Zesko
January 28, 2024, 10:19am
18
pebcak:
swh:
ryzen bootctl[758]: ! Mount point '/efi' which backs the random seed file is world accessible, which is a security hole! !
ryzen bootctl[758]: ! Random seed file '/efi/loader/random-seed' is world accessible, which is a security hole!
For this, see:
I needed to recreate my systemd-boot’s EFI boot entry in an oldish system converted from Grub. I did a sudo bootctl install and I got the output here below: Copied “/usr/lib/systemd/boot/efi/systemd-bootx64.efi” to “/efi/EFI/systemd/systemd-bootx64.efi”. Copied “/usr/lib/systemd/boot/efi/systemd-bootx64.efi” to “/efi/EFI/BOOT/BOOTX64.EFI”. warning Mount point ‘/efi’ which backs the random seed file is world accessible, which is a security hole! warning warning Random seed file ‘/efi/loader/random-seed’ is wo…
Add fmask=0077,dmask=0077 instead of fmask=0137,dmask=0027, because 0077 has more restriction of root permission than others. It is default for FAT32 on the esp partition. AFAIK.
Note: fmask=0077,dmask=0077 is the same as umask=0077 that is an abbreviation.
https://www.kernel.org/doc/Documentation/filesystems/vfat.txt