Bug#1109864: systemd-boot: postinst fails when EFI variables cannot be written

[Pascal Hambourg]

On Fri, 25 Jul 2025 11:30:39 +0200 
=?utf-8?q?Sofus_Albert_H=C3=B8gsbro_Rose?= <debianbug at sofusrose.com> wrote:
> ...
> Failed to write 'LoaderSystemToken' EFI variable: No such file or directory
> ...
> 
> From my own testing, I'm relatively certain that this error originates with `bootctl install`. This tracks with the documentation of that option.
> 
> Now, obviously, in this context, it's quite a good thing that writing an EFI variable fails while still on the host (indeed, success would be worrying!).  What makes this a package bug is that `dpkg` escalates this to a `postinst` failure.
I have the same issue on my armhf board booting with U-Boot EFI 
services. efivars is mounted read-only and remounting it read-write 
fails with the following kernel error: "Firmware does not support 
SetVariableRT. Can not remount with rw".

Interestingly, running the postinst script again will return success 
because it detects that systemd-boot is installed in the ESP and runs 
"bootctl update --graceful" instead of "bootctl install".

It is expected that some EFI platforms do not have persistent storage 
for EFI variables, so couldn't the postinst script run "bootctl install" 
with --no-variables if efivars is mounted read-only ?