SlideShare ist ein Scribd-Unternehmen logo

Read-only rootfs: theory and practice

Chris Simmonds
Chris Simmonds

Configuring an embedded Linux system with a read-only rootfs has many advantages: reduced wear on flash memory; easier to update and trivial factory reset being among them. This presentation shows you how

Software
1 von 25
Downloaden Sie, um offline zu lesen
Read-only rootfs Theory and practice Chris Simmonds Embedded Linux Conference Europe 2016 Read-only rootfs 1 Copyright © 2011-2016, 2net Ltd
License These slides are available under a Creative Commons Attribution-ShareAlike 3.0 license. You can read the full text of the license here http://creativecommons.org/licenses/by-sa/3.0/legalcode You are free to • copy, distribute, display, and perform the work • make derivative works • make commercial use of the work Under the following conditions • Attribution: you must give the original author credit • Share Alike: if you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one (i.e. include this page exactly as it is) • For any reuse or distribution, you must make clear to others the license terms of this work Read-only rootfs 2 Copyright © 2011-2016, 2net Ltd
About Chris Simmonds • Consultant and trainer • Author of Mastering Embedded Linux Programming • Working with embedded Linux since 1999 • Android since 2009 • Speaker at many conferences and workshops "Looking after the Inner Penguin" blog at http://2net.co.uk/ https://uk.linkedin.com/in/chrisdsimmonds/ https://google.com/+chrissimmonds Read-only rootfs 3 Copyright © 2011-2016, 2net Ltd
Overview • Why you need a read-only rootfs • Where it all goes wrong • Putting it right Read-only rootfs 4 Copyright © 2011-2016, 2net Ltd
Why you need a read-only rootfs • Reduce wear on flash memory • Eliminate system file corruption • Avoid accidents • Enable rootfs image to be updated (manually or OTA) • Make reset to factory defaults much easier Read-only rootfs 5 Copyright © 2011-2016, 2net Ltd
Where it all goes wrong • You can’t just mount the rootfs ro • Some files have to be created or updated at runtime • Examples: • Passwords • Random seed • SSH keys • Network configuration • wpa_supplicant parameters Read-only rootfs 6 Copyright © 2011-2016, 2net Ltd
Categories of storage Non-volatile: flash memory Volatile: tmpfs Rootfs: read-only User data read-write Temporary files: read-write Read-only rootfs 7 Copyright © 2011-2016, 2net Ltd
Becoming stateless • The state (stuff that changes) is either • Non-volatile: state that needs to be preserved • Volatile: state that is only needed for the session • To create a stateless rootfs: • Move non-volatile state into an area of permanent storage reserved for that purpose • Move Volatile state to temporary storage (tmpfs RAM disk) Read-only rootfs 8 Copyright © 2011-2016, 2net Ltd
The ideal of a stateless rootfs • No state stored in rootfs • Each component can revert to sensible default configuration if there is no local configuration Read-only rootfs 9 Copyright © 2011-2016, 2net Ltd
Factory reset • Just wipe the non-volatile state Read-only rootfs 10 Copyright © 2011-2016, 2net Ltd
System update • Simply write a new rootfs image • Two common mechanisms: • A/B rootfs partitions : A is live while B is being updated, then swap • Or, normal/recovery rootfs: boot into the recovery rootfs to update the normal rootfs Read-only rootfs 11 Copyright © 2011-2016, 2net Ltd
Identifying state • Which files are being written to? • And by whom? • Tools • diskstats • block_dump Read-only rootfs 12 Copyright © 2011-2016, 2net Ltd
diskstats • /proc/diskstats contains information about disk reads and writes • Useful stuff is field 1: reads completed and field 5: writes completed • Format is documented in Documentation/iostats.txt • vmstat -d prints the same information but better • Example # cat /proc/diskstats 179 0 mmcblk0 2640 543 48969 207880 127 171 596 9990 0 26380 217830 179 1 mmcblk0p1 99 0 1169 6260 0 0 0 0 0 1790 6260 179 2 mmcblk0p2 2118 425 39212 160130 118 170 576 9860 0 23250 169950 179 3 mmcblk0p3 97 0 2088 15510 0 0 0 0 0 1860 15510 179 4 mmcblk0p4 2 0 10 150 0 0 0 0 0 150 150 179 5 mmcblk0p5 271 118 5426 23540 9 1 20 130 0 2830 23670 Number of reads = 2640; Number of writes = 127 Read-only rootfs 13 Copyright © 2011-2016, 2net Ltd
block_dump • But, what is the cause of those writes? Which files? • Turn on block system kernel logging using block_dump • See Documentation/laptops/laptop-mode.txt in kernel source • Example (rootfs is on /dev/vda): # echo 1 > /proc/sys/vm/block_dump # echo hello > world.txt # dmesg sh(234): dirtied inode 701 (.ash_history) on vda sh(234): dirtied inode 701 (.ash_history) on vda sh(234): dirtied inode 701 (.ash_history) on vda sh(234): dirtied inode 694 (world.txt) on vda sh(234): dirtied inode 694 (world.txt) on vda jbd2/vda-8(78): WRITE block 802 on vda (2 sectors) jbd2/vda-8(78): WRITE block 804 on vda (2 sectors) Read-only rootfs 14 Copyright © 2011-2016, 2net Ltd
