Is there any secret to making an image bootable for the mnt reform, to put on my SSD. I’ve been browsing the mntmn/reform-bootstrap repository, and there are a few things I’m not clear on. I notice that it includes compiling uboot into the image, but this doesn’t seem like it would be necessary if I’m already using uboot from the embedded flash memory.

I’ve been doing my own research, and it seems I’m supposed to use mkimage from u-boot-tools in the Debian repository. However, i don’t know where to begin finding the parameters I’m supposed to use with it.

Or am I just overthinking everything and any image should work assuming it has a working kernel?

I haven’t experimented much with this myself, but I think if you’ve got uBoot on the embedded flash memory, you should be able to boot any image with a kernel configured for the Reform’s hardware. AFAICT, the first image loaded is the only one with constraints: it has to be offset some amount and the image(s) for the ARM core(s) have to be preceded by the firmware images for the System Controller and the Security Controller. (Here’s the documentation on the boot process.) Once you’re in uBoot, though, you should be able to boot any image uBoot can boot.

Aha, thank you. It’ll take me a little bit to get things right, and will be unable to play with it for a few days, but being able to eliminate that as a problem has helped me a great deal.

Mntmn fixed my problem. I was a unique case, where I had already switched over to the default linux install and uboot on the emmc memory. This is the install with uboot you can only get to by taking off the heat sink and manually switching the dip switch on the SoM.

Trying to boot to this emmc memory with uboot and then to the sd card wasn’t supported by the default boot script. My actual file system was fine.

The fix involves modifing the reform-init script in the /sbin directory on the emmc memory. The following code needs to be inserted before line 28, before the final else clause:

elif [ "$BOOTPREF" == "sd" ]; then
	echo "Booting from SD."

the final if-else statement should look like this:

# Check config
if [ "$BOOTPREF" == "usb" ]; then
	echo "Booting from USB storage in 3 seconds."
	BOOTPART="/dev/sda1"
elif [ "$BOOTPREF" == "nvme" ]; then
	echo "Booting from NVMe SSD."
	BOOTPART="/dev/nvme0n1p1"
elif [ "$BOOTPREF" == "sd" ]; then
	echo "Booting from SD."
else
	# Default. Boot from SD card (already mounted by kernel).
	echo "Booting from SD card (or eMMC)."
	exec /sbin/init
fi

Building on the shoulders of giants, I used this information along with others to create a step-by-step HOWTO build an image on any system device.

It is documented to the 9’s. It includes a short one-liner shell command that will take this long-ass description and turn it into a short (~32 command) script that you can run and answer two questions and it will do everything for you.

This is a draft. Please remember that your time is valuable to you, as is mine to me. I contribute so others may be helped – as I have been by the posts above and elsewhere. There will be a final draft when I get back to it.

I always include WHY something is done. Anyone can copy/paste a script, run it once, and forget all about it. Mine come with documentation. I also talk about failures. Yeah, those. When something I’ve done is not the right/best answer I’ll discuss it frankly in the documentation with Future-Me™, you folks, and then when Future-Me fixes it, I won’t remove that mistake… because leaving it in is helpful to Future-Yous knowing WHY I needed to do X, WHAT I tried, and HOW I eventually got X to work. If you follow that, you will take no bad turns onto bad roads that don’t lead to your destination.

Hopefully the formatting will not destroy itself.
Date and times are there for my keeping track of what I did when. They can be safely ignored except if you want to comment that I don’t seem to sleep much or that I haven’t touched it in like 10d

I hope this is helpful or instructive. I still need to work on the boot scripts (see parent topic) and make them a little better, like building for a USB stick. Also and not related, I’d like to get this on a working USB stick my way, so I can also put a full build environment, and have the SCREEN LIGHT UP AND SHOW SOMETHING when the SOC is up, not when the Linux kernel is already 1/2 the way up…

If there’s something you don’t like about it, speak up. If you see an improvement opportunity, speak up. I didn’t say my code was perfect, and i’d rather share the success with others on 100% solid code than be the sole developer on bad code.

— script follows —

cat /tmp/t2.t | sed -e “s/http/HYPERTEXT/g” -e “s/.com/DOTCOM/g” -e “s/.net/DOTNET/g”

202209211739MST

The goal is to build a bootable USB SDD. Later we’ll do both an NVME and a
multiboot USB. That latter may be difficult if we can’t get a bootloader that
supports menu options to work on the SOC.

