How to safely set, change, remove values of EFI variables

1

After spending hours debugging a problem where systemd-boot started skipping its boot menu and in general ignoring its configuration file /loader/loader.conf (on the EFI partition), I've discovered that I can invoke the boot menu by pressing down some key at start-up, and that the problem is caused by certain EFI variable which I have apparently inadvertently created. (I do not know how this happened, but the issue appeared shortly after I re-installed Ubuntu 18.04.1 on one partition.)

In particular, I've discovered that had the variable LoaderConfigTimeout-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f set to 0 somehow, which overrode the timeout defined in /loader/loader.conf, and I also had the variable LoaderEntryDefault-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f defined, which was overriding the default menu entry set in /loader/loader.conf.

See the bottom of "systemd-boot UEFI Boot Manager" page on freedesktop.org for the list of EFI variables used by systemd-boot. Their values can be inspected with, for example

cat /sys/firmware/efi/efivars/LoaderConfigTimeout-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f

After I made the boot menu appear by pressing some key, and then pressed d twice to set and unset a new default entry, this removed my LoaderEntryDefault-... variable. However, I am still stuck with LoaderConfigTimeout-.... I know that I can change the timeout by using t T(Shift-t) keys in the menu, which modifies LoaderConfigTimeout-..., but I want to remove it altogether, so that the configuration in /loader/loader.conf be used again.

What is the correct and safe way to modify and unset EFI variables, such as LoaderConfigTimeout-...?

Alexey

Posted 2018-08-04T18:10:29.567

Reputation: 857

Possible duplicate of Tools to modify UEFI Variables in Windows/Linux?

– harrymc – 2018-08-04T19:10:13.070

Similar, but somewhat confusing and not really duplicate, i think. I am asking specifically about variables visible in /sys/firmware/efi/efivars under Linux, not about issues with legacy/non-legacy modes. – Alexey – 2018-08-04T21:49:35.273

Answers

2

In systemd-boot, press ShiftT or Num - enough times that the setting reaches zero, and one more time to unset it completely removing the variable.

On Linux, first use chattr -i on the /sys/… file to remove the kernel-applied protection, then use rm to delete the variable entirely.

In the UEFI Shell, use dmpstore -d <name> (with optional -guid <guid>) to delete a variable (see documentation in UEFI Shell Spec 2.0, page 113).

user1686

Posted 2018-08-04T18:10:29.567

Reputation: 283 655

Indeed, i've just discovered it myself that Shift-t does the job for LoaderConfigTimeout-.... About removing arbitrary EFI variables with chattr -i and rm, how safe is it? How can I know which variables are safe to remove? See, for example, the discussion about issue #2402 for systemd on GitHub.

– Alexey – 2018-08-04T21:55:27.017

Search for its name and/or vendor guid. If you find documentation about what it's doing, decide whether that's an important function. If you don't, then assume it's used by the firmware for possibly critical purposes. – user1686 – 2018-08-04T22:09:45.490

Asked: 2018-08-04T18:10:29.567

Viewed: 3 290 times

Active: 2018-08-04T21:55:52.383