[JdeBP]

Here are some interesting items to think about.

Here's OpenRC also mounting this filesystem read-write, since 2013:

* https://github.com/OpenRC/openrc/blob/e52b5f59c22283b22e2b5a...

* https://github.com/OpenRC/openrc/commit/02a7d3573d551c5d169e...

Here's a Debian bug from a year and a half later, asking for systemd to do the same on Debian Linux:

* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773533

And here's Finnbarr P. Murphy in 2012 explaining the whitelisting that the old efivars system imposed upon variable access, stating that this system "should be retired", and questioning why these checks are not performed in applications-mode code rather than in kernel-mode code. I suspect that a lot of people can now answer that question, with hindsight. (-:

* http://blog.fpmurphy.com/2012/12/efivars-and-efivarfs.html

[digi_owl]

One thing of note is that OpenRC is done via shell script, so going in and adding a ro option should be straight forward.

With systemd it is done in the C code of their init binary, thus you have to work around it by a remount on fstab.