Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Simplified UEFI disk partitioning guide for amd64
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
ali3nx
l33t
l33t


Joined: 21 Sep 2003
Posts: 722
Location: Winnipeg, Canada

PostPosted: Mon Oct 29, 2018 6:16 pm    Post subject: Simplified UEFI disk partitioning guide for amd64 Reply with quote

Many people first installing gentoo or even veterans of gentoo that have completed dozens of installs successfully that are just learning uefi boot disk partitioning config often reference the gentoo install handbook. The handbook has always been a fantastic addition to the gentoo which did not exist whatsoever when I initially began to undertake the challenge of learning to build a functional bootable gentoo install more than a decade ago.

The handbook however specific to uefi boot partition config topics is unclear about several key issues surrounding the recommended default disk partition config for anyone wanting to utilize ONLY uefi boot.

https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Disks#Default_partitioning_scheme

Among the confusions i've witnessed reported by many users in #gentoo irc chat is often complete confusion regarding why is there two boot partitions offered in the default partition config example "when i only want to use uefi boot". This topic also confused me when I was initially learning uefi bios boot disk partition config.

The answer largely is that four disk partitions as offered by the handbook default config example is not necessary for a pure uefi boot install setup where legacy boot will never be used.

Quote:
I have build about a half-dozen Gentoo systems, all using legacy BIOS. A UEFI build will be new for me.


UEFI gentoo installs are so simple that when i completed my first one and looked at what i had accomplished the most challenging and ironically simple thing to come to terms with was that correct disk partitioning is the first requirement for uefi boot to function and the first disk partition must be fat32 formatted.

Yes fat32.. that one blew my mind the most.

Disk paritioning considerations


Using parted to make your partition layout you only require a minimum of two partitions for uefi boot to be functional or three of you want a swap partition which can still be wise as a disaster mitigation strategy for OOM Killer or if you want to use hibernation.

512 MB partition size is used in the example for /dev/sda1 to entirely mitigate any concern with needing to rearrange disk partition sizes at later date if the esp uefi partition was configured too small.

Users may wish to switch from using grub bootloader to using efistub boot instead which would store kernel binaries on the esp uefi boot partition.

https://wiki.gentoo.org/wiki/EFI_stub_kernel

Ensuring adequate disk partition size will create adequate disk space on /dev/sda1 to accommodate future config alterations should they be desired.

Disk partitioning using Parted

Here's the general parted commands i typically use to create a uefi compatible partition layout using parted

start parted with optimal partition boundary sector alignment for optimal performance

Code:
parted -a optimal /dev/sdX


or if you have an nvme ssd

Code:
parted -a optimal /dev/nvmeXXX



Parted disk partition creation commands

adjust the desired size of the swap partition in megabytes to match ram size if you need more swap or wish to use hibernation

partition size values default to megabytes in cli parted.

Code:
mklabel gpt 
mkpart esp fat32 0% 513 
mkpart swap linux-swap 513 2561 
mkpart rootfs btrfs 2561 100% 
set 1 boot on




K.I.S.S uefi compatible partition layout

Code:
parted /dev/sda print

Model: ATA WDC WD2003FZEX-0 (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system     Name    Flags
 1      1049kB  538MB   537MB   fat32           esp     boot, esp
 2      538MB   4832MB  4294MB  linux-swap(v1)  swap
 3      4832MB  2000GB  1996GB  btrfs            rootfs



With the above examples completed you now have a fully functional bootable disk partition config that still requires filesystem formatting.

using grub-install or efibootmgr the efi boot binary will be installed in /boot/efi as the only existing file.

Code:
tree /boot/efi/

/boot/efi/
`-- efi
    `-- gentoo
        `-- grubx64.efi

2 directories, 1 file


Kernel binary and grub bootloader config will be installed on the ext4 partition at /dev/sda3.

This is wise for several reasons two of which are ext4 supports filesystem acl's and xattr user security permissions that fat32 is too unintelligent to recognize. The Linux kernel native source directory provided make install command to install and manage kernel binary symlinks will also still function should that be desired.

If fat32 was used for kernel binary storage using the make install command to install kernel binaries may not function correctly.

