The boot process could be better, from my perspective. I have the same setup as you, and I have to keep my boot partition unmounted because if I don’t, apt upgrade can result in my laptop not being able to boot. Last time I upgraded my kernel, I had to pull the reform-system-image and reform-boundary-uboot repositories, change some of the hard-coded paths, and compile uboot and the boot image myself. Took me quite a few cycles of what you’re doing now to get that worked out.
Here’s a post summarizing what I did: MNT Reform System Image V3 Beta - #16 by lykso
Here’s the output of git diff in my reform-system-image repo as it now stands:
diff --git a/reform2-imx8mq/mkimage.sh b/reform2-imx8mq/mkimage.sh
index 5d8fa18..19bfd6f 100755
--- a/reform2-imx8mq/mkimage.sh
+++ b/reform2-imx8mq/mkimage.sh
@@ -5,7 +5,7 @@ set -e
# make sure build tools are installed
# FIXME: replace this by a check that everything is installed
-#sudo apt-get -y install parted multistrap udisks2 gcc-aarch64-linux-gnu make device-tree-compiler qemu-user-static binfmt-support build-essential bison flex libssl-dev mmdebstrap
+sudo apt-get -y install parted multistrap udisks2 gcc-aarch64-linux-gnu make device-tree-compiler qemu-user-static binfmt-support build-essential bison flex libssl-dev mmdebstrap
# if we are in a git repository and if SOURCE_DATE_EPOCH is not set, use the
# timestamp of the latest git commit
@@ -20,70 +20,70 @@ export SOURCE_DATE_EPOCH
export TMPDIR="$(pwd)"
# download u-boot from CI
-/usr/lib/apt/apt-helper download-file https://source.mnt.re/reform/reform-boundary-uboot/-/jobs/artifacts/master/raw/flash.bin\?job\=build flash.bin
+#/usr/lib/apt/apt-helper download-file https://source.mnt.re/reform/reform-boundary-uboot/-/jobs/artifacts/master/raw/flash.bin\?job\=build flash.bin
# build the debian userland and configure it
./mkuserland.sh
# Rescue System ---------------------------------------------------------
-./tarfilter --path-exclude='*' --path-include=/boot --path-include='/boot/*' --strip-components=2 < target-userland.tar \
- | genext2fs --block-size 1024 --size-in-blocks 262144 --bytes-per-inode 16384 --tarball - boot.img
-dd if=boot.img of=reform-rescue-system.img seek=1 bs=4194304
-rm boot.img
-./tarfilter --path-exclude='/boot/*' < target-userland.tar \
- | genext2fs --block-size 1024 --size-in-blocks 2097152 --bytes-per-inode 16384 --tarball - root.img
-dd if=root.img of=reform-rescue-system.img seek=65 bs=4194304
-rm root.img
-dd if=/dev/zero bs=512 count=1 >> reform-rescue-system.img
-/sbin/parted -s reform-rescue-system.img "mklabel msdos"
-# reproducible disk signature
-printf mntr | dd of=reform-rescue-system.img seek=440 bs=1 conv=notrunc
-/sbin/parted -s reform-rescue-system.img "mkpart primary ext4 4MiB 260MiB"
-/sbin/parted -s reform-rescue-system.img "mkpart primary ext4 260MiB 2308MiB"
-/sbin/parted -s reform-rescue-system.img print
-
-# install u-boot for i.MX8MQ
-dd if=./flash.bin of=reform-rescue-system.img conv=notrunc bs=1k seek=33
-
-echo Reform Rescue System Image created: reform-rescue-system.img
-
-# Full System -----------------------------------------------------------
-
-# chroot into the userland and add extra applications
-./mkuserland3.sh
-
-if [ $(id -u) -eq 0 ]; then
- # genext2fs is very slow so if we run this script as root, we give up
- # on reproducibility in favor of creating the image faster
- mkdir target-userland