This is a detailed explanation of ALL the steps, and why we do them. There is a
script that parses THIS explanation into copy/paste steps:
First, copy THIS entire page into the_text_file, then run the following (copy/paste it) to get
the commands to copy/paste and create the drive.

echo ‘#!/bin/bash -xv’ > script.sh && chmod o+x script.sh

egrep “^> # [[:alpha:]]” the_text_file | sed -e “s/^> # //g” >> script.sh && echo “Run ./script.sh to install.”

Starting Link I used to get all the steps right:

HYPERTEXTs://mauromoralesDOTCOM/2021/05/11/running-mnt-reform-os-on-an-nvme-disk/
CREDIT: Mauro has an excellent tutorial but it skips around a bit, naming something ‘crypt’ in
some areas and ‘reform_crypt’ in others… making assumptions, ignoring previous states.
His use of the right commands are correct, but there’s no explanation of “why”.

This attempts to correct all that. TAKE HEED - HIS STUFF IS EXCELLENT AND SAVED ME
HOURS so credit where credit is due. Thanks, Mauro.

Legend:
Everything that starts with a ‘#’ is an operation at the root command line interface (CLI).
Everything that starts with a ‘$’ is an operation that doesn’t require root access at the CLI.
Everything that’s numbered includes steps to complete an operation.
Everything that starts with an ‘X’ is an op no longer used but education in keeping here.
Everything else is just meandering comments.

Means “Hey come back to this later and answer the question we don’t know the answer to at this point.”

NOTES:

1. Step 8 is a script that turns this article into a copy and paste shell script to do it all for you. You get to set one parameter, and you pick an encryption phrase. It has been copied up top.

2. We want to use full-disk encryption. Mauro used two partitions, /root and /home. We end up with one drive with one partition and we encrypt it into one Physical Volume (PV). On that we have one Volume Group (VG) and on it we have two Logical Volumes (LVs), one ‘root’ which is the root disk partition (‘/’), and one swap which also works as the suspend-to partition. There’s no right way or wrong way. This method is the same as the one used by Linux Mint’s installer. Mint creates vgmint with vgmint-root and vgmint-swap underneath. We do the same with reformvg-root and reformvg-swap.

3. TODOs:
   a. DONE: Possibly ask for DEV in a prompt or try and figure it out programmatically. This one is so hard of a problem even the Ubuntu-based installers all offer to unmount the USB drive you’re installing from… they can’t tell it’s not a local disk that shouldn’t be unmounted! Google has a different philosophy with their “Flex” aka renev aka NeverReady ChromeOS for PCs… where if it has a removable medium they disallow its use. That won’t work for us either. SO right now hardcoded DEV=something.
   b. See if it will work if we add ‘–exclude=/run --exclude=/proc’ from the rsync. Seriously those are so dynamically created why bother…
   c. Remove previous swapfile entries from fstab. We can easily do this but this won’t handle multiple swaps on a system. So we’ll just leave the old ones commented out and make it the user’s problem.

Used gnome-disks but converted to ‘sgdisk’ to keep it in the CLI, faster, and scriptable. If you want to use graphical use 1b instead of 1a.

1a1. Replace DEV with the device you are working with. Examples DEV=/dev/sda1 , DEV=/dev/nvme0n1p1 , etc. Don’t know which? Unplug and replug new drive… then ‘dmesg’ to see what got unplugged and replugged.

DEV=$1; while [ ! -b “$DEV” ]; do if [ ! -z $DEV ]; then echo “Error: $DEV is not a block device.” ; fi; read -p "Target Device: " DEV ; done

1a2. Make sure it’s not mapped from a previous attempt (same as 2h5). Check if LUKS left things mapped and if so unmap so we can be consistent about where we want it. -r so we undo them in reverse order that they were formed

for dm in ls -1r /dev/mapper | grep -v control ; do echo “Unmapping $dm” ; cryptsetup luksClose /dev/mapper/$dm ; done

1a3. Store the encryption phrase for this script only so we don’t ask and reask for it

read -s -p "Encryption passphrase (script use only): " PASS

1a4. We used to use gnome-disks but it’s graphical and not easy to script. Use ‘sgdisk’ instead. Start by new GPT (GUID Partition Table)

sgdisk $DEV -o

1a5. Now the partition creation.

sgdisk $DEV -n 1

1a6. Then ensure LUKS doesn’t have it mapped.

if [ -b “/dev/mapper/crypt” ]; then cryptsetup luksClose /dev/mapper/crypt; fi

1a7. Make it Ext4 to start.

echo “y” | mkfs.ext4 $DEV

1a8. Encrypt it. Use a short password for testing. It’s easy to change later. See Step ###

echo “$PASS” | cryptsetup -q -v luksFormat --type luks2 $DEV

1b. DEPRECATED. ALTERNATE, Graphical method: Start with the physical partition. Use INSTEAD of 1a if you want graphical. Can run after 1a with no ill effects.

