On Fri, 23 Jun 2023 at 15:55, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> With the revert applied, the kernel/EFI stub only consumes the
> variable and deletes it, but never creates it by itself, and so the
> code does nothing if the variable is never created in the first place.
Right.
But my *point* was that if we want to create it, we DAMN WELL DO NOT
WANT TO DO SO AT BOOT TIME.
Boot time is absolutely the worst possible time to do it.
We'd be much better off doing so at shutdown time, when we at least
have (a) maximal entropy and (b) failures are less critical.
Jason's argument against that was pure and utter BS.
Now, there are real arguments against shutdown time: it too is
horrible to debug. So shutdown is not exactly great either. It's
better than bootup, but it really would be better to do it at a point
where we can actually get reasonable results out if something goes
wrong. Which it clearly did.
Linus