- tar --directory target-userland --xattrs --xattrs-include='*' --extract --file target-userland-full.tar
- /sbin/mke2fs -v -L 'MNTREFORMBOOT' -N 0 -E offset=4194304 -d target-userland/boot -t ext2 reform-system.img 256M
- rm -rf target-userland/boot/*
- /sbin/mke2fs -v -L 'MNTREFORMROOT' -N 0 -O 64bit -E offset=272629760 -d target-userland -m 5 -r 1 -t ext4 reform-system.img 9000M
- rm -rf target-userland
-else
- # if we don't run as root, use the slow (but bit-by-bit reproducible)
- # genext2fs instead
- ./tarfilter --path-exclude='*' --path-include=/boot --path-include='/boot/*' --strip-components=2 < target-userland-full.tar \
- | genext2fs --block-size 1024 --size-in-blocks 262144 --bytes-per-inode 16384 --tarball - boot.img
- dd if=boot.img of=reform-system.img seek=1 bs=4194304
- rm boot.img
- ./tarfilter --path-exclude='/boot/*' < target-userland-full.tar \
- | genext2fs --block-size 1024 --size-in-blocks 9216000 --bytes-per-inode 16384 --tarball - root.img
- dd if=root.img of=reform-system.img seek=65 bs=4194304
- rm root.img
-fi
-dd if=/dev/zero bs=512 count=1 >> reform-system.img
-/sbin/parted -s reform-system.img "mklabel msdos"
-# reproducible disk signature
-printf mntr | dd of=reform-system.img seek=440 bs=1 conv=notrunc
-/sbin/parted -s reform-system.img "mkpart primary ext4 4MiB 260MiB"
-/sbin/parted -s reform-system.img "mkpart primary ext4 260MiB 9260MiB"
-/sbin/parted -s reform-system.img print
-
-# install u-boot for i.MX8MQ
-dd if=./flash.bin of=reform-system.img conv=notrunc bs=1k seek=33
-rm flash.bin
-
-echo Reform Full System Image created: reform-system.img
+#./tarfilter --path-exclude='*' --path-include=/boot --path-include='/boot/*' --strip-components=2 < target-userland.tar \
+# | genext2fs --block-size 1024 --size-in-blocks 262144 --bytes-per-inode 16384 --tarball - boot.img
+#dd if=boot.img of=reform-rescue-system.img seek=1 bs=4194304
+#rm boot.img
+#./tarfilter --path-exclude='/boot/*' < target-userland.tar \
+# | genext2fs --block-size 1024 --size-in-blocks 2097152 --bytes-per-inode 16384 --tarball - root.img
+#dd if=root.img of=reform-rescue-system.img seek=65 bs=4194304
+#rm root.img
+#dd if=/dev/zero bs=512 count=1 >> reform-rescue-system.img
+#/sbin/parted -s reform-rescue-system.img "mklabel msdos"
+## reproducible disk signature
+#printf mntr | dd of=reform-rescue-system.img seek=440 bs=1 conv=notrunc
+#/sbin/parted -s reform-rescue-system.img "mkpart primary ext4 4MiB 260MiB"
+#/sbin/parted -s reform-rescue-system.img "mkpart primary ext4 260MiB 2308MiB"
+#/sbin/parted -s reform-rescue-system.img print
+#
+## install u-boot for i.MX8MQ
+#dd if=./flash.bin of=reform-rescue-system.img conv=notrunc bs=1k seek=33
+#
+#echo Reform Rescue System Image created: reform-rescue-system.img
+#
+## Full System -----------------------------------------------------------
+#
+## chroot into the userland and add extra applications
+#./mkuserland3.sh
+#
+#if [ $(id -u) -eq 0 ]; then
+# # genext2fs is very slow so if we run this script as root, we give up
+# # on reproducibility in favor of creating the image faster
+# mkdir target-userland
+# tar --directory target-userland --xattrs --xattrs-include='*' --extract --file target-userland-full.tar
+# /sbin/mke2fs -v -L 'MNTREFORMBOOT' -N 0 -E offset=4194304 -d target-userland/boot -t ext2 reform-system.img 256M
+# rm -rf target-userland/boot/*
