(In reply to Chester Lin from comment #17) > BTW, MokUtil shouldn't be able to create any EFI variable to uboot because > uboot has not yet supported SetVariable [EFI_RT_SUPPORTED_SET_VARIABLE, > 0x0040] in its real-time services table. See: > > https://github.com/u-boot/u-boot/blob/v2022.04/lib/efi_loader/efi_runtime. > c#L124 Well, mokutil can't, it errors out, but it thinks it can because as it seems the efivar library authors haven't thought about the possibility that efivarfs could be read-only and only check if it exists (this function gets called when the library gets initialized) which is then relied upon by mokutil. https://github.com/rhboot/efivar/blob/main/src/efivarfs.c#L67