I’m in the process of creating an image suitable for flashing onto some devices at manufacturing time (RaspberryPi 3 based). Due to time constraints I am initially focusing on getting a reliable update mechanism so that the first image flashed on allows the device to be later updated to a fully-functioning device. Mender is a fantastic project and I am thoroughly enjoying using it and I greatly appreciate the ability to update (almost) everything. However, since some things cannot be (safely) modified after the manufacturing flashing I’m keen to ensure that these parts are as correct as they can be.
At the moment the rootfs is read-write, but we will eventually ship out an update to switch to a read-only rootfs. In all situations the Mender Yocto layer does not set the boot filesystem to be read-only, which seems somewhat dangerous considering it is FAT. Is there any reason why the boot filesystem cannot be set to read-only? Obviously it is possible to ship an update to /etc/fstab in a future update - so it is not necessary to bake in a read-only boot filesystem right now, but I want to make sure that nothing else in the boot filesystem needs to change to support switching to read-only boot filesystem at a later stage.
I don’t know of any reason that it cannot be mounted read-only. In general we try not to make policy decisions in the default Mender configuration, and in most systems the default from the vendor is to have everything read-write. I suspect making the boot partition read-only would likely be acceptable as the default, so if you have a chance to test it and want to submit a pull request that would be great.
Yes, the boot partition only needs to be read/write on boards that use UEFI booting, which RaspberryPi does not, ATM. In this case the boot information is stored on the boot partition. But for U-Boot, which RPi uses, this information is stored in raw partition space.
Thanks for the affirmation @drewmoseley and @kacf, it’s good to know that it should work.
Since my initial post I’ve realised that the ability to set the boot filesystem to read-only was added in https://github.com/mendersoftware/meta-mender/pull/859 (by being able to specify mount options in a BB variable). I have been using the ‘warrior’ branch of meta-mender, as that matches the yocto release I am using. For now I’ve cherry-picked the commit that adds in the new variable onto the warrior branch in a fork of the repo. Is there a process for back-porting changes to branches like ‘warrior’? Should I submit a pull request with the cherry-picked commit to the warrior branch?
Normally we don’t cherry-pick new additions to stable branches, but I think we can make an exception in this case, given how small it is. So yes, feel free to submit a pull request. Please use the -x option when you cherry-pick to get the original SHA.