1b1. Replace DEV with the device you are working with. Examples DEV=/dev/sda1 , DEV=/dev/nvme0n1p1 , etc. Don’t know which? Unplug and replug new drive… then ‘dmesg’ to see what got unplugged and replugged.

DEV=/dev/sda1

1b2. Install necessary modules to enable LUKS2 for gnome-disks but we ended up using sgdisk so maybe not needed – test ###

apt install -y libblockdev-crypto2 && systemctl restart udisks2.service Note: If you don’t do this what will happen is it will start, mess up the volume, and show this:

bd_crypto_luks_format_luks2_blob called, but not implemented! (udisks-error-quark, 0) Thanks to ‘nicktux’ at Launchpad bugs: HYPERTEXTs://bugs.launchpadDOTNET/ubuntu/+source/meta-gnome3/+bug/1761995/comments/10 for the Ubuntu fix from 2018.

1b3. Hit ‘+’, Create Partition and click Next to use entire volume
1b4. Select “internal use with Linux systems only (Ext4)” and check “Password protect volume (LUKS)” and click Next
1b5. Enter the same password in both fields and click create. For testing purposes we use a short easy password. It’s trivial to change that later. ###

2. Get the system partition stuff set up on that
   Here’s where Mauro says to use ‘reform-migrate’ but when run it tells you to encrypt stuff to use ‘reform-setup-encrypted-nvme’.
   So… we’ll just do what that script does without being too verbose or making the user copy/paste. Hey, you just reformatted a device,
   so what other damage do you expect to do?

2a. Create the Physical Volume
2a1. Unlock and map it

echo “$PASS” | cryptsetup luksOpen $DEV crypt

2a2. Create the PV

pvcreate -y /dev/mapper/crypt

The ‘-y’ is to allow wiping the original Ext4 signature. If we don’t add the ‘-y’ we’ll see this warning:

WARNING: ext4 signature detected on /dev/mapper/crypt at offset 1080. Wipe it? [y/n]: n
Aborted wiping of ext4.
1 existing signature left on the device.

2b. Create the Virtual Group

vgcreate reformvg /dev/mapper/crypt

2c, Ad put the logical volume in it

lvcreate --name swap --size 8G reformvg

2d. And the root volume

lvcreate --name root -l 100%FREE reformvg

2e. Make sure a previous version of us didn’t leave root mounted

if [ ! -z “findmnt --source /dev/mapper/reformvg-root” ]; then umount -f /dev/mapper/reformvg-root; fi

2f. Create the filesystem on the root LV of the reformvg VG on the crypt PV on partition 1 of $DEV

mkfs.ext4 /dev/reformvg/root

2g. Make the swapfile on the swap LV of the reformvg VG on the crypt PV on partition 1 of $DEV

mkswap /dev/reformvg/swap

2h. Get the logical volume all setup for storing suspend data on ‘swap’ and being able to mount it as well

2h1. Set some variables for cleaner look

SWAPUUID=$(blkid -s UUID -o value /dev/reformvg/swap) && CRYPTUUID=$(blkid -s UUID -o value $DEV)

2h2. Tell the boot process where the swap partition, which is where ‘suspend’ mode is saved, so we can resume from it

echo RESUME=UUID=$SWAPUUID > /etc/initramfs-tools/conf.d/resume

2h3. Tell the cryptography system which UUID (references the drive $DEV) has the name “crypt”

echo crypt UUID=$CRYPTUUID none luks,discard > /etc/crypttab

2h4. Tell the filesystem where to mount the /swap partition (for swapping once we’re not suspended)

We’ll have to come back here and remove any other appended (‘>>’) lines.

cp /etc/fstab /etc/fstab.old && grep -v swap.sw /etc/fstab.old > /etc/fstab && echo UUID=$SWAPUUID none swap sw 0 0 >> /etc/fstab && grep swap.sw /etc/fstab.old | sort -u | grep -v UUID=.none | awk ‘{print "### "$0}’ >> /etc/fstab

2h5. Check if LUKS left things mapped and if so unmap so we can be consistent about where we want it. -r so we undo them in reverse order that they were formed

for dm in ls -1r /dev/mapper | grep -v control ; do echo “Unmapping $dm” ; cryptsetup luksClose /dev/mapper/$dm ; done

2h6. Decrypt the drive

echo “$PASS” | cryptsetup luksOpen $DEV crypt ### make sure undecrypted first

2h7. Inform LVM about our new volume

vgchange -ay reformvg

3. Install new system on it

X reform-migrate /dev/reformvg/root

4. Inform the system to activate the new volume group

X vgchange -an reformvg

5. We are done with this here so un-decrypt it

X cryptsetup luksClose crypt

For now we’re going to retry the above.
202209212006MST - 2H57M

SO what we’ll do is save this first, then copy it to a text file, then run a script to process out what we want.

