Read-only file-system on yocto

Mihai picture Mihai · Apr 13, 2016 · Viewed 9.6k times · Source

i have a few questions about the "read-only-rootfs" feature from the yocto project, the documentation is not that helpful unfortunately.

So adding that to the EXTRA_IMAGE_FEATURES makes the yocto fs read only, but in:

5.15.3. Areas With Write Access

With the read-only-rootfs feature enabled, any attempt by the target to
write to the root filesystem at runtime fails. Consequently, you must make
sure that you configure processes and applications that attempt these types
of writes do so to directories with write access (e.g. /tmp or /var/run).

they say that some areas could be made rw, but they are not providing extra information about this.

What i want to achieve is all of the operations, processes and stuff to be loaded in RAM and the SD-Card should remain untouched, as if it was after flasing, not writing a single bit on it. But the user should have the possibility to turn a specific folder(memory area) on the sd-card rw when ever he wants and write something, then turn the system read-only again.

Does someone did this by any chance? you will be helping me a lot.

Answer

g0hl1n picture g0hl1n · Apr 28, 2016

By default Yocto should create all needed RW mounts as tmpfs. These are located in the RAM and therefore volatile (deleted at shutdown/reboot).

To store data persistently I've implemented following approach:

  • The RootFS is on a RO mounted partition of the persistent memory. This partition stays "untouched" during runtime.
  • Data which needs to be changed/written during runtime (like configs, logs, etc.) is stored on a second partition of the persistent memory. This partition in mounted RW.
  • Configs which are by default on the RootFS, but needs to be changed are moved to the second partition and replaced by Symlinks to those files.
  • The second partition is auto-mounted using a custom fstab file, which is added through a base-files_*.bbappend.

There may be other approaches to accomplish the same, but this solution is working without difficulty for years now ;-)