Logging block I/O from bootup • Set block_dump in early boot script (may need to bump the size of the kernel log buffer to capture everything) • Then filter out the junk: # dmesg | grep dirtied | grep "on vda" | sort chown(150): dirtied inode 548 (passwd) on vda dd(298): dirtied inode 716 (random-seed) on vda dd(298): dirtied inode 716 (random-seed) on vda dropbearkey(325): dirtied inode 717 (dropbear_rsa_host_key) on vda dropbearkey(325): dirtied inode 717 (dropbear_rsa_host_key) on vda gzip(197): dirtied inode 714 (udev-cache.tar.gz) on vda gzip(197): dirtied inode 714 (udev-cache.tar.gz) on vda gzip(197): dirtied inode 714 (udev-cache.tar.gz) on vda login(347): dirtied inode 543 (motd) on vda [...] Only the file name is displayed, not full path name, but it’s enough Read-only rootfs 15 Copyright © 2011-2016, 2net Ltd
Common problems • A lot of stuff happens on first boot • e.g. Dropbear writes SSH keys to /etc/dropbear, udev snapshot saved to /etc/udev-cache.tar.gz • Some of these things can be done at build time • Others need be changed to put stuff in a non-volatile state partition • System config, including network parameters • Saving random-seed • Log files Read-only rootfs 16 Copyright © 2011-2016, 2net Ltd
Putting it right • In reality, packages store state in various places • Pragmatic solutions include: • Adding symlinks from rootfs to non volatile storage: e.g. /etc to /data/etc • Using unionfs or similar to overlay rootfs with non volatile storage Read-only rootfs 17 Copyright © 2011-2016, 2net Ltd
Putting it right: first pass • Create a new partition for non-volatile state • For example /data (an idea borrowed from Android) • Remount rootfs readonly • Use tmpfs for volatile state (/run and /var/volatile) /etc/fstab /dev/root / auto defaults,ro 1 1 /dev/vdb /data ext4 defaults 0 0 tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0 tmpfs /var/volatile tmpfs defaults 0 0 [...] Read-only rootfs 18 Copyright © 2011-2016, 2net Ltd
log files • Many daemons write log files to /var/log • Including syslogd • Usually, such log files are unnecessary for embedded • Solution: make log files part of the volatile state by mounting a tmpfs on /var/log Poky core-image-minimal does this already: # ls -ld /var/log lrwxrwxrwx 1 root root 12 Oct 6 14:11 /var/log -> volatile/lo # mount tmpfs on /var/volatile type tmpfs (rw,relatime) Read-only rootfs 19 Copyright © 2011-2016, 2net Ltd
random-seed • Saving random-seed at shutdown is necessary when using /dev/urandom • Solution: make it part of non-volatile state by symlinking /var/lib/urandom to /data/var/lib/urandom • Or, modify the shell script that creates and restores random-seed Read-only rootfs 20 Copyright © 2011-2016, 2net Ltd
ssh keys • The Dropbear ssh daemon stores keys in /etc/dropbear or /var/lib/dropbear • Keys should be unique per device • Solution: either move to non-volatile state by symlinking /var/lib/dropbear to /data • Or, generate and pre load keys when device is provisioned Read-only rootfs 21 Copyright © 2011-2016, 2net Ltd
Doing less on first boot • Build packages with sensible defaults so they work without config files • Or, pre-load config files into the /data partition • Generate per-device configuration at build-time rather than at first-boot • Populate configuration files that are common for many packages (e.g. passwd, group with the composite requirements of all Read-only rootfs 22 Copyright © 2011-2016, 2net Ltd
What about Android/Brillo? Android is a good example • rootfs moved into /system, which is read only and stateless • Non-volatile state in /data • Has factory reset • Has OTA update Read-only rootfs 23 Copyright © 2011-2016, 2net Ltd
What about Yocto Project? Current versions of Yocto Project have a partial solution • Add to your config: IMAGE_FEATURES = "read-only-rootfs" • Sets ROOTFS_READ_ONLY=yes in /etc/default/rcS • Mounts rootfs ro and /var/lib as tmpfs • But, nowhere to store non volatile state Read-only rootfs 24 Copyright © 2011-2016, 2net Ltd
Conclusion • Read-only rootfs makes for better embedded systems • Make rootfs stateless by moving state into non-volatile and volatile filesystems • diskstats and block_dump will help identify state This and other topics associated with building robust embedded systems are coverred in my training courses http://www.2net.co.uk/training.html Read-only rootfs 25 Copyright © 2011-2016, 2net Ltd