202209212123MST
Well I think if we use ‘sgdisk’ we can get rid of some of the “click here” stuff and go CLI all the way
So we’ll go up top and get rid of gnome-disk for formatting and use ‘sgdisk -o’ for a new GPT (GUID Partition Table)
–goes
202209212143NST
‘sgdisk’ has replaced ‘gnome-disks’. Now we try the test script.
202209221008MST copied the script to up top.

What does this do?
egrep - only take the commands run as root, starting with ‘>’ (quoted string), ‘#’ (root command), ’ ’ (space), and [[:alpha:]] (A-Z and a-z)
read line - process them line by line
read - show the user the line to run. If they hit [Enter], ‘Y’, or ‘y’ run it

202209220038
This has been iterated. Only one thing remains up top and that’s removing the extraneous ‘swap’ entries in ‘/etc/fstab’ at Step 2h4.

Now let’s take a look at actually installing the system. Mauro says to run ‘/usr/sbin/reform-migrate’ and that’s a short 107-line script filled with comments and ‘echo’. It also has many options but here we’re looking at a simple one. One hard drive partition, one crypto partition, one VG, two LVs, and there you go.
Here’s what it does:

echo "cryptsetup luksOpen /dev/nvme0n1 reform_crypt"
echo "vgchange -ay reformvg"
echo "reform-migrate /dev/reformvg/root"
echo "vgchange -an reformvg"
echo "cryptsetup luksClose reform_crypt"

vgchange -an reformvg
cryptsetup luksClose reform_crypt

echo “You can now reboot into your encrypted System.”

6. In step 5 we un-decrypted ‘crypt’, so let’s redo that.
   6a. Decrypt it

echo $PASS | cryptsetup luksOpen $DEV crypt

6b. Make sure the Volume Group is happy knowing about it being here

vgchange -ay reformvg

7. Let’s see what reform-migrate brings us:
   Usage would be reform-migrate --emmc /dev/mapper/root

7a. We’d have to map it first with luksOpen ### doesn’t seem to need this. Instead we’ll ‘partprobe’ to avoid stale filesystem info

partprobe

echo cryptsetup luksOpen /dev/mapper/reformvg-root ### is this needed or not?

7b. Create temporary mountpoint and mount it

MNT=/mnt/$USER/root ; if [ ! -d $MNT ]; then mkdir -p $MNT ; fi ; mount /dev/mapper/reformvg-root $MNT; echo “$DEV Mounted at: ls -l $MNT” ; df | grep $MNT

7c1. Copy the new system from the sdcard to the USB/SDD/NvME. Note we ignore the “Do you really want to do this” since… we’ve wiped this disk twice now. No harm left!

rsync -axHAWXSv --exclude=timeshift/snapshots/* --numeric-ids --info=progress2 / $MNT

Notes:
timeshift - I installed timeshift and took a snapshot on the sdcard of the entire sdcard os
-a = -rlptqgoD no -HAX
r=recursive, l=keep symlinks as symlnks, p=preserve permissions, t=preserve mod times, q=quiet, g=preserve group, o=preserve owner, and D=preserve special files
-x = stay on one filesystem – makes no sense on a new initial sync
-H = preserve hard links
-A = preserve ACLs
-W =copy whole files without deltas - makes no sense on an initial rsync since it has to copy whole files
-X = preserve extended attributes
-S = make series of nulls into sparse blocks
-v = give us status on individual files… more useful than --progress

7c2. We’re done so unmount and unmap…

umount $MNT ; for dm in ls -1r /dev/mapper | grep -v control ; do echo “Unmapping $dm” ; cryptsetup luksClose /dev/mapper/$dm ; done

8. This has been iterated enough times to make it clear this script works from scratch. The script is now up top.

X copy all this stuff here (^A ^C)
X cat > the_text_file [Enter] ^D
X echo ‘#!/bin/bash -xv’ > script.sh && chmod o+x script.sh
X egrep "^> # " the_text_file | sed -e ‘s/^> # //g’ >> script.sh && echo “Run ./script.sh to install.”
X ./script.sh

9+ Other instructions to make the hardware dip switch flip, and update the bootloader selection process.
Well get to that later.

