[PATCH openbmc 0/6] Persistent 1

[Stewart Smith]

OpenBMC Patches <openbmc-patches at stwcx.xyz> writes:
> The openbmc-phosphor include has been updated to build two
> file systems: an initramfs packaged into an initrd for
> setting up the root file system, and a read-only squashfs
> with xz compression to hold the main data.  The final 4MB
> of the 32MB flash is used to hold a read/write overlay over
> the squashfs maintaining updates for any files changed
> that are not mounted in a tmpfs directory.

<snip>

> The first-boot is triggering systemd-update-hwdb.service which is trying
> to recreate a 60MB file in our 4MB file system.  It obviously fails, but
> it also sometimes times out and causes the ttyS4.device and ttyS0.device
> files that are trying to run concurrently to also fail.   This causes the
> console getty to not be started.  If this occurs you can login over the
> network if you had previously setup systemd (or set ip= in bootargs from
> u-boot), otherwise you will need to reboot then address the unclean ext4
> fsck issue above.

While this probably isn't a too bad stop-gap measure, fundamentally,
it's probably better to have all persistent data in a specfiic
mountpoint so that the BMC stack itself can be near impossible to modify
(err... backdoor) at runtime.

With a persistent overlay, it makes it much easier to persistently
backdoor the BMC (which isn't ideal).

Do we have a plan to head towards something like:
- root on dm_verify
- root mounted ro
- strong, enforcing SELinux
- all persistent data on /data or somewhere, no exec, and all that jazz

?

-- 
Stewart Smith
OPAL Architect, IBM.