Empfohlen

Debian or Yocto Project? Which is the best for your Embedded Linux project?
Debian or Yocto Project? Which is the best for your Embedded Linux project?Debian or Yocto Project? Which is the best for your Embedded Linux project?
Debian or Yocto Project? Which is the best for your Embedded Linux project?Chris Simmonds
 
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsXPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Chris Simmonds
 
Build your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto projectBuild your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto projectYen-Chin Lee
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux SystemJian-Hong Pan
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Linux field-update-2015
Linux field-update-2015Linux field-update-2015
Linux field-update-2015Chris Simmonds
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 

Empfohlen

Debian or Yocto Project? Which is the best for your Embedded Linux project?
Debian or Yocto Project? Which is the best for your Embedded Linux project?Debian or Yocto Project? Which is the best for your Embedded Linux project?
Debian or Yocto Project? Which is the best for your Embedded Linux project?Chris Simmonds
 
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsXPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM Systems
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Chris Simmonds
 
Build your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto projectBuild your own embedded linux distributions by yocto project
Build your own embedded linux distributions by yocto projectYen-Chin Lee
 
Launch the First Process in Linux System
Launch the First Process in Linux SystemLaunch the First Process in Linux System
Launch the First Process in Linux SystemJian-Hong Pan
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Linux field-update-2015
Linux field-update-2015Linux field-update-2015
Linux field-update-2015Chris Simmonds
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchlinuxlab_conf
 
Qemu
QemuQemu
QemuKoganti Ravikumar
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesLeon Anavi
 
Debugging ansible modules
Debugging ansible modulesDebugging ansible modules
Debugging ansible modulesaleonhardt
 
VPP事始め
VPP事始めVPP事始め
VPP事始めnpsg
 
10分で分かるLinuxブロックレイヤ
10分で分かるLinuxブロックレイヤ10分で分かるLinuxブロックレイヤ
10分で分かるLinuxブロックレイヤTakashi Hoshino
 
Reducing boot time in embedded Linux
Reducing boot time in embedded LinuxReducing boot time in embedded Linux
Reducing boot time in embedded LinuxChris Simmonds
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)RuggedBoardGroup
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Projectrossburton
 
Yocto project
Yocto projectYocto project
Yocto projectUniversity of Texas at Dallas
 
Software update for embedded systems - elce2014
Software update for embedded systems - elce2014Software update for embedded systems - elce2014
Software update for embedded systems - elce2014Stefano Babic
 
강좌 개요
강좌 개요강좌 개요
강좌 개요chcbaram
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd
 
05.2 virtio introduction
05.2 virtio introduction05.2 virtio introduction
05.2 virtio introductionzenixls2
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Jace Liang
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
KVM tools and enterprise usage
KVM tools and enterprise usageKVM tools and enterprise usage
KVM tools and enterprise usagevincentvdk
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] LimaAkihiro Suda
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」Naoya Kaneko
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of playChris Simmonds
 
Software update for IoT Embedded World 2017
Software update for IoT Embedded World 2017Software update for IoT Embedded World 2017
Software update for IoT Embedded World 2017Chris Simmonds
 

Weitere ähnliche Inhalte

Was ist angesagt?

Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchlinuxlab_conf
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesLeon Anavi
 
Debugging ansible modules
Debugging ansible modulesDebugging ansible modules
Debugging ansible modulesaleonhardt
 
VPP事始め
VPP事始めVPP事始め
VPP事始めnpsg
 
10分で分かるLinuxブロックレイヤ
10分で分かるLinuxブロックレイヤ10分で分かるLinuxブロックレイヤ
10分で分かるLinuxブロックレイヤTakashi Hoshino
 
Reducing boot time in embedded Linux
Reducing boot time in embedded LinuxReducing boot time in embedded Linux
Reducing boot time in embedded LinuxChris Simmonds
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)RuggedBoardGroup
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Projectrossburton
 
Software update for embedded systems - elce2014
Software update for embedded systems - elce2014Software update for embedded systems - elce2014
Software update for embedded systems - elce2014Stefano Babic
 
강좌 개요
강좌 개요강좌 개요
강좌 개요chcbaram
 
05.2 virtio introduction
05.2 virtio introduction05.2 virtio introduction
05.2 virtio introductionzenixls2
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Jace Liang
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
KVM tools and enterprise usage
KVM tools and enterprise usageKVM tools and enterprise usage
KVM tools and enterprise usagevincentvdk
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] LimaAkihiro Suda
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」Naoya Kaneko
 

Was ist angesagt? (20)

Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
 
Qemu
QemuQemu
Qemu
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux Devices
 
Debugging ansible modules
Debugging ansible modulesDebugging ansible modules
Debugging ansible modules
 
VPP事始め
VPP事始めVPP事始め
VPP事始め
 
10分で分かるLinuxブロックレイヤ
10分で分かるLinuxブロックレイヤ10分で分かるLinuxブロックレイヤ
10分で分かるLinuxブロックレイヤ
 
Reducing boot time in embedded Linux
Reducing boot time in embedded LinuxReducing boot time in embedded Linux
Reducing boot time in embedded Linux
 
Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)Embedded Linux BSP Training (Intro)
Embedded Linux BSP Training (Intro)
 
The Yocto Project
The Yocto ProjectThe Yocto Project
The Yocto Project
 
Yocto project
Yocto projectYocto project
Yocto project
 
Software update for embedded systems - elce2014
Software update for embedded systems - elce2014Software update for embedded systems - elce2014
Software update for embedded systems - elce2014
 
강좌 개요
강좌 개요강좌 개요
강좌 개요
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
 
05.2 virtio introduction
05.2 virtio introduction05.2 virtio introduction
05.2 virtio introduction
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 
KVM tools and enterprise usage
KVM tools and enterprise usageKVM tools and enterprise usage
KVM tools and enterprise usage
 
[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima
 
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
virtio勉強会 #1 「virtioの基本的なところ(DRAFT版)」
 

Andere mochten auch

Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of playChris Simmonds
 
Software update for IoT Embedded World 2017
Software update for IoT Embedded World 2017Software update for IoT Embedded World 2017
Software update for IoT Embedded World 2017Chris Simmonds
 
The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)Chris Simmonds
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOChris Simmonds
 
Kernel Recipes 2013 - Easy rootfs using Buildroot
Kernel Recipes 2013 - Easy rootfs using BuildrootKernel Recipes 2013 - Easy rootfs using Buildroot
Kernel Recipes 2013 - Easy rootfs using BuildrootAnne Nicolas
 
Android beyond the smartphone
Android beyond the smartphoneAndroid beyond the smartphone
Android beyond the smartphoneChris Simmonds
 
A timeline for embedded Linux
A timeline for embedded LinuxA timeline for embedded Linux
A timeline for embedded LinuxChris Simmonds
 
HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218
HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218
HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218HPCシステムズ株式会社
 
Userspace drivers-2016
Userspace drivers-2016Userspace drivers-2016
Userspace drivers-2016Chris Simmonds
 
FPGAX2016 ドキュンなFPGA
FPGAX2016 ドキュンなFPGAFPGAX2016 ドキュンなFPGA
FPGAX2016 ドキュンなFPGAHiroki Nakahara
 
10 ways hardware engineers can make software integration easier
10 ways hardware engineers can make software integration easier10 ways hardware engineers can make software integration easier
10 ways hardware engineers can make software integration easierChris Simmonds
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMSherif Mousa
 
