The default Digi Embedded Yocto root file system is writable. This allows users to modify configuration files and add or remove other files. You can also build a read-only root file system with Digi Embedded Yocto. A read-only root file systems has several advantages:
You can separate user-specific changes from system configuration.
It allows for factory reset by erasing the user data from the writable partition.
With TrustFence, you can sign the root file system image and authenticate it at boot because the image will not change.
Configure your project for read-only rootfs
To build an image with read-only rootfs, edit your project’s
conf/local.conf configuration file and add:
EXTRA_IMAGE_FEATURES += "read-only-rootfs"
read-only-rootfs is a Yocto IMAGE_FEATURE.
When you add this IMAGE_FEATURE to your project, Yocto changes some recipes to prevent them from modifying root file system files during runtime.
Build the read-only rootfs image
Build an image for your project, such as:
$ bitbake dey-image-qt
The build produces a SQUASHFS root file system image called
Signed read-only rootfs (optional)
If TrustFence is enabled, Digi Embedded Yocto signs the read-only rootfs image. This forces closed devices to authenticate the read-only rootfs before booting.
See Secure boot for more information.
Prepare your target for read-only rootfs
updatecommand to program the SQUASHFS root file system image directly on the target. For example:
=> update rootfs tftp dey-image-qt-xwayland-ccimx6qpsbc.squashfs
Boot the target:
If TrustFence is enabled, the rootfs image is authenticated before boot.
You can see on the boot log that the root file system is read-only:
platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
ALSA device list:
VFS: Mounted root (squashfs filesystem) readonly on device 179:3.
Freeing unused kernel memory: 2496K...
|The post-installation script that formats the data partition is not available on read-only filesystems, so you must manually format the partition. To do so:
# mkfs.ext4 /dev/mmcblk0p7
Customize the read-only file system
Read-only root file systems do not allow modification of system configuration files, such as network settings or ConnectCore Cloud Services settings.
To overcome this, you need to make modifications at build time.
Modify configuration files at build time
This method creates fixed configuration files at build time that will be part of the final read-only root file system.
The system is fully read-only, but configured with your desired settings.
Any device programmed with the read-only image will have the exact same settings, which may be inconvenient if several devices are working in the same network.
To configure Ethernet, see Configure Ethernet connection from Digi Embedded Yocto.
To configure Wi-Fi, see Configure Wi-Fi connection from Digi Embedded Yocto.
To configure cellular, see Configure cellular connection from Digi Embedded Yocto.
ConectCore Cloud Services settings
Default path to download firmware files (
/mnt/update) is not writable in dual boot system devices using read-only root file system.
To have CCCS firmware update service properly working, you must change the
cccs.conf configuration to either:
Other system settings
For any system configuration file that you want to modify, do the following:
Locate the recipe that contains and installs the configuration file.
If the file is installed by meta-digi layer, edit the file and apply your modifications. If not, create a recipe
*.bbappend(either in meta-digi layer or on a custom layer with bigger priority) that overrides the configuration file with your changes.