202209220109MST
We’ve iterated through all Steps 1-7c1 and it works over and over and over. “Tomorrow” (later today)
we’ll tackle Steps 7a and whether we need a luksOpen there, and then deal with the hardware stuff.

202209220131
Finished the notes 1-3, the TODOs, did the rsync twice to see that it really worked and other than a couple
of ‘/var/log’ things and my own ‘.bash_history’ nothing got copied. Win.

202209220941MST
I’ve decided there’s no easy way to algorithmically ‘know’ with determenism which is our target device,
so let’s have the user input it.

202209221022MST
Break time. DEV stuff is fixed. Now working on other gotchas from running this multiple times.

202209221330MST
Back to it. Add ‘X’ for disabled commands. Retry script

• select all text here, ^C for copy
• in CLI cat > the_text_file
• shift-^V for paste
• ^D for end of file
• run the script

cat test.sh
#!/bin/bash
egrep “^> # [[:alpha:]]” the_text_file | sed -e “s/^> # //g”
./test.sh

Copy all the output and paste it back in a root shell. Answer two questions:

1. Target device: (I used /dev/sda1)
2. Encryption passphrase

Later we change this passphrase to the real one… hopefully longer and better than test ones:
cryptsetup luksChangeKey /dev/sdX

Example: sudo cryptsetup luksChangeKey /dev/sda1

(You could add multiple keys but we are kind of assuming you chose a short easy key for the install. Now time to ditch it. Also we could put this as a last step in the script, but what if YOU chose a GREAT passphrase… why force a change, and I hate asking questions in a script…)

202209221420MST
Got the mounts/umounts fixed. No issues. If you put it as a script you can specify $1 as the target device.
1 iteration tested

2nd iteration – now a script to build the script from this explanation

• copy all this stuff here (^A ^C)
• cat > the_text_file [Enter] ^D
• echo ‘#!/bin/bash -xv’ > script.sh && chmod o+x script.sh
• egrep "^> # " the_text_file | sed -e ‘s/^> # //g’ >> script.sh && echo “Run ./script.sh to install.”
• ./script.sh

2022091221413
3rd iteration done, let’s just let it go for the whole thing as per the 5 steps in 2nd iteration

202209221429
4th iteration done, fix a typo
5th iteration done, fix sed with ’ instead of escaping the ‘#’ in the substitution
6th iteration done, fix copy of script to just be a copy with ‘X’ in front… don’t run it then!
7th iteration done, no changes
8th iteration done, all good so remove temporary -n from rsync (don’t do it, just pretend, goes faster for debugging!)
9th iteration done, real rsync takes a while… sdcard read IOps are not high… this is not a secret. 8.5 Minutes averaged 16MB/sec
10th iteration done, and we fixed the /etc/fstab multiple swap entries, and preserve the old ones as comments and old file as ‘/etc/fstab.old’
11th iteration done, time sync ./script.sh still says 8.5 minutes

We’ll get on with the rest of the program shortly, but
MOUNTING:

• mount the encrypted PV cryptsetup luksOpen /dev/sda1 crypt
• mount the VG vgchange -ay
• create a mountpoint MNT=/mnt/root ; if [ ! -d $MNT ]; then mkdir -p $MNT ; fi ; mount /dev/reformvg/root $MNT
• enjoy. When done umount $MNT ; rmdir $MNT ; cryptsetup luksClose /dev/sda1 or reboot

202209221710MST I said I’d get to the rest of it today but thus far I’ve only perfected the software piece.

Started: Who knows with what.
Ended: This “Explanation” and the script generate a 31 line script that only needs two inputs: Target Device, and Encryption Phrase, and it does the rest.
Next up:

• Configuring booting from NVMe. Mauro refers readers to the Operators Handbook but we’ll cut it short here. Screwdriver needed to remove heatsink and flip DIP switch. (Well also to install NVMe).
• Will have to get this file HYPERTEXT://mntreDOTCOM/reform_md/flash-rescue-reform-init.bin
• Unlock boot partition echo 0 > /sys/class/block/mmcblk0boot0/force_ro
• Flash the binary dd if=flash-rescue-reform-init.bin of=/dev/mmcblk0boot0 bs=1024 seek=33
  -Configure reform-init ###look at that### to use nvme because the name matters###
  reform-boot-config nvme

20220922MST we’ll flesh all that out after I enjoy this top-round roast, thinly shaved over brioche bun with au jus for dipping.