Code:
# ls -l /boot/

total 71544
drwxr-xr-x 3 root root    4096 Dec 31  1969 efi
-rw-r--r-- 1 root root 3801710 Aug 12 12:20 System.map-4.14.61-gentoo
-rw-r--r-- 1 root root 3779041 Aug 12 09:20 System.map-4.14.61-gentoo.old
-rw-r--r-- 1 root root 3984308 Aug 14 22:15 System.map-4.18.0-gentoo
-rw-r--r-- 1 root root 3944535 Oct 26 12:26 System.map-4.19.0-gentoo
-rw-r--r-- 1 root root 3012142 Oct 27 20:00 System.map-4.19.0-gentoo-27-oct-2018
-rw-r--r-- 1 root root 3947540 Oct 25 22:35 System.map-4.19.0-gentoo.old
-rw-r--r-- 1 root root  118107 Aug 12 12:20 config-4.14.61-gentoo
-rw-r--r-- 1 root root  118073 Aug 12 09:20 config-4.14.61-gentoo.old
-rw-r--r-- 1 root root  118984 Aug 14 22:15 config-4.18.0-gentoo
-rw-r--r-- 1 root root  116010 Oct 26 12:26 config-4.19.0-gentoo
-rw-r--r-- 1 root root  107429 Oct 27 20:00 config-4.19.0-gentoo-27-oct-2018
-rw-r--r-- 1 root root  116120 Oct 25 22:35 config-4.19.0-gentoo.old
drwxr-xr-x 6 root root    4096 Oct 27 20:02 grub
-rw-r--r-- 1 root root 7974864 Aug 12 12:20 vmlinuz-4.14.61-gentoo
-rw-r--r-- 1 root root 7913424 Aug 12 09:20 vmlinuz-4.14.61-gentoo.old
-rw-r--r-- 1 root root 8364080 Aug 14 22:15 vmlinuz-4.18.0-gentoo
-rw-r--r-- 1 root root 9306256 Oct 26 12:26 vmlinuz-4.19.0-gentoo
-rw-r--r-- 1 root root 7177360 Oct 27 20:00 vmlinuz-4.19.0-gentoo-27-oct-2018
-rw-r--r-- 1 root root 9310352 Oct 25 22:35 vmlinuz-4.19.0-gentoo.old


Filesystem Formatting

To complete the filesystem preparations the following commands will complete this task.

In the command examples we use fat32 for /dev/sda1 and ext4 for /dev/sda3

Code:
mkfs.vfat -F 32 /dev/sda1
mkswap /dev/sda2
mkfs.btrfs /dev/sda3


FC Wat do!? My fstab example is from the last century!

One other thing you really want to try with uefi boot is using UUID based disk mounts in fstab. with GPT partition labels using uuid disk mount ID's has become the preference for uefi boot setups.

Code:
# blkid
/dev/sda1: UUID="77A1-1E9F" TYPE="vfat" PARTLABEL="ESP" PARTUUID="cefa4dd4-94c6-47c9-aa77-5d9ba976f8a4"
/dev/sda2: UUID="5b9bbf2a-4842-4439-99e5-10549eee8c3e" TYPE="swap" PARTLABEL="swap" PARTUUID="96e97a1d-d5dd-4e06-bf41-d3bcb4cd8f54"
/dev/sda3: UUID="c73b7d61-2bc4-416c-9238-d6494394d75d" TYPE="ext4" PARTLABEL="rootfs" PARTUUID="c189b859-a40f-4311-b234-2b351e750081"


blkid command offers the correct UUID disk partition identifiers specific to your hard disk or ssd which can then be used to configure /etc/fstab



"defaults" is used as mount options in this example to permit the filesystem driver of choice to autodetect which mount options are most desirable. many people still hardcode some filesystem mount options omitting the use of "defaults" instead using mount options such as "noatime" for ext4 and friends which can have merits however is generally a config example in many fstab files that was accepted so widely that it was also accepted as what should be the default choice in every use case situation. This however is more often than not as beneficial as allowing the file system driver to autodetect the most desired defaults.

Code:
cat /etc/fstab

UUID=77A1-1E9F                                                            /boot/efi               vfat            noauto,defaults 1 2
UUID=c73b7d61-2bc4-416c-9238-d6494394d75d             /                            ext4           defaults             0 1
UUID=5b9bbf2a-4842-4439-99e5-10549eee8c3e              none                     swap           sw                    0 0
UUID=75a471c3-75f2-41c8-bd49-5384f49bf1d8               /home                   ext4            defaults             0 1

#/dev/cdrom             /mnt/cdrom      auto            noauto,ro       0 0


But i still don't understand where is the MBR?

Also last thing to wrap your nugget around with uefi boot is the "bootloader" isn't the disk MBR. when you configure grub (i still greatly prefer just using grub bootloader) grub interfaces with efibootmgr which creates a boot entry in the bios firmware pointing towards a kernel binary in the ESP uefi boot partition.

The firmware boot config can be altered from any superuser account using efibootmgr and to mention there's a lot of important stuff in the efivars filesystem would be stating that mildly.