+# /sbin/mke2fs -v -L 'MNTREFORMROOT' -N 0 -O 64bit -E offset=272629760 -d target-userland -m 5 -r 1 -t ext4 reform-system.img 9000M
+# rm -rf target-userland
+#else
+# # if we don't run as root, use the slow (but bit-by-bit reproducible)
+# # genext2fs instead
+# ./tarfilter --path-exclude='*' --path-include=/boot --path-include='/boot/*' --strip-components=2 < target-userland-full.tar \
+# | genext2fs --block-size 1024 --size-in-blocks 262144 --bytes-per-inode 16384 --tarball - boot.img
+# dd if=boot.img of=reform-system.img seek=1 bs=4194304
+# rm boot.img
+# ./tarfilter --path-exclude='/boot/*' < target-userland-full.tar \
+# | genext2fs --block-size 1024 --size-in-blocks 9216000 --bytes-per-inode 16384 --tarball - root.img
+# dd if=root.img of=reform-system.img seek=65 bs=4194304
+# rm root.img
+#fi
+#dd if=/dev/zero bs=512 count=1 >> reform-system.img
+#/sbin/parted -s reform-system.img "mklabel msdos"
+## reproducible disk signature
+#printf mntr | dd of=reform-system.img seek=440 bs=1 conv=notrunc
+#/sbin/parted -s reform-system.img "mkpart primary ext4 4MiB 260MiB"
+#/sbin/parted -s reform-system.img "mkpart primary ext4 260MiB 9260MiB"
+#/sbin/parted -s reform-system.img print
+#
+## install u-boot for i.MX8MQ
+#dd if=./flash.bin of=reform-system.img conv=notrunc bs=1k seek=33
+#rm flash.bin
+#
+#echo Reform Full System Image created: reform-system.img
diff --git a/reform2-imx8mq/mkuserland.sh b/reform2-imx8mq/mkuserland.sh
index c920736..2bbb915 100755
--- a/reform2-imx8mq/mkuserland.sh
+++ b/reform2-imx8mq/mkuserland.sh
@@ -25,8 +25,8 @@ mmdebstrap \
--essential-hook='mkdir -p "$1"/etc/flash-kernel/ubootenv.d' \
--essential-hook='mkdir -p "$1"/etc/flash-kernel/preboot.d' \
--essential-hook='echo "MNT Reform 2" > "$1"/etc/flash-kernel/machine' \
- --essential-hook='{ echo /dev/mmcblk1p2 / auto errors=remount-ro 0 1; echo /dev/mmcblk1p1 /boot auto errors=remount-ro 0 1; } > "$1"/etc/fstab' \
- --essential-hook='{ echo LINUX_KERNEL_CMDLINE=\"console=ttymxc1,115200 console=tty1 root=/dev/mmcblk1p2\"; echo LINUX_KERNEL_CMDLINE_DEFAULTS=\"ro no_console_suspend cma=512M pci=nomsi\"; } > "$1"/etc/default/flash-kernel' \
+ --essential-hook='{ echo /dev/mmcblk0p2 / auto errors=remount-ro 0 1; echo /dev/mmcblk0p1 /boot auto errors=remount-ro 0 1; } > "$1"/etc/fstab' \
+ --essential-hook='{ echo LINUX_KERNEL_CMDLINE=\"console=ttymxc1,115200 console=tty1 root=/dev/mmcblk0p2\"; echo LINUX_KERNEL_CMDLINE_DEFAULTS=\"ro no_console_suspend cma=512M pci=nomsi\"; } > "$1"/etc/default/flash-kernel' \
${comment#select timezone} \
--essential-hook='echo tzdata tzdata/Areas select Europe | chroot "$1" debconf-set-selections' \
--essential-hook='echo tzdata tzdata/Zones/Europe select Berlin | chroot "$1" debconf-set-selections' \
I keep meaning to play around with writing an alternative “emergency” image that loads from the eMMC, decrypts LUKS partitions, and allows kexecing into whatever bootable partitions it finds (like Petitboot, basically) but I haven’t got around to it yet. I think I just keep hoping that the eMMC+NVMe story will get improved in an update, though I feel a bit unreasonable about that, as it’s such a small team maintaining this and I haven’t even tried to help with that problem yet myself.
Anyway, I hope this was helpful.
Edit: My kernel command line argument changes don’t seem to be in that diff. I think I might have somehow changed them in uboot before compiling it, but I don’t have the diff for that at hand.