# # How to make Raspberry Pi to operate with read-only filesystem to save the sdcard (temporary files to RAM memory etc) # # Do everything as root after clean install # # This guide is great and somewhat similar: # https://hallard.me/raspberry-pi-read-only/ # # Update everything first and installing some convenient tools sudo bash apt update apt upgrade -y # (OPTIONAL) Enable SSH server for easier remote control and check the IP address for SSH access systemctl enable ssh systemctl start ssh ip addr show # (OPTIONAL) Installing some useful tools (some may be installed already) apt install lsof dnsutils creen htop vim nano net-tools jq bat zip unzip ncdu p7zip-full -y # (OPTIONAL) Setting timezone timedatectl set-timezone Europe/Helsinki # Setting /tmp as 200 MB RAM drive echo 'tmpfs /tmp tmpfs defaults,size=200M 0 0' >> /etc/fstab # Edit /etc/fstab with nano editor and change these two mount points to to read only: PARTUUID...something here leave alone... /boot vfat defaults,ro 0 2 PARTUUID...something here leave alone... / ext4 defaults,noatime,ro 0 1 # For boot, disable some common services causing IO. Disable swap memory # edit /etc/rc.local with nano editor and replace the contents to: #!/bin/bash systemctl stop syslog.socket systemctl stop systemd-journald systemctl stop systemd-journald.socket systemctl stop systemd-journald-dev-log.socket systemctl stop rsyslog.service pkill rsyslogd echo 0 > /proc/sys/vm/swappiness swapoff -a # create symbolic links to tmp from other temporary directories and files: cd /var rm -rf lock run spool tmp ln -s /tmp lock ln -s /tmp run ln -s /tmp spool ln -s /tmp tmp cd /var/lib rm -rf dhcp dhcpcd ln -s /tmp dhcp ln -s /tmp dhcpcd rm -f /var/lib/systemd/random-seed ln -s /tmp/random-seed /var/lib/systemd/random-seed # Usually all crons can be removed (taking backups to /root). Use find command first to verify what you are removing: find /etc/cron* mkdir /root/cronbackups cp -a /etc/cron* /root/cronbackups/ rm -f /etc/cron.d/* rm -f /etc/cron.hourly/* rm -f /etc/cron.daily/* rm -f /etc/cron.weekly/* rm -f /etc/cron.monthly/* # Edit /lib/systemd/system/systemd-random-seed.service file with nano and add: # # ExecStartPre=/bin/echo "" > /tmp/random-seed under the service section # # It should look something like this: [Service] Type=oneshot RemainAfterExit=yes ExecStartPre=/bin/echo "" > /tmp/random-seed ExecStart=/lib/systemd/systemd-random-seed load ExecStop=/lib/systemd/systemd-random-seed save # Reboot the system, login again and check if the filesystem is RO: systemctl reboot ... sudo bash touch /testfile # this should give read-only filesystem error # # Optional tools # # # Example Bash script to remount filesystem to read-only # # readonly.bash # #!/bin/bash echo 'Running now: mount -o remount,ro,noatime / ; mount -o remount,ro,noatime /boot' mount -o remount,ro,noatime / ; mount -o remount,ro,noatime /boot #sync; mount -f -o remount,ro,noatime / ; mount -o remount,ro,noatime /boot # possibly dangerous with -f (force) option # use this to see open processes: lsof / | awk '$4 ~ /[0-9].*w/' # # Example Bash script to remount filesystem to read and write # # readandwrite.bash # #!/bin/bash echo 'Running now: mount -o remount,rw,noatime / ; mount -o remount,rw,noatime /boot' mount -o remount,rw,noatime / ; mount -o remount,rw,noatime /boot