Mounting /boot read-only

[bitinerant]

I noticed in rootwork that the /boot partition is remounted rw and then ro on exit, but I don't see where /boot is mounted ro to begin with. On Rasbian, is the /boot partition actually mounted ro after a reboot but before running rootwork?

Just a note - mounting /boot as ro may not be that important because nothing should write to it during normal operation, only during things like kernel updates. However, I don't know what risk power failures would pose.

Related to this, to support Ubuntu Server and other systems that use /boot/firmware rather than /boot (see issue #9), the rootwork script needs to be updated - perhaps to use /boot/firmware if it is a mountpoint, and otherwise use /boot.

@chesty - I want to add to others' comments about how valuable this project is for long-term RPi stable operation. We appreciate the time and energy you've contributed to write, test, publish, and support this project.

[chesty]

interesting thought about /boot being read-write after boot. I didn't consider it and I don't know.
I'll be able to test it soon. I guess editing /etc/fstab to mount it read-only would be a way to make it read-only after boot.

re /boot/firmware, if you haven't already made changes, I guess changing line 63 and and 93 in rootwork would do the trick, ie

line 63 from
for DIR in boot run; do
to
for DIR in boot boot/firmware run; do

and line 93 from
for DIR in boot; do
to
for DIR in boot/firmware boot; do

If you're able to make those changes and it works ok, send me a pull request and I'll add them in. I'll test on a raspbian to make sure it doesn't cause any problems, but I don't see how it would, it should silently ignore /boot/firmware as it doesn't exist on raspbian.

[bitinerant]

I submitted PR#11 which fixes the rootwork portion of this. The question about making /boot ro at boot remains.