I'm not sure I follow. systemd-boot supposedly writes a counter (where if not on disk?), so it knows which kernel to load. I don't want it to touch my disk, except for loading the kernel.

Unix principles have nothing to do with reality, they are general guidelines for INSANE software development. The people postulating them happened to be working on Unix systems back then which is why Unix never managed to offer a productive and user-friendly desktop platform.

There, that's probably a lot more accurate.

It can be stored in the motherboard's flash memory. Here's an entry from the "Features" section of Wikipedia's Unified Extensible Firmware Interface (UEFI) page:

As in the example of crash messages, the whole point is to store simple information when it's not safe or not possible to manipulate the hard drives.

...and it's not as if storing a byte-sized counter is going to tax it. As I remember, to qualify for Windows Logo certification, a motherboard must have at least 120K of space for UEFI variables.

Have you read what they actually are? They're pretty well agreed upon by the software engineering world... it's just that they don't say much about how an OS written by and for programmers in the pre-GUI era must also be friendly to non-programmers in the GUI era. That's outside their scope.

This is how said principles were described in 1978. What specific complaints do you have against them?
In modern terms, you could think of them like this:

Everything beyond that is specific people's interpretations of what those mean, written in the 1990s and beyond.

Heck, the criticism mentioned on the Wikipedia page from 1981 is exactly what I said: That the UNIX Philosophy considers user interface design to be an out-of-scope problem.

(And I don't see that as a problem. I certainly wouldn't expect a set of Human Interface Guidelines to chime in on how to architect an OS kernel. If anything, keeping the UNIX Philosophy narrowly focused on a specific area of interest is perfectly in line with its attitude toward keeping programs narrowly focused.)

That is not how it works. If you are happily running kernel 4.4 then that version is blessed. The boot-counting and reverting to the blessed version only happens when you install a new kernel (at which point only the new kernel is marked for boot counting).

Also this is optional.

It's the boot loader that performs the write of the counter and not systemd so once you enter recovery mode there will be no writes to your disk.

This is the work flow:

It can but it's not. systemd-boot uses filerenames as a way to keep the counter and does not store a counter as such, from the FAQ:

There is often an amount of nonvolatile registers in basic hardware components, I implemented such a scheme on the Realtime-clock of some SOCs. Also, if there is a spec for bootloaders you probably could implement some few KB of memory that survives a reset.
I dont think systemd will go at such a scheme as it obviously cant keep track across a shutdown, but the real meaty part would be the part thats added in the bootloader spec so atleast the standard bootloaders can deal with fallback-schemes.

systemd-boot does not have any kind of access to the OS partition as it can only read FAT32 using UEFI's default drivers.

https://github.com/systemd/systemd/b..._ASSESSMENT.md
Its covered here. It writing the counter into the EFI partition by file renames. Personally I would prefer that it started with
filename+3-0 as starting. So the rename by bootloader does not have to change the file name. Even more if the counter was a counter file not the boot information file.

The implementation has allowed for other boot-loaders providing their own versions of boot failure counting.