202209231934MST
Almost a day has gone by. Let’s see what we need to do here… First, we’re done with Mauro’s info so let’s go to the next step with
the Operator’s Handbook and Bibliocar with kudos to Mtnmn at HYPERTEXTs://community.mnt.re/t/how-do-i-create-a-bootable-image/533/4

1. We want to get that boot image.

cd /usr/local/bin &&& wget HYPERTEXT://mntreDOTCOM/reform_md/flash-rescue-reform-init.bin

2. Allow the boot partition to be writeable (normally read-only)

echo 0 > /sys/class/block/mmcblk0boot0/force_ro

2. Flash that binary

dd if=flash-rescue-reform-init.bin of=/dev/mmcblk0boot0 bs=1024 seek=33 ### how do we know to mess with /dev/mmcblok0boot0?

3. Configure reform-init, and here’s where some of what Bibliocar said Mtnmn said will come in handy ###
   The last Mauro suggestion was reform-boot-config nvme and he said nvme was important because the name
   matters, and Bibliocar pretty much said it had to have “usb” or “nvme” or be “/dev/sdaX”. Let’s dig in.

‘/usr/sbin/reform-boot-config’ is 132 lines (at present) and a lot is very talkative. Let’s distill it down.

• have to run it as ‘root’

• the usage is ‘reform-boot-config [-emmc] {sd,nmve,usb,emmc}’
  the -emmc means we are serious about emmc and also have to flip the DIP switch under the heatsink

• from the script, the selection of the parameter gets us:
  Choosing sd, nvme, usb or emmc will set the root partition to /dev/mmcblk1p2, /dev/nvme0n1p1, /dev/sda1 or /dev/mmcblk0p2,
  respectively.i" <— (why is this ‘i’ there??? -ed)

  “You can choose another root partition by passing the absolute device path starting with /dev/ explicitly,
  For example, to boot from an LVM volume, run: reform-boot-config /dev/reformvg/root”

• Well that’s awfully convenient for us. We know it’s going to be the LVM volume thing… and it won’t require a DIP switch flip,
  so effectively we’ll puzzle out what ‘reform-boot-config /dev/reformvg/root’ will do.

• if ‘/mnt’ has something mounted there the whole damn script aborts. Seriously? Go use ‘mktemp’. Sigh.

• it then sets ‘$ROOTPART’ based on the choice to either ‘mmcblk1p2’, ‘nvme0n1p1’, ‘sda1’, ‘mmcblk0p2’ respectively.

• if there is no such block device as ‘/dev/$ROOTPART’ quit again… unlike my script that just prompts you again.

• defines cleanup() to umount /mnt/boot, /mnt/dev, /mnt/sys, /mnt/proc and /mnt

• sets that as the trap for EXIT INT TERM

• mounts /mnt (/dev/sda1), /mnt/boot (our existing /boot which is /dev/mmc1blk1p1) and special mount (bind) /mnt/dev and mounts /dev/sysfs and /dev/proc

• verifies ‘/mnt/etc/fstab’ is right, and adds /mnt and mnt/boot to it

• it then updates the inital ramdisk filesystem (‘update-initramfs’)

• it then either tells you your boot partition is on nvme and flip the switch to off, or it’s on the sdcard and flip the switch off. THIS IS WRONG because if it’s on USB it will still tell you it’s on sdcard.

• reboot.

OK, what about reform-init? It starts off like this:

Read config file generated by reform-boot-config script

BOOTPREF=$(cat /reform-boot-medium)

Default to SD card

BOOTPART=“/dev/mmcblk1p1”

But reform-boot-config ISN’T created by reform-boot-config and DOESN’T EXIST anywhere on the system!

The rest of this is just poor coding. Try this, then that, and never look up the real settings and repetitive code.

This will need to be rewritten. Not on a Friday Night, says I.

This IS EXACTLY what Biblio did. So now I know this is the right way to go. I just have to think of an elegant
way to do this. Also I’m thinking “If the way you’re told to do this failed, just go back to the SDcard”. That way
we kind of have a safe mode. The problem there is how to prevent a loop. Will sleep on that. ###
202209232006MST

Hi,

I’m a bit confused by what you write. Is this not exactly what the reform-system-encrypted-nvme script is doing?

You also mention the reform-init script and you talk about having one partition for / and one for /home. This and other bits hint that maybe you are not yet using sysimage-v3?

You mention several bugs and issues with the existing script in your long post. I would like to respond to those but there are many and this forum is not a good place to address each of these issues individually. Could you open new issues for every problem you found in either of those repositories:

• Issues · Reform / MNT Reform Tools · GitLab
• Issues · Reform / reform-system-image · GitLab

Then we can talk about how to best fix these problems so that future users are not affected by them anymore.

Thanks!

