For the uninitiated, UEFI is Unified Extensible Firmware Interface, a specification that defines a software interface between an operating system and platform firmware. UEFI replaces the Basic Input/Output System (BIOS) firmware interface originally present in all IBM PC-compatible personal computers, with most UEFI firmware implementations providing legacy support for BIOS services. Most newer system utilizing UEFI, running rm -rf / is enough to permanently brick the Linux based system. Windows and other operating systems are also prone to this issue when using UEFI. The problem comes down to UEFI variables being mounted with read/write permissions and when recursively deleting everything, the UEFI variables get wiped too. Systemd developers have rejected mounting the EFI variables as read-only, since there are valid use-cases for writing to them. Mounting them read-only can also break other applications, so for now there is no good solution to avoid potentially bricking your system, but kernel developers are investigating the issue. An user, Laloch detailed this systemd bug report on GitHub requesting that UEFI variables be mounted as read-only by default. To his query, Lennart Poettering said, He then closed the ticket. Matthew Garrett who is also often involved in the UEFI Linux situation tweeted, “systemd is not responsible for allowing kernel code that I wrote to destroy your shitty firmware. I think you get to blame me instead.” It’s not a systemd-specific issue at all but any distribution (or operating system for that matter) mounting EFI variables not as read-only.
— Matthew Garrett (@mjg59) January 30, 2016 Matthew added that with about 20 lines of code anybody can brick a Windows based system also. He points out that mounting EFI variables as read-only could break some user-space applications and isn’t the solution to the problem. Right now nobody has answers for this unique problem and till such time a patch is issued all UEFI Linux system are at risk from bricking. For now, you dont want to rm -rf / your Linux system if using modern UEFI hardware.
