug report on GitHub requesting that UEFI variables be mounted as read-only by default. To his query, Lennart Poettering said,

“Well, there are tools that actually want to write it. We also expose /dev/sda accessible for root, even though it can be used to hose your system. The ability to hose a system is certainly reason enough to make sure it’s well protected and only writable to root. But beyond that: root can do anything really.”

He then closed the ticket.

Matthew Garrett who is also often involved in the UEFI Linux situation tweeted, “systemd is not responsible for allowing kernel code that I wrote to destroy your shitty firmware. I think you get to blame me instead.” It’s not a systemd-specific issue at all but any distribution (or operating system for that matter) mounting EFI variables not as read-only.

Matthew added that with about 20 lines of code anybody can brick a Windows based system also. He points out that mounting EFI variables as read-only could break some user-space applications and isn’t the solution to the problem. Right now nobody has answers for this unique problem and till such time a patch is issued all UEFI Linux system are at risk from bricking.

For now, you dont want to rm -rf / your Linux system if using modern UEFI hardware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here