• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 98 subscribers
  • Views 345 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Linux/AM5728: RootFS protection

TianShen
Intellectual 510 points
Part Number: AM5728

Tool/software: Linux

Hi:

Software version: ti-processor-sdk-linux-am57xx-evm-04.03.00.05,  hardware version: AM5728-ES2.0, custom board,

To prevent user processes from corrupting the root file system, I need to change the file system to read-only mode. What should I do? Are there any precautions?

thanks

  • 0
    TI__Guru 55345 points

    Hello Tian,

    To make the filesystem read-only, depending on that from which device you boot change the kernel cmd line in U-Boot from rw to ro and add ro to /dev/root in /etc/fstab in userspace.

    For SD card, change
    args_mmc=run finduuid;setenv bootargs console=${console} ${optargs} root=PARTUUID=${uuid} rw rootfstype=${mmcrootfstype}
    to
    args_mmc=run finduuid;setenv bootargs console=${console} ${optargs} root=PARTUUID=${uuid} ro rootfstype=${mmcrootfstype}

    /etc/fstab
    # stock fstab - you probably want to override this with a machine specific one

    /dev/root            /                    auto       defaults              1  1
    proc                 /proc                proc       defaults              0  0
    devpts               /dev/pts             devpts     mode=0620,gid=5       0  0
    usbdevfs             /proc/bus/usb        usbdevfs   noauto                0  0
    tmpfs                /run                 tmpfs      mode=0755,nodev,nosuid,strictatime 0  0
    tmpfs                /var/volatile        tmpfs      defaults,size=50M     0  0
    tmpfs                /media/ram           tmpfs      defaults,size=16M     0  0

    # uncomment this if your device has a SD/MMC/Transflash slot
    #/dev/mmcblk0p1       /media/card          auto       defaults,sync,noauto  0  0

    to
    # stock fstab - you probably want to override this with a machine specific one

    /dev/root            /                    auto       defaults,ro           1  1
    proc                 /proc                proc       defaults              0  0
    devpts               /dev/pts             devpts     mode=0620,gid=5       0  0
    usbdevfs             /proc/bus/usb        usbdevfs   noauto                0  0
    tmpfs                /run                 tmpfs      mode=0755,nodev,nosuid,strictatime 0  0
    tmpfs                /var/volatile        tmpfs      defaults,size=50M     0  0
    tmpfs                /media/ram           tmpfs      defaults,size=16M     0  0

    # uncomment this if your device has a SD/MMC/Transflash slot
    #/dev/mmcblk0p1       /media/card          auto       defaults,sync,noauto  0  0

    Best regards,
    Kemal