Has anyone gone down the path and have docs / guidance on reconfiguring the boot process so that the root filesystem is read only by default, instead of read/write? I’ll be starting on this soon, and hopefully it doesn’t amount to much more than some reconfiguration of u-boot and the initial ram disk.
I think, changing the kernel cmdline parameter ‘rw’ to ‘ro’ is what you are looking for.
Find the correct uboot env variable and change the ‘rw’ to ‘ro’ in uboot bootargs.
start from ‘print bootcmd’ and see how it is now booting.
I think it could get a bit more involved. Will need to use overlayfs or tmpfs for a few parts of the filesystem that need to be writable for things like pid files. I’ll report back with a system when we get it figured out.