Hi!
is it possible to set up the system that the root fs is read only
and changes are made only to a ramdisk (e.g. a union fs)?
this way the beagleboard could be switched off at any time
without corrupting the file system. I don't need permanent
changes.
-Jochen
Absolutely… BeagleBoard runs standard linux so the tricks used by most live cds will work… Knoppix is a great example to look at if you dig around there’s plenty of documentation on how they design their distro… There are even some tricks you can do to ensure that changes can be written without being able to cause corruption (e.g. for configuration, or for “firmware” upgrades)
There are even some tricks you can do to ensure that changes can be written without being able to cause corruption (e.g. for configuration, or for "firmware" upgrades)
That sounds great. Do you have a link to a howto?
-Jochen
The simplest solution is to use unionfs across a readonly (stable) partition and a secondary writeable partition. Before creating the union, check the secondary filesystem with some kind of consistency check (e.g. for configuration files we make sure syntax is valid and that a checksum matches). If the consistency doesn’t match then nuke the unionfs partition and rebuild it. This doesn’t save the configuration, but it does prevent corruption on the writable partition from blocking a boot up.
You can use a third partition to protect the writeable data: write to the second partition, confirm its complete (** see below **) and then write to the third partition. During boot up check both the writeable partitions for consistency. If the second partition is consistent and the third isn’t then copy from the second to the third and then continue. If the second partition isn’t consistent then the third partition can be used to recover the second partition (albeit potentially a previous version).
The trick is knowing when data really has left the linux kernel and been written to the device. This is actually quite tricky and the only reliable way I’ve found is to call sync and then wait until the number of dirty blocks waiting to be written to disk reaches zero. There’s a file under /proc or /sys that gives that info but I don’t have it to hand… 
Doing a “firmware upgrade” is really updating the normally stable readonly partition. To do this might need a fourth partition if you can’t re-use your writeable partitions… Basically, the steps are change the bootloader to boot from a different partition while the real readonly partition is being updated. Once the updates are complete change the bootloader to boot as normal. We do this by saving u-boot configuration to the flash, then updating the partition and then putting the u-boot configuration back. The SD card has a restore to factory settings mode which is triggered if the user holds down the USR button.
It (obviously) doesn’t protect from a hardware failure or disk corruption from software errors / radiation… It also (less obviously?) isn’t any good for “users” and regular disk I/O because it really needs application layer integration to know that the devices configuration needs to be saved, but its great for “black boxes”…
FYI the file that shows number of dirty pages waiting to be written is /proc/vmstat and the entry is “nr_dirty”