Jetson Read Only Root Filesystem

From RidgeRun Developer Wiki




Introduction

This wiki follows the example setup of a Jetson using a read-only root filesystem.

By keeping the filesystem in a RO state, the likelihood of corrupted data during an unexpected shutdown will be reduced.

The OS will, however, needs to create and edit some files, in order to achieve this the overlayroot utility can be used so that a second partition is an overlay that will "absorb" all the needed write changes, while at the same time being completely transparent to the user.

Multiple partitions setup

The default setup of a Jetson will have a single rootfs partition. This section details how to flash a Jetson device (in particular a TX2) with multiple partitions. In the next section, one of these will mount the root FS and the second one will mount the overlay root.

Do note that this is only an example, and the overlay partition can be located on another partition or device such as an SD or an SSD. If you already have access to these partitions for the overlay you can skip to the next section by making the appropriate changes.

Create the following file in $L4T_DEVDIR: 

cp bootloader/t186ref/cfg/flash_l4t_t186.xml bootloader/t186ref/cfg/flash_l4t_t186_ro_rootfs.xml

And apply the following change on the new file: 

*** flash_l4t_t186.xml
--- flash_l4t_t186_ro_rootfs.xml
***************
*** 231,237 ****
          <partition name="APP" type="data">
              <allocation_policy> sequential </allocation_policy>
              <filesystem_type> basic </filesystem_type>
+             <size> APPSIZE </size>
              <file_system_attribute> 0 </file_system_attribute>
              <allocation_attribute> 0x8 </allocation_attribute>
              <percent_reserved> 0 </percent_reserved>
--- 231,237 ----
          <partition name="APP" type="data">
              <allocation_policy> sequential </allocation_policy>
              <filesystem_type> basic </filesystem_type>
-             <size> 15032385536 </size>
              <file_system_attribute> 0 </file_system_attribute>
              <allocation_attribute> 0x8 </allocation_attribute>
              <percent_reserved> 0 </percent_reserved>
***************
*** 242,247 ****
--- 242,258 ----
                after `primary_GPT` so that it can be accessed as the fixed known special device
                `/dev/mmcblk0p1`. </description>
          </partition>
+         <partition name="overlay_app" type="data">
+             <allocation_policy> sequential </allocation_policy>
+             <filesystem_type> basic </filesystem_type>
+             <size> 15032385536 </size>
+             <file_system_attribute> 0 </file_system_attribute>
+             <allocation_attribute> 0x8 </allocation_attribute>
+             <percent_reserved> 0 </percent_reserved>
+             <align_boundary> 4096 </align_boundary>
+             <description> Empty partition to allow for separate ro-rootfs .It can be accessed as the fixed known special device
+               `/dev/mmcblk0p2`. </description>
+         </partition>
          <partition name="MBPNAME" type="MBPTYPE" oem_sign="true">
              <allocation_policy> sequential </allocation_policy>
              <filesystem_type> basic </filesystem_type>


Run the following command to flash the board with a rootfs partition and a separate overlay partition: 

sudo ./flash.sh -c bootloader/t186ref/cfg/flash_l4t_t186_ro_rootfs.xml jetson-tx2 mmcblk0p1

Once the device has booted, run the following command: 

sudo mkfs -t ext4 /dev/mmcblk0p2

to format the secondary partition

Configure the TX2 with the rootfs as a RO partition

This section will go over the configuration of the Jetson with one portion being RO and the second partition working as a readable overlay. 

sudo apt install overlayroot


This will create the /etc/overlayroot.conf , the file itself has a lot of explanation on the configuration, in order to enable the overlay it should be changed to: 

overlayroot="/dev/mmcblk0p2"
overlayroot_cfgdisk="enabled"


The device can be changed to any other device. Also, the configuration can be set in the overlayroot.local.conf file instead so that dpkg doesn’t overwrite the file when the utility is updated.


