Hi @misc Today I was trying to delete EFI variables and got EPERM.
After some investigation I found at efi.c the below code
efiioc_var_set(struct efi_softc *sc, void *data)
...
if (securelevel > 0) {
error = EPERM;
goto leave;
}
So maybe a statement can be added to the securelevel(7) man page
saying that setting and deleting (or simply changing? basically it's
the same operation) EFI variables when securelevel is 1 or higher is
not allowed.
Regards.
