diff options
Diffstat (limited to 'recipes-core/initrdscripts/README.md')
-rw-r--r-- | recipes-core/initrdscripts/README.md | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/recipes-core/initrdscripts/README.md b/recipes-core/initrdscripts/README.md new file mode 100644 index 0000000..a038dfa --- /dev/null +++ b/recipes-core/initrdscripts/README.md @@ -0,0 +1,162 @@ +# meta-readonly-rootfs-overlay + +This OpenEmbedded layer provides the necessary scripts and configurations to +setup a writable root file system overlay on top of a read-only root file system. + +## Why does this exists? + +Having a read-only root file system is useful for many scenarios: + +- Separate user specific changes from system configuration, and being able to +find differences +- Allow factory reset, by deleting the user specific changes +- Have a fallback image in case the user specific changes made the root file +system no longer bootable. + +Because some data on the root file system changes on first boot or while the +system is running, just mounting the complete root file system as read-only +breaks many applications. There are different solutions to this problem: + +- Symlinking/Bind mounting files and directories that could potentially change +while the system is running to a writable partition +- Instead of having a read-only root files system, mounting a writable overlay +root file system, that uses a read-only file system as its base and writes +changed data to another writable partition. + +To implement the first solution, the developer needs to analyse which file +needs to change and then create symlinks for them. When doing factory reset, +the developer needs to overwrite every file that is linked with the factory +configuration, to avoid dangling symlinks/binds. While this is more work on the +developer side, it might increase the security, because only files that are +symlinked/bind-mounted can be changed. However, IMO that is better left to file +permissions. + +This meta-layer provides the second solution. Here no investigation of writable +files are needed and factory reset can be done by just deleting all files or +formatting the writable volume. + +# Dependencies + +This layer depends on: + +``` + URI: git://git.openembedded.org/bitbake + branch: krogoth +``` + +``` + URI: git://git.openembedded.org/openembedded-core + layers: meta + branch: krogoth +``` + +# Patches + +Please submit any patches against the readonly-rootfs-overlay layer via pull +request. + + +# Table of Contents + +1. [Adding the readonly-rootfs-overlay layer to your build](#adding-the-readonly-rootfs-overlay-layer-to-your-build) +1. [Read-only root filesystem](#read-only-root-filesystem) +1. [Kernel command line parameters](#kernel-command-line-parameters) + + +## Adding the readonly-rootfs-overlay layer to your build + +In order to use this layer, you need to make the build system aware of +it. + +Assuming the readonly-rootfs-overlay layer exists at the top-level of your +OpenEmbedded source tree, you can add it to the build system by adding the +location of the readonly-rootfs-overlay layer to bblayers.conf, along with any +other layers needed. e.g.: + +``` + BBLAYERS ?= " \ + /path/to/layers/meta \ + /path/to/layers/meta-poky \ + /path/to/layers/meta-yocto-bsp \ + /path/to/layers/meta-readonly-rootfs-overlay \ + " +``` + +To add the script to your image, just add: + +``` + IMAGE_INSTALL_append = " initscripts-readonly-rootfs-overlay" +``` + +to your `local.conf` or image recipe. Or use +`core-image-rorootfs-overlay-initramfs` as initrd. + +## Read-only root filesystem + +If you use this layer you do *not* need to set `read-only-rootfs` in the +`IMAGE_FEATURES` or `EXTRA_IMAGE_FEATURES` variable. + +## Kernel command line parameters + +These examples are not meant to be complete. They just contain parameters that +are used by the initscript of this repository. Some additional paramters might +be necessary. + +### Example using initrd: + +``` +root=/dev/sda1 rootrw=/dev/sda2 +``` + +This cmd line start `/sbin/init` with the `/dev/sda1` partition as the read-only +rootfs and the `/dev/sda2` partition as the read-write persistent state. + +``` +root=/dev/sda1 rootrw=/dev/sda2 init=/bin/sh +``` + +The same as before but it now starts `/bin/sh` instead of `/sbin/init`. + +### Example without initrd: + +``` +root=/dev/sda1 rootrw=/dev/sda2 init=/init +``` + +This cmd line starts `/sbin/init` with `/dev/sda1` partition as the read-only +rootfs and the `/dev/sda2` partition as the read-write persistent state. When +using this init script without an initrd, `init=/init` has to be set. + +``` +root=/dev/sda1 rootrw=/dev/sda2 init=/init rootinit=/bin/sh +``` + +The same as before but it now starts `/bin/sh` instead of `/sbin/init` + +### Details + +`root=` specifies the read-only root file system device. If this is not +specified, the current rootfs is used. + +`rootfstype=` if support for the read-only file system is not build into the +kernel, you can specify the required module name here. It will also be used in +the mount command. + +`rootoptions=` specifies the mount options of the read-only file system. +Defaults to `noatime,nodiratime`. + +`rootinit=` if the `init` parameter was used to specify this init script, +`rootinit` can be used to overwrite the default (`/sbin/init`). + +`rootrw=` specifies the read-write file system device. If this is not +specified, `tmpfs` is used. + +`rootrwfstype=` if support for the read-write file system is not build into the +kernel, you can specify the required module name here. It will also be used in +the mount command. + +`rootrwoptions=` specifies the mount options of the read-write file system. +Defaults to `rw,noatime,mode=755`. + +`rootrwreset=` set to `yes` if you want to delete all the files in the +read-write file system prior to building the overlay root files system. |