Code:
# efibootmgr
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0000,0002,0003,0004
Boot0000* gentoo
Boot0002* Windows Boot Manager
Boot0003* UEFI: IP4 Intel(R) Ethernet Connection (H) I219-V
Boot0004* UEFI: IP6 Intel(R) Ethernet Connection (H) I219-V


efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)

# ls -l /sys/firmware/efi/
total 0
-r--r--r--  1 root root 4096 Oct 29 17:50 config_table
drwxr-xr-x  2 root root    0 Oct 27 15:32 efivars
drwxr-xr-x  3 root root    0 Oct 29 17:50 esrt
-r--r--r--  1 root root 4096 Oct 29 17:50 fw_platform_size
-r--r--r--  1 root root 4096 Oct 29 17:50 fw_vendor
-r--r--r--  1 root root 4096 Oct 29 17:50 runtime
drwxr-xr-x 13 root root    0 Oct 29 17:50 runtime-map
-r--------  1 root root 4096 Oct 29 17:50 systab
drwxr-xr-x 85 root root    0 Oct 29 17:50 vars

# ls -l /sys/firmware/efi/vars/
total 0
drwxr-xr-x 2 root root 0 Oct 29 17:51 AmiEntryS3Addr-074e1e48-8132-47a1-8c2c-3f14ad9a66dc
drwxr-xr-x 2 root root 0 Oct 29 17:51 AuditMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 BiosEventLog-4034591c-48ea-4cdc-864f-e7cb61cfd0f2
drwxr-xr-x 2 root root 0 Oct 29 17:51 Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 BootFromUSB-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 CMOSfailflag-c89dc9c7-5105-472c-a743-b1621e142b41
drwxr-xr-x 2 root root 0 Oct 29 17:51 ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 CpuSetupVolatileData-b08f97ff-e6e8-4193-a997-5e9e9b0adb32
drwxr-xr-x 2 root root 0 Oct 29 17:51 CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
drwxr-xr-x 2 root root 0 Oct 29 17:51 dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
drwxr-xr-x 2 root root 0 Oct 29 17:51 dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 DefaultBootOrder-45cf35f6-0d6e-4d04-856a-0370a5b16f53
--w------- 1 root root 0 Oct 29 17:51 del_var
drwxr-xr-x 2 root root 0 Oct 29 17:51 DeployedMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 DeploymentModeNv-97e8965f-c761-4f48-b6e4-9ffa9cb2a2d6
drwxr-xr-x 2 root root 0 Oct 29 17:51 DnsAddress-519fbe61-6f75-4417-ac06-427aa426dfff
drwxr-xr-x 2 root root 0 Oct 29 17:51 Ep-73dad563-8f27-42af-918f-8651eb0a93ef
drwxr-xr-x 2 root root 0 Oct 29 17:51 EPCBIOS-c60aa7f6-e8d6-4956-8ba1-fe26298f5e87
drwxr-xr-x 2 root root 0 Oct 29 17:51 ErrOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 FirstBootFlag-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 FPDT_Volatile-01368881-c4ad-4b1d-b631-d57a8ec8db6b
drwxr-xr-x 2 root root 0 Oct 29 17:51 FPLayoutOrder-4db88a62-6721-47a0-9082-280b00323594
drwxr-xr-x 2 root root 0 Oct 29 17:51 FTMActiveFlag-4034591c-48ea-4cdc-864f-e7cb61cfd0f2
drwxr-xr-x 2 root root 0 Oct 29 17:51 HiiDB-1b838190-4625-4ead-abc9-cd5e6af18fe0
drwxr-xr-x 2 root root 0 Oct 29 17:51 HwMonitor-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 IntUcode-eda41d22-7729-5b91-b3ee-ba619921cefa
drwxr-xr-x 2 root root 0 Oct 29 17:51 KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 Kernel_ATPSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 Kernel_EntRevokeSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 Kernel_RvkSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 Kernel_SiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 Kernel_SkuSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 Kernel_WinSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b
drwxr-xr-x 2 root root 0 Oct 29 17:51 LoaderEntryRebootReason-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
drwxr-xr-x 2 root root 0 Oct 29 17:51 LSI_MR_DEVICE_EXPOSURE-5b6a5a3a-7db5-44f4-92a9-f0c162dd6374
drwxr-xr-x 2 root root 0 Oct 29 17:51 MaximumTableSize-4b3082a3-80c6-4d7e-9cd0-583917265df1
drwxr-xr-x 2 root root 0 Oct 29 17:51 MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829
drwxr-xr-x 2 root root 0 Oct 29 17:51 MemoryOverwriteRequestControlLock-bb983ccf-151d-40e1-a07b-4a17be168292
drwxr-xr-x 2 root root 0 Oct 29 17:51 MonotonicCounter-01368881-c4ad-4b1d-b631-d57a8ec8db6b
drwxr-xr-x 2 root root 0 Oct 29 17:51 MyFav-4034591c-48ea-4cdc-864f-e7cb61cfd0f2
drwxr-xr-x 2 root root 0 Oct 29 17:51 NBGopPlatformData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
--w------- 1 root root 0 Oct 29 17:51 new_var
drwxr-xr-x 2 root root 0 Oct 29 17:51 NVRAM_Verify-15a9dd61-e4f8-4a99-80db-353b13d76490
drwxr-xr-x 2 root root 0 Oct 29 17:51 OfflineUniqueIDRandomSeedCRC-eaec226f-c9a3-477a-a826-ddc716cdc0e3
drwxr-xr-x 2 root root 0 Oct 29 17:51 OfflineUniqueIDRandomSeed-eaec226f-c9a3-477a-a826-ddc716cdc0e3
drwxr-xr-x 2 root root 0 Oct 29 17:51 OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 PBRDevicePath-a9b5f8d2-cb6d-42c2-bc01-b5ffaae4335e
drwxr-xr-x 2 root root 0 Oct 29 17:51 PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 PreVgaInfo-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 SetupACPIRAM-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 SetupAPMFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 SetupCpuFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 SetUpdateCountVar-81c76078-bfde-4368-9790-570914c01a65
drwxr-xr-x 2 root root 0 Oct 29 17:51 SetupHWMFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
drwxr-xr-x 2 root root 0 Oct 29 17:51 SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 SmbiosEntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1
drwxr-xr-x 2 root root 0 Oct 29 17:51 SmbiosScratchBuffer-4b3082a3-80c6-4d7e-9cd0-583917265df1
drwxr-xr-x 2 root root 0 Oct 29 17:51 SmbiosV3EntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1
drwxr-xr-x 2 root root 0 Oct 29 17:51 SOFTWAREGUARDSTATUS-9cb2e73f-7325-40f4-a484-659bb344c3cd
drwxr-xr-x 2 root root 0 Oct 29 17:51 TbtHRStatusVar-ba1d893b-803e-4b26-a3de-585703ff7bd6
drwxr-xr-x 2 root root 0 Oct 29 17:51 Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 UIT_DATA-fe47349a-7f0d-4641-822b-34baa28ecdd0
drwxr-xr-x 2 root root 0 Oct 29 17:51 UIT_HEADER-fe47349a-7f0d-4641-822b-34baa28ecdd0
drwxr-xr-x 2 root root 0 Oct 29 17:51 UnlockIDCopy-eaec226f-c9a3-477a-a826-ddc716cdc0e3
drwxr-xr-x 2 root root 0 Oct 29 17:51 VendorKeys-8be4df61-93ca-11d2-aa0d-00e098032b8c
drwxr-xr-x 2 root root 0 Oct 29 17:51 WriteOnceStatus-4b3082a3-80c6-4d7e-9cd0-583917265df1



