Making the TX1 root partition Read Only on boot

I want to make the Jetson’s root partition read only on boot, but I don’t know how

I’ve modified /boot/extlinux/extlinux.conf to say ro rather than rw but that does not work as something else remounts it as rw.
The /etc/fstab is empty, so I’m unsure what else could be remounting root as rw.
Do I need to be looking in the initrd?

Any help would be appreciated, Thanks.

I have an alternate boot entry on a TX2 as follows. After boot root cannot touch files or directories (this is R28.1…TX1 should be the same):

LABEL read_only
      MENU LABEL read_only
      LINUX /boot/Image
      APPEND ${cbootargs} root=/dev/mmcblk0p1 ro rootwait rootfstype=ext4

Here is the resulting “/proc/cmdline”:

root=/dev/mmcblk0p1 <b>rw</b> rootwait console=ttyS0,115200n8 console=tty0 OS=l4t fbcon=map:0 net.ifnames=0 memtype=0 video=tegrafb no_console_suspend=1 earlycon=uart8250,mmio32,0x03100000 nvdumper_reserved=0x2772e0000 gpt tegraid= tegra_keep_boot_clocks maxcpus=6 androidboot.serialno=0334916010131 bl_prof_dataptr=0x10000@0x277240000 sdhci_tegra.en_boot_part_access=1 root=/dev/mmcblk0p1 <b>ro</b> rootwait rootfstype=ext4

Notice that initially cmdline has “rw”, but later it has “ro”…the last occurrence should take precedence. My TX1 isn’t where I can test right now, but if using R28.1 the result should be the same.

Thanks, I had previously tried that. I am on R24 for software/hardware reasons.

Looking at the initrd:/init it looks like it ignores the /proc/cmdline option for read only.

When I get a new TTL serial adaptor I will try a modified initrd

FYI, there is now an R24.2.2 if interested.

I didn’t look at details, but it does appear the R24.2.1 initrd “init” script just mounts the root device and doesn’t offer any options. It pipes “/proc/cmdline” through this:

sed -e 's/.*root=\/dev\/\([abcdefklmnps012]*\).*//'

In my case this results in just “mmcblk0p1”, which means the normal cmdline with a ro flag would drop the ro. Probably changing the initrd init script to check for the last occurrence of “ro” or “rw” would cause the order to not be ignored (you can have as many “ro” or “rw” options as you want, it is supposed to use the last occurrence).

This is actually a bug in the init script of the initrd which needs to be fixed.