Of course! I apologize for posting in the wrong place. It being 0433 local, it will take me a little sleep (and maybe another day to figure out how to post code segments for shell scripts) to do so.

Thank you for the pointers!

Ehud

Discourse forums and Gitlab (and Github) use Markdown for formatting, including code. See How do I format my posts using Markdown or HTML? - Help Center - Stack Overflow for examples. The main takeaway is to use three backticks/grave accents before and after a code block, and to add the language after the first set of backticks to get correct syntax highlighting. The editor will try to figure out what language is present and highlight according to that, but it often guesses wrong, so double check that the highlighting is correct and add the language specifier if necessary. Shell output that does not need syntax highlighting can use ```sh for that.

Thank you yet again for another informative and helpful hint. I’ll bone up on Markdown before the next non “one text paragraph” post
E

Before you post issues, please try out this new version of reform-boot-config which should address some of the issues you raised earlier:

Before you post issues, please try out this new version of reform-boot-config which should address some of the issues you raised earlier:

I’ve taken a lengthy look at it, and it is certainly an improvement. I’ll test it out within the next 24hrs. Would you like suggestions or (once I get approved) git pulls?

E

Whatever works best for you. No rush!

I tested it, and it fails to boot. Complete details below. If you want some debugging info I have the SD card now mounted in a different laptop.

• Started with a system that boots SD and then switches to USB (/dev/sda1) with no encryption, logical volumes etc. Tested over many days boots just fine.

• Ran the upgraded script (renamed) 20221009_reform-boot-config sd. When done it said:
  Your /boot partition is on your SD-Card (/dev/mmcblk1p1).
Make sure that your DIP switch has been set to ON.
Restart MNT Reform (type: reboot) after saving your work to activate the changes.


• Rebooting after that got me a black screen, powered on USB card blue light, but no activity on it, and nothing changed after 180secs. I removed the USB card, powered off, powered on and while it looked like it might one day display something, again, nothing after 180secs.

I can
a) Recover using initramfs_bak=/boot/initrd.img-5.19.0-reform2-arm64.dpkg-bak
b) Recover by redoing dd from reform-system.img.gz with md5sum 9b8f6d26c94f1bf9ac76235aa30751a8
c) Any other suggestions?

Thank you again!

Ehud

I can replicate this. Log below.

1. Take the nonbooting system. Copy /boot from timeshift to sd.
2. Now it boots just fine, still on /dev/sda1 like the last backup I took was before trying reform-config-boot (new) to switch to sd.
3. reform-config-boot sd
4. It will not boot.
5. recopy the good /boot files back to /boot
6. boots fine (note that the script isn’t happy /boot is mounted)

E

root@reform:/usr/sbin# ./20221009_reform-boot-config sd
This script selects your preferred boot medium. It writes your choice to the file /etc/fstab

the /boot partition /dev/mmcblk1p1 referenced by the rootfs at /dev/mmcblk1p2 remains the same
/etc/fstab already contains the correct entries
update-initramfs: Generating /boot/initrd.img-5.19.0-reform2-arm64
egrep: warning: egrep is obsolescent; using grep -E
grep: warning: stray \ before #
Using DTB: freescale/imx8mq-mnt-reform2.dtb
Installing /usr/lib/linux-image-5.19.0-reform2-arm64/freescale/imx8mq-mnt-reform2.dtb into /boot/dtbs/5.19.0-reform2-arm64/freescale/imx8mq-mnt-reform2.dtb
Taking backup of imx8mq-mnt-reform2.dtb.
Installing new imx8mq-mnt-reform2.dtb.
Installing /usr/lib/linux-image-5.19.0-reform2-arm64/freescale/imx8mq-mnt-reform2.dtb into /boot/dtbs/5.19.0-reform2-arm64/freescale/imx8mq-mnt-reform2.dtb
Taking backup of imx8mq-mnt-reform2.dtb.
Installing new imx8mq-mnt-reform2.dtb.
flash-kernel: installing version 5.19.0-reform2-arm64
Generating boot script u-boot image… done.
Taking backup of boot.scr.
Installing new boot.scr.
Your /boot partition is on your SD-Card (/dev/mmcblk1p1).
Make sure that your DIP switch has been set to ON.
Restart MNT Reform (type: reboot) after saving your work to activate the changes.
root@reform:/usr/sbin# sync && poweroff


This tells reform-boot-config that you want to boot a rootfs on the second partition of the SD-Card (/dev/mmcblk1p2) using a /boot partition on the SD-Card (/dev/mmcblk1p1). But if I understand it correctly, you have your rootfs on a USB-drive? In that case you should probably run something like reform-boot-config usb or, more explicit:

reform-boot-config /dev/sda1

It also helps to have a serial adapter attached while booting so that you can see what is going wrong.