Considering the Advantages to this UEFI boot setup

A few beneficial considerations for why having a separate efi boot esp partition that will only be used for the efi boot binary


1) Added security precautions

efivars filesystem is how the OS install as a whole directly interfaces with the motherboard bios firmware. If this efi variables filesystem is configured to permit write access the bios firmware and boot entries can be modified using efibootmgr.

With ext4 used for kernel binary and grub config storage filesystem acl and xattrs security permissions can be used which may be desirable for some security hardened or shared user environment use case scenarios. If a system compromise occurred there could be benefits to having not utilized fat32 for kernel binary or bootloader config storage.

2) Don't brick me baby!

There also has been several concerns in the past with uefi boot software vulnerability issues where a hostile agent or a simple user mistake could have bricked a motherboard with uefi boot activated

https://linux.slashdot.org/story/16/02/01/1357237/running-rm--rf--is-now-bricking-linux-systems

User mistakes aside if a uefi boot install is ever compromised having easily available access to the efi bios boot binary in /boot or an auto mounted /boot/EFI partition could more easily permit the efi boot binary to be corrupted or modified.

Worst case scenario it's perhaps plausible that a modified efi boot binary could brick a motherboard without a system administrator ever having noticed in advance. Not leaving the efi boot binary accessible to non root users mitigates and increases the difficulty of such an attack being possible due to the ESP boot partition being unmounted when updating the efi boot binary is unnecessary.
_________________
Compiling Gentoo since version 1.4
Thousands of Gentoo Installs Completed
Emerged on every continent but Antarctica
Compile long and Prosper!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum