![](https://seccdn.libravatar.org/avatar/008a8db3f6a813af5f8064f2be96e100.jpg?s=120&d=mm&r=g)
On Wed, 20 Mar 2024 22:05:15 +0300, Andrei Borzenkov wrote:
(Current) Linux kernel keeps safety margin of 5K. You may force it into using all available space with efi_no_storage_paranoia kernel parameter, but please keep in mind that this parameter was introduced after actual case of bricking laptops.
https://mjg59.dreamwidth.org/22855.html
It was made less aggressive as initially it reserved 50%, but still you never know what happens if you drive firmware to the extreme.
That's good to know. I'll keep that in my back pocket for further discussion with them.
I suppose, removing some variables whose existence is taken for granted by firmware may well do it. I vaguely remember having seen something like this. dbx should not be essential, but how knows.
Actually you should not be able to remove dbx, as for the others ...
https://www.reddit.com/r/linux/comments/43ls7j/ no_post_after_rm_rf_systemd_uefi/
Yeah, I saw reports of that kind of thing, which is why I hesitate to just start nuking things without knowing what I'm doing. ;)
I had seen something on another type of system (a Lenovo laptop) about there maybe being an option in the UEFI settings to restore factory keys - and if that option exists, that might be an approach that works.
(https://github.com/fwupd/fwupd/issues/5603 is where that comment is)
Yes, this may help, but it means you will lose all EFI configuration (boot entries, shim certificates etc).
As I don't have secure boot enabled at present, the shim certificates are probably less important, though, right? -- Jim Henderson Please keep on-topic replies on the list so everyone benefits