OTT in Azerbaijan - Project Brief
OTT in Azerbaijan - Project BriefOTT in Azerbaijan - Project Brief
OTT in Azerbaijan - Project BriefFarhad Shahrivar
 
sasikumarj_resume
sasikumarj_resumesasikumarj_resume
sasikumarj_resumeSasi Kumar
 
Ensoft dvb 1
Ensoft dvb 1Ensoft dvb 1
Ensoft dvb 1sarge
 
Embedded linux barco-20121001
Embedded linux barco-20121001Embedded linux barco-20121001
Embedded linux barco-20121001Marc Leeman
 
Assistencia geologica
Assistencia geologicaAssistencia geologica
Assistencia geologicacrom68
 

Andere mochten auch (20)

Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
 
Software update for IoT Embedded World 2017
Software update for IoT Embedded World 2017Software update for IoT Embedded World 2017
Software update for IoT Embedded World 2017
 
The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)The end of embedded Linux (as we know it)
The end of embedded Linux (as we know it)
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIO
 
Kernel Recipes 2013 - Easy rootfs using Buildroot
Kernel Recipes 2013 - Easy rootfs using BuildrootKernel Recipes 2013 - Easy rootfs using Buildroot
Kernel Recipes 2013 - Easy rootfs using Buildroot
 
Android beyond the smartphone
Android beyond the smartphoneAndroid beyond the smartphone
Android beyond the smartphone
 
A timeline for embedded Linux
A timeline for embedded LinuxA timeline for embedded Linux
A timeline for embedded Linux
 
自称IQ診断 --- いわゆる頭の体操
自称IQ診断 --- いわゆる頭の体操自称IQ診断 --- いわゆる頭の体操
自称IQ診断 --- いわゆる頭の体操
 
HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218
HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218
HPCで使えそうなFPGA搭載AWS F1 インスタンス_20161218
 
Userspace drivers-2016
Userspace drivers-2016Userspace drivers-2016
Userspace drivers-2016
 
FPGAX2016 ドキュンなFPGA
FPGAX2016 ドキュンなFPGAFPGAX2016 ドキュンなFPGA
FPGAX2016 ドキュンなFPGA
 
10 ways hardware engineers can make software integration easier
10 ways hardware engineers can make software integration easier10 ways hardware engineers can make software integration easier
10 ways hardware engineers can make software integration easier
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
 
How To Handle An IRD Audit - Atainz
How To Handle An IRD Audit - AtainzHow To Handle An IRD Audit - Atainz
How To Handle An IRD Audit - Atainz
 
OTT in Azerbaijan - Project Brief
OTT in Azerbaijan - Project BriefOTT in Azerbaijan - Project Brief
OTT in Azerbaijan - Project Brief
 
sasikumarj_resume
sasikumarj_resumesasikumarj_resume
sasikumarj_resume
 
Ensoft dvb 1
Ensoft dvb 1Ensoft dvb 1
Ensoft dvb 1
 
Embedded linux barco-20121001
Embedded linux barco-20121001Embedded linux barco-20121001
Embedded linux barco-20121001
 
Assistencia geologica
Assistencia geologicaAssistencia geologica
Assistencia geologica
 
Linux Workshop , Day 3
Linux Workshop , Day 3Linux Workshop , Day 3
Linux Workshop , Day 3
 

Ähnlich wie Read-only rootfs: theory and practice

The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsThe Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsBill Malchisky Jr.
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015Chris Tankersley
 
Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Balena
 
The Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux KernelThe Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux KernelYasunori Goto
 
Hortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices WorkshopHortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices WorkshopHortonworks
 
RH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux CertificationRH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux CertificationIsabella789
 
RH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux CertificationRH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux CertificationIsabella789
 
RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)
RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)
RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)Isabella789
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Rh202 q&a-demo-cert magic
Rh202 q&a-demo-cert magicRh202 q&a-demo-cert magic
Rh202 q&a-demo-cert magicEllina Beckman
 
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...The Linux Foundation
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
Dru lavigne servers-tutorial
Dru lavigne servers-tutorialDru lavigne servers-tutorial
Dru lavigne servers-tutorialDru Lavigne
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
FOSS_GNU/Linux
FOSS_GNU/LinuxFOSS_GNU/Linux
FOSS_GNU/LinuxYogesh Ks
 

Ähnlich wie Read-only rootfs: theory and practice (20)

The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsThe Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
 
Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015
 
Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...
 
The Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux KernelThe Forefront of the Development for NVDIMM on Linux Kernel
The Forefront of the Development for NVDIMM on Linux Kernel
 
Hortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices WorkshopHortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices Workshop
 
RH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux CertificationRH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux Certification
 
RH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux CertificationRH302 Exam-Red Hat Linux Certification
RH302 Exam-Red Hat Linux Certification
 
RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)
RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)
RH-302 Exam-Red Hat Certified Engineer on Redhat Enterprise Linux 4 (Labs)
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
Rh202 q&a-demo-cert magic
Rh202 q&a-demo-cert magicRh202 q&a-demo-cert magic
Rh202 q&a-demo-cert magic
 
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
 
Dru lavigne servers-tutorial
Dru lavigne servers-tutorialDru lavigne servers-tutorial
Dru lavigne servers-tutorial
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015
 
FOSS_GNU/Linux
FOSS_GNU/LinuxFOSS_GNU/Linux
FOSS_GNU/Linux
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
Linux
Linux Linux
Linux
 
Core os dna_oscon
Core os dna_osconCore os dna_oscon
Core os dna_oscon
 

Mehr von Chris Simmonds

Debugging embedded devices using GDB
Debugging embedded devices using GDBDebugging embedded devices using GDB
Debugging embedded devices using GDBChris Simmonds
 
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry PiRunning Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry PiChris Simmonds
 
Reducing the boot time of Linux devices
Reducing the boot time of Linux devicesReducing the boot time of Linux devices
Reducing the boot time of Linux devicesChris Simmonds
 
Android rpi-csimmonds-fosdem-2019
Android rpi-csimmonds-fosdem-2019Android rpi-csimmonds-fosdem-2019
Android rpi-csimmonds-fosdem-2019Chris Simmonds
 
Linux power management: are you doing it right?
Linux power management: are you doing it right?Linux power management: are you doing it right?
Linux power management: are you doing it right?Chris Simmonds
 
Embedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphoneEmbedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphoneChris Simmonds
 
Tuning Android for low RAM
Tuning Android for low RAMTuning Android for low RAM
Tuning Android for low RAMChris Simmonds
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesChris Simmonds
 

Mehr von Chris Simmonds (9)

Debugging embedded devices using GDB
Debugging embedded devices using GDBDebugging embedded devices using GDB
Debugging embedded devices using GDB
 
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry PiRunning Android on the Raspberry Pi: Android Pie meets Raspberry Pi
Running Android on the Raspberry Pi: Android Pie meets Raspberry Pi
 
Reducing the boot time of Linux devices
Reducing the boot time of Linux devicesReducing the boot time of Linux devices
Reducing the boot time of Linux devices
 
Android rpi-csimmonds-fosdem-2019
Android rpi-csimmonds-fosdem-2019Android rpi-csimmonds-fosdem-2019
Android rpi-csimmonds-fosdem-2019
 
Linux power management: are you doing it right?
Linux power management: are you doing it right?Linux power management: are you doing it right?
Linux power management: are you doing it right?
 
Embedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphoneEmbedded Android: Android beyond the smartphone
Embedded Android: Android beyond the smartphone
 
Tuning Android for low RAM
Tuning Android for low RAMTuning Android for low RAM
Tuning Android for low RAM
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot images
 

Kürzlich hochgeladen

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Kürzlich hochgeladen (20)

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Read-only rootfs: theory and practice

