Bug 187161 - FreeBSD memstick Images Fail to Boot from Read-Only Media
Summary: FreeBSD memstick Images Fail to Boot from Read-Only Media
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: FreeBSD Release Engineering
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-01 06:40 UTC by A.J. Kehoe IV
Modified: 2016-01-12 02:14 UTC (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description A.J. Kehoe IV 2014-03-01 06:40:01 UTC
By default, /etc/rc.d/root tries to mount the root filesystem as read-write, which causes startup to abort when booting from read-only media that was created using the official memstick images.

Fix: 

On the system that creates the official FreeBSD memstick images:

echo 'root_rw_mount="NO"' >> /path/to/memstick/etc/rc.conf

To patch your current memstick image before creating your read-only media:

1. mdconfig -a -t vnode -u 0 -f /path/to/FreeBSD-10.0-RELEASE-amd64-memstick.img
2. mount -t ufs /dev/md0 /mnt
3. echo 'root_rw_mount="NO"' >> /mnt/etc/rc.conf
4. umount /mnt
5. mdconfig -d -u 0
How-To-Repeat: 1. Get a USB flash drive that has a write protection switch.
2. Disable write protection on the USB flash drive.
3. Connect the USB flash drive to your system.
4. dd if=/path/to/FreeBSD-10.0-RELEASE-amd64-memstick.img of=/dev/usbflashdrive
5. Enable write protection on the USB flash drive.
6. Boot your system from the USB flash drive.
Comment 1 Glen Barber freebsd_committer freebsd_triage 2014-06-02 05:22:53 UTC
Looking further at the proposed solution, I would be weary of
implementing it, since there may be unexpected repercussions with regard
to bsdinstall(8) and bsdconfig(8), since both require read-write parts
on the install medium at certain points as far as I can tell.

I would like to get feedback from nwhitehorn@ and dteske@ on this.
Comment 2 Glen Barber freebsd_committer freebsd_triage 2014-06-02 05:25:17 UTC
RE territory.
Comment 3 Oliver Jones 2016-01-04 21:58:00 UTC
(In reply to Glen Barber from comment #1)
What happens with bsdinstall(8) and bsdconfig(8) when you try to install from WORM media, such as the official CD/DVD ISO image? This type of install media is not writable, as far as I can tell. :)

I would suggest looking at what's done for WORM media, and doing the same for USB media: It shouldn't be necessary to write to the install media at all! If a writable volume is required during installation, a RAM disk is probably the best solution - and if this *is* truly required, it's probably already solved in exactly this fashion with the CD/DVD media - which cannot write to CD/DVD, during the install process.
Comment 4 Glen Barber freebsd_committer freebsd_triage 2016-01-04 22:09:42 UTC
(In reply to Oliver Jones from comment #3)
> (In reply to Glen Barber from comment #1)
> What happens with bsdinstall(8) and bsdconfig(8) when you try to install
> from WORM media, such as the official CD/DVD ISO image? This type of install
> media is not writable, as far as I can tell. :)
> 
> I would suggest looking at what's done for WORM media, and doing the same
> for USB media: It shouldn't be necessary to write to the install media at
> all! If a writable volume is required during installation, a RAM disk is
> probably the best solution - and if this *is* truly required, it's probably
> already solved in exactly this fashion with the CD/DVD media - which cannot
> write to CD/DVD, during the install process.

In theory, you are correct, but there are different subsystems involved here.  So while speculating the behavior won't change, I would prefer an actual test to be 100% certain.  (If I had one of these USB sticks, I would test myself.)
Comment 5 Nathan Whitehorn freebsd_committer freebsd_triage 2016-01-04 23:13:50 UTC
The relevant ramdisks are created automatically if / is read-only by /etc/rc. bsdinstall and bsdconfig don't (by design) know anything about memsticks vs. CDs, so read-only mounting / by any mechanism would work just fine.
Comment 6 A.J. Kehoe IV (Nanoman) 2016-01-05 01:02:39 UTC
(In reply to Glen Barber from comment #4)

Here's one way that you can test this using a regular USB flash drive:

1. dd if=/path/to/FreeBSD-10.2-RELEASE-amd64-uefi-memstick.img of=/dev/usbflashdrive
2. dd if=/dev/usbflashdrive | sha256 > hash1.txt
3. Boot up the system using the USB flash drive, and then power it off without doing anything that you'd expect would write to the USB flash drive.
4. dd if=/dev/usbflashdrive | sha256 > hash2.txt
5. Notice that the contents of hash1.txt and hash2.txt are different.
6. Use the workaround from this bug report to patch /path/to/FreeBSD-10.2-RELEASE-amd64-uefi-memstick.img.
7. Try steps #1 to #4 again.
8. Notice that the contents of hash1.txt and hash2.txt are identical.

As far as I know, it shouldn't be a problem for all FreeBSD installation images (memstick, disc 1, et cetera) to have root_rw_mount="NO" in /etc/rc.conf.  I think most people don't want any changes to be made to their installation media, and for those who do, it's easy enough to temporarily mount them as read/write and/or modify /etc/rc.conf.
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-01-05 03:21:38 UTC
A commit references this bug:

Author: gjb
Date: Tue Jan  5 03:20:46 UTC 2016
New revision: 293188
URL: https://svnweb.freebsd.org/changeset/base/293188

Log:
  Prevent memstick installation medium from attempting to mount
  the root filesystem read-write.  This causes problems booting
  the memstick installation medium from write-protected USB flash
  drives.

  Submitted by:	A.J. Kehoe IV [1], Oliver Jones [2]
  PR:		187161 [1], 205886 [2]
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/release/amd64/make-memstick.sh
  head/release/arm64/make-memstick.sh
  head/release/i386/make-memstick.sh
  head/release/powerpc/make-memstick.sh
Comment 8 Glen Barber freebsd_committer freebsd_triage 2016-01-05 03:25:10 UTC
(In reply to Nathan Whitehorn from comment #5)
> The relevant ramdisks are created automatically if / is read-only by
> /etc/rc. bsdinstall and bsdconfig don't (by design) know anything about
> memsticks vs. CDs, so read-only mounting / by any mechanism would work just
> fine.

Thank you for the feedback.  I've committed a change that will be reflected in this week's snapshot builds, and will merge to stable/10 in 1 week.
Comment 9 commit-hook freebsd_committer freebsd_triage 2016-01-12 02:13:25 UTC
A commit references this bug:

Author: gjb
Date: Tue Jan 12 02:12:41 UTC 2016
New revision: 293723
URL: https://svnweb.freebsd.org/changeset/base/293723

Log:
  MFC r293188:
   Prevent memstick installation medium from attempting to mount
   the root filesystem read-write.  This causes problems booting
   the memstick installation medium from write-protected USB flash
   drives.

  PR:		187161, 205886
  Sponsored by:	The FreeBSD Foundation

Changes:
_U  stable/10/
  stable/10/release/amd64/make-memstick.sh
  stable/10/release/amd64/make-uefi-memstick.sh
  stable/10/release/i386/make-memstick.sh
  stable/10/release/powerpc/make-memstick.sh