That config file isn't enough for overlayroot, we need some modification so that the utility is called during boot.

  • Create the following files:

Create a init.patch file with the following content: 

*** init.orig  
--- init      
***************
*** 218,223 ****
--- 218,226 ----
  mount -o bind /proc /mnt/proc;
  mount -o bind /sys /mnt/sys;
  mount -o bind /dev/ /mnt/dev;
+
+ . /scripts/init-overlayroot.sh
+
  cd /mnt;
  cp /etc/resolv.conf etc/resolv.conf


Create an scripts/init-overlayroot.sh 

if ! mount -o remount,ro /mnt; then
  echo "ERROR: remounting /mnt fail..." > /dev/kmsg;
  exec /bin/bash;
fi

if ! insmod "/mnt/lib/modules/$(uname -r)/kernel/fs/overlayfs/overlay.ko"; then
  echo "ERROR: insmod overlay.ko fail..." > /dev/kmsg;
  exec /bin/bash;
fi

export rootmnt=/mnt
bash /scripts/overlayroot


Create an update_initramfs.sh file with the following content: 

#!/bin/bash

tmpdir=$(mktemp -d)
trap "rm -r $tmpdir" EXIT

if [ ! -f /boot/initrd.orig ]; then
  cp -p /boot/initrd /boot/initrd.orig
fi

zcat /boot/initrd.orig |(cd $tmpdir; cpio -id)

(cd $tmpdir; cp -p /bin/kmod bin)
(cd $tmpdir; ln -s /bin/kmod sbin/modprobe)
(cd $tmpdir; ln -s /bin/kmod sbin/lsmod)
(cd $tmpdir; ln -s /bin/kmod sbin/insmod)
(cd $tmpdir; cp -p /bin/uname bin)
(cd $tmpdir; cp -p /bin/dash bin)
(cd $tmpdir; ln -s /bin/dash bin/sh)

(cd $tmpdir; mkdir scripts)
(cd $tmpdir; cp -p /usr/share/initramfs-tools/scripts/functions scripts)
(cd $tmpdir; cp -p /usr/share/initramfs-tools/scripts/init-bottom/overlayroot scripts)
cp scripts/init-overlayroot.sh $tmpdir/scripts

cat init.patch |(cd $tmpdir; patch)

(cd $tmpdir; find . | cpio -R 0:0 -o -H newc) | gzip > /boot/initrd
  • Copy all files to the same directory/subdirectory
  • Run the update_initramfs.sh

After reboot the RO only configuration should be loaded and shown as follows: 

/dev/mmcblk0p1 /media/root-ro ext4 ro,relatime,data=ordered 0 0
overlayroot / overlay rw,relatime,lowerdir=/media/root-ro,upperdir=/media/root-rw/overlay,workdir=/media/root-rw/overlay-workdir/_ 0 0
none /media/root-ro/dev devtmpfs rw,relatime,size=3638716k,nr_inodes=909679,mode=755 0 0
/dev/mmcblk0p2 /media/root-rw ext4 rw,relatime,data=ordered 0 0

Notes

As per the updated fstab: The original entry for / and other mounts have been updated to be placed under /media/root-ro. To permanently modify this (or any other file), you should change root into a writable view of the underlying filesystem using: 

sudo overlayroot-chroot

References

https://forums.developer.nvidia.com/t/tx1-using-overlayroot-for-read-only-filesystem/49050/13?page=2


For direct inquiries, please refer to the contact information available on our Contact page. Alternatively, you may complete and submit the form provided at the same link. We will respond to your request at our earliest opportunity.


Links to RidgeRun Resources and RidgeRun Artificial Intelligence Solutions can be found in the footer below.

COMPANY

SUPPORT

ARTIFICIAL INTELLIGENCE

© 2024 RidgeRun. All rights reserved.


Retrieved from "https://developer.ridgerun.com/wiki/index.php?title=Jetson_Read_Only_Root_Filesystem&oldid=62894"