  • 1. Read-only rootfs Theory and practice Chris Simmonds Embedded Linux Conference Europe 2016 Read-only rootfs 1 Copyright © 2011-2016, 2net Ltd
  • 2. License These slides are available under a Creative Commons Attribution-ShareAlike 3.0 license. You can read the full text of the license here http://creativecommons.org/licenses/by-sa/3.0/legalcode You are free to • copy, distribute, display, and perform the work • make derivative works • make commercial use of the work Under the following conditions • Attribution: you must give the original author credit • Share Alike: if you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one (i.e. include this page exactly as it is) • For any reuse or distribution, you must make clear to others the license terms of this work Read-only rootfs 2 Copyright © 2011-2016, 2net Ltd
  • 3. About Chris Simmonds • Consultant and trainer • Author of Mastering Embedded Linux Programming • Working with embedded Linux since 1999 • Android since 2009 • Speaker at many conferences and workshops "Looking after the Inner Penguin" blog at http://2net.co.uk/ https://uk.linkedin.com/in/chrisdsimmonds/ https://google.com/+chrissimmonds Read-only rootfs 3 Copyright © 2011-2016, 2net Ltd
  • 4. Overview • Why you need a read-only rootfs • Where it all goes wrong • Putting it right Read-only rootfs 4 Copyright © 2011-2016, 2net Ltd
  • 5. Why you need a read-only rootfs • Reduce wear on flash memory • Eliminate system file corruption • Avoid accidents • Enable rootfs image to be updated (manually or OTA) • Make reset to factory defaults much easier Read-only rootfs 5 Copyright © 2011-2016, 2net Ltd
  • 6. Where it all goes wrong • You can’t just mount the rootfs ro • Some files have to be created or updated at runtime • Examples: • Passwords • Random seed • SSH keys • Network configuration • wpa_supplicant parameters Read-only rootfs 6 Copyright © 2011-2016, 2net Ltd
  • 7. Categories of storage Non-volatile: flash memory Volatile: tmpfs Rootfs: read-only User data read-write Temporary files: read-write Read-only rootfs 7 Copyright © 2011-2016, 2net Ltd
  • 8. Becoming stateless • The state (stuff that changes) is either • Non-volatile: state that needs to be preserved • Volatile: state that is only needed for the session • To create a stateless rootfs: • Move non-volatile state into an area of permanent storage reserved for that purpose • Move Volatile state to temporary storage (tmpfs RAM disk) Read-only rootfs 8 Copyright © 2011-2016, 2net Ltd
  • 9. The ideal of a stateless rootfs • No state stored in rootfs • Each component can revert to sensible default configuration if there is no local configuration Read-only rootfs 9 Copyright © 2011-2016, 2net Ltd
  • 10. Factory reset • Just wipe the non-volatile state Read-only rootfs 10 Copyright © 2011-2016, 2net Ltd
  • 11. System update • Simply write a new rootfs image • Two common mechanisms: • A/B rootfs partitions : A is live while B is being updated, then swap • Or, normal/recovery rootfs: boot into the recovery rootfs to update the normal rootfs Read-only rootfs 11 Copyright © 2011-2016, 2net Ltd
  • 12. Identifying state • Which files are being written to? • And by whom? • Tools • diskstats • block_dump Read-only rootfs 12 Copyright © 2011-2016, 2net Ltd
  • 13. diskstats • /proc/diskstats contains information about disk reads and writes • Useful stuff is field 1: reads completed and field 5: writes completed • Format is documented in Documentation/iostats.txt • vmstat -d prints the same information but better • Example # cat /proc/diskstats 179 0 mmcblk0 2640 543 48969 207880 127 171 596 9990 0 26380 217830 179 1 mmcblk0p1 99 0 1169 6260 0 0 0 0 0 1790 6260 179 2 mmcblk0p2 2118 425 39212 160130 118 170 576 9860 0 23250 169950 179 3 mmcblk0p3 97 0 2088 15510 0 0 0 0 0 1860 15510 179 4 mmcblk0p4 2 0 10 150 0 0 0 0 0 150 150 179 5 mmcblk0p5 271 118 5426 23540 9 1 20 130 0 2830 23670 Number of reads = 2640; Number of writes = 127 Read-only rootfs 13 Copyright © 2011-2016, 2net Ltd
  • 14. block_dump • But, what is the cause of those writes? Which files? • Turn on block system kernel logging using block_dump • See Documentation/laptops/laptop-mode.txt in kernel source • Example (rootfs is on /dev/vda): # echo 1 > /proc/sys/vm/block_dump # echo hello > world.txt # dmesg sh(234): dirtied inode 701 (.ash_history) on vda sh(234): dirtied inode 701 (.ash_history) on vda sh(234): dirtied inode 701 (.ash_history) on vda sh(234): dirtied inode 694 (world.txt) on vda sh(234): dirtied inode 694 (world.txt) on vda jbd2/vda-8(78): WRITE block 802 on vda (2 sectors) jbd2/vda-8(78): WRITE block 804 on vda (2 sectors) Read-only rootfs 14 Copyright © 2011-2016, 2net Ltd
