A little background information; I'm trying to make a small embedded system (Beaglebone Black) with a read-only main boot drive (eMMC or SD card). And by read-only, I mean that there are no writes to the device, and a checksum of the entire drive (using /dev device directly) doesn't change.
Set up FreeBSD, with a boot msdos (fat32lba) partition, and root partition, and a usr partition. All mounted read-only in fstab.
The msdos and usr partitions stay completely persistent across reboots. A md5 checksum of the whole /dev device stays the same. However, the root partition changes, even though it is mounted read-only.
So I did a little digging using a plain old x86 Virtualbox image. Set the root partition to be read-only and rebooted a couple times taking checksums. I think the issue is with the filesystem metadata. Here is what I found:
1) Booting into single-user mode doesn't change the filesystem at all or the underlying block device (checksum stays persistent). Checking the filesystem metadata (dumpfs / | head) shows that the last mounted time doesn't change.
2) Continuing into multi-user mode does change the filesystem. It updates the last-mounted time, even though it is mounting it read-only.
Is this the intended behavior? To me, a read-only filesystem should include the metadata, and not do any writes to the underlying device, but perhaps I am wrong about that.
Is the kernel sneaking in a read-write remount of the root filesystem before finally mounting it read-only?
What do I need to do to truly prevent any changes to the underlying block device?
Thanks,
Set up FreeBSD, with a boot msdos (fat32lba) partition, and root partition, and a usr partition. All mounted read-only in fstab.
The msdos and usr partitions stay completely persistent across reboots. A md5 checksum of the whole /dev device stays the same. However, the root partition changes, even though it is mounted read-only.
So I did a little digging using a plain old x86 Virtualbox image. Set the root partition to be read-only and rebooted a couple times taking checksums. I think the issue is with the filesystem metadata. Here is what I found:
1) Booting into single-user mode doesn't change the filesystem at all or the underlying block device (checksum stays persistent). Checking the filesystem metadata (dumpfs / | head) shows that the last mounted time doesn't change.
2) Continuing into multi-user mode does change the filesystem. It updates the last-mounted time, even though it is mounting it read-only.
Is this the intended behavior? To me, a read-only filesystem should include the metadata, and not do any writes to the underlying device, but perhaps I am wrong about that.
Is the kernel sneaking in a read-write remount of the root filesystem before finally mounting it read-only?
What do I need to do to truly prevent any changes to the underlying block device?
Thanks,