Hi everyone,
we applied the ST FWU reference solution on our own platform based on the STM32MP157F.
The solution was taken and adapted from the ST Yocto layer meta-st-ota (https://github.com/PRG-MPU-CUST/meta-st-ota).
In our setup rootfs must become read-only because of dm-verity application on rootfs requested by secure boot scheme.
Currently, making rootfs r/o is not possible because of post-install.sh rauc handler, which writes to the rootfs.
The problem, that after an update bundle installation, rauc calls the post-install.sh. This script edits MOUNT_PARTITIONS_LIST in the mount-partitions.sh script in rootfs of the next slot to mount correct `-a` or `-b` bootfs or vendorfs after the reset.
The solution that we think about, is to remove rootfs changing step from post-install.sh and to make mount-partitions.sh slot aware.
Instead of mounting from MOUNT_PARTITIONS_LIST variable as-is, mount-partitions.sh should read the current slot from /proc/cmdline (rauc.slot=…), and based on that, decide whether to mount bootfs-a / vendorfs-a or bootfs-b / vendorfs-b.
What do you think? Is it a correct approach?
Maybe you can share patches for that?
It is hard to believe that nobody requested this change in the past (r/o rootfs is a common security need).
thanks a lot!