  • 15. Logging block I/O from bootup • Set block_dump in early boot script (may need to bump the size of the kernel log buffer to capture everything) • Then filter out the junk: # dmesg | grep dirtied | grep "on vda" | sort chown(150): dirtied inode 548 (passwd) on vda dd(298): dirtied inode 716 (random-seed) on vda dd(298): dirtied inode 716 (random-seed) on vda dropbearkey(325): dirtied inode 717 (dropbear_rsa_host_key) on vda dropbearkey(325): dirtied inode 717 (dropbear_rsa_host_key) on vda gzip(197): dirtied inode 714 (udev-cache.tar.gz) on vda gzip(197): dirtied inode 714 (udev-cache.tar.gz) on vda gzip(197): dirtied inode 714 (udev-cache.tar.gz) on vda login(347): dirtied inode 543 (motd) on vda [...] Only the file name is displayed, not full path name, but it’s enough Read-only rootfs 15 Copyright © 2011-2016, 2net Ltd
  • 16. Common problems • A lot of stuff happens on first boot • e.g. Dropbear writes SSH keys to /etc/dropbear, udev snapshot saved to /etc/udev-cache.tar.gz • Some of these things can be done at build time • Others need be changed to put stuff in a non-volatile state partition • System config, including network parameters • Saving random-seed • Log files Read-only rootfs 16 Copyright © 2011-2016, 2net Ltd
  • 17. Putting it right • In reality, packages store state in various places • Pragmatic solutions include: • Adding symlinks from rootfs to non volatile storage: e.g. /etc to /data/etc • Using unionfs or similar to overlay rootfs with non volatile storage Read-only rootfs 17 Copyright © 2011-2016, 2net Ltd
  • 18. Putting it right: first pass • Create a new partition for non-volatile state • For example /data (an idea borrowed from Android) • Remount rootfs readonly • Use tmpfs for volatile state (/run and /var/volatile) /etc/fstab /dev/root / auto defaults,ro 1 1 /dev/vdb /data ext4 defaults 0 0 tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0 tmpfs /var/volatile tmpfs defaults 0 0 [...] Read-only rootfs 18 Copyright © 2011-2016, 2net Ltd
  • 19. log files • Many daemons write log files to /var/log • Including syslogd • Usually, such log files are unnecessary for embedded • Solution: make log files part of the volatile state by mounting a tmpfs on /var/log Poky core-image-minimal does this already: # ls -ld /var/log lrwxrwxrwx 1 root root 12 Oct 6 14:11 /var/log -> volatile/lo # mount tmpfs on /var/volatile type tmpfs (rw,relatime) Read-only rootfs 19 Copyright © 2011-2016, 2net Ltd
  • 20. random-seed • Saving random-seed at shutdown is necessary when using /dev/urandom • Solution: make it part of non-volatile state by symlinking /var/lib/urandom to /data/var/lib/urandom • Or, modify the shell script that creates and restores random-seed Read-only rootfs 20 Copyright © 2011-2016, 2net Ltd
  • 21. ssh keys • The Dropbear ssh daemon stores keys in /etc/dropbear or /var/lib/dropbear • Keys should be unique per device • Solution: either move to non-volatile state by symlinking /var/lib/dropbear to /data • Or, generate and pre load keys when device is provisioned Read-only rootfs 21 Copyright © 2011-2016, 2net Ltd
  • 22. Doing less on first boot • Build packages with sensible defaults so they work without config files • Or, pre-load config files into the /data partition • Generate per-device configuration at build-time rather than at first-boot • Populate configuration files that are common for many packages (e.g. passwd, group with the composite requirements of all Read-only rootfs 22 Copyright © 2011-2016, 2net Ltd
  • 23. What about Android/Brillo? Android is a good example • rootfs moved into /system, which is read only and stateless • Non-volatile state in /data • Has factory reset • Has OTA update Read-only rootfs 23 Copyright © 2011-2016, 2net Ltd
  • 24. What about Yocto Project? Current versions of Yocto Project have a partial solution • Add to your config: IMAGE_FEATURES = "read-only-rootfs" • Sets ROOTFS_READ_ONLY=yes in /etc/default/rcS • Mounts rootfs ro and /var/lib as tmpfs • But, nowhere to store non volatile state Read-only rootfs 24 Copyright © 2011-2016, 2net Ltd
  • 25. Conclusion • Read-only rootfs makes for better embedded systems • Make rootfs stateless by moving state into non-volatile and volatile filesystems • diskstats and block_dump will help identify state This and other topics associated with building robust embedded systems are coverred in my training courses http://www.2net.co.uk/training.html Read-only rootfs 25 Copyright © 2011-2016, 2net Ltd