I was booting off a USB and I tried to use the script to switch back to “just the sdcard”. Neither the original script (horrible failure, trying to think that “sd” is a block device) nor the latest version accomplished that.

I easily switched from sd to USB … but switching back is not working. I’ve ran it through 4 times now, the last time step by step “correcting” what isn’t correct (it wants to use /dev/mmcblk1p1 as the root instead of p2…

Eventual goal - unimportant for now - to boot of whatever is available.

Current goal - switch from sd–>usb to sd only. I do have a DB9-USB RS232 cable but haven’t read the chapter in the manual as to how to connect to the serial interface.

It seems simple, and on an sd–>USB system I can “switch to USB” (which it’s already on and the only thing that broke is now the / fs boots ro and I have to manually mount -o remount -options=rw / but other than that livable.

I’m wondering if anyone tested going back to sd after installing NVMe. It kinda looks like “no”…

Ran new script 3 times. Ran original half a time (it’s a mess). Ran manual commands once… ran them as if I was going to USB but switched out /dev/sda1 to be /dev/mmcblk1p2. Nothing worked.

I was up for F1 last night/this morning, so going to be out for a bit

What stops you from just flashing the latest sysimage-v3 to an SD-Card and call it a day?

It is really hard to solve your problem without knowing what is going on. And to know what is going on you need a way to see what you Reform is doing during boot. For that you need a USB TTL UART cable. This is not the same as RS232. A RS232 adapter will not work.

I have tested this locally and it worked fine with the new version of reform-boot-config.

Maybe there is a confusion of terminology here? You say you are “booting off USB”. This is not quite what can happen. The SoM can only load uboot from either eMMC or from the SD-Card (depending on the setting of the DIP switch) but not from USB. Then uboot (from wherever it is loaded) will try to find a partition with a boot.scr on it either on eMMC, on the SD-card or on a USB drive. After loading that boot.scr, a kernel and initrd will be loaded from the same location. The initrd can then again load a rootfs and that rootfs can be located either on eMMC, the SD-card, a USB drive or a NVMe drive.

So to investigate this further we need to know:

• what is the position of your DIP switch
• which uboot version is installed on eMMC or your SD-card (based on the last question)
• what boot.scr, kernel and initrd is placed on the first partition of either eMMC, SD-Card or USB

And what happens if you remove the USB drive and just insert a freshly flashed SD-Card with sysimage-v3 and try to boot from that?

Excellent questions, and yes I’m aware that it doesn’t boot from the USB directly. Full answers below, but first thank you for continuing to help me learn this.

It is frustrating that the documentation isn’t sync’d so one source ‘get X from here’ and the other says ‘build X from other-here.’ There’s no unified “one place that leads to all others” that is always correct. This is where the ‘arch’ community really has everyone else beat… which makes it easier for new entrants to get up to speed without falling into rabbit holes.

Numbered TL;DR:

1. Boot from SD. SD originally continued as is with dd’s sysimage and when done all partitions were on the SD.
2. Now /boot still on SD but it then mounts / on /dev/sda1 on usb. Works fine
3. Attempting to return to state 1 (SD only) results in a black screen.
4. If you’re saying I must get a UART cable and another laptop and can’t get any useful feedback via either mini-OLED or HDMI screen, I guess that’s one more thing to buy.

E:

DIP switch ALWAYS is in the SD position from factory. I won’t remove the heatsink until the new thermal paste arrives in two days. (No local electronics store exists )

Uboot version - not sure how to get that so the answer is “whatever is in the newest system image I dd’d to the SD card.”

Version of boot.scr (unkown):

dumpimage -l boot.scr
Image Name: boot script
Created: Thu Oct 6 07:13:44 2022
Image Type: AArch64 Linux Script (uncompressed)
Data Size: 3124 Bytes = 3.05 KiB = 0.00 MiB
Load Address: 00000000
Entry Point: 00000000
Contents:
Image 0: 3116 Bytes = 3.04 KiB = 0.00 MiB


Kernel:

I agree. I wrote document boot options (#2) · Issues · Reform / reform-handbook · GitLab in an effort to update some of the things that are wrong in the handbook as of the release of sysimage-v3 but somebody (not me) has to go through the handbook and correct all the things to align with reality again at some point.

I find especially the arch wiki first class. I’m a Debian Developer but I regularly consult the arch wiki because of how well it documents system components.

But if you flash a fresh sysimage-v3 as built by the CI to your sd-card it works or not?

The problem is, that uboot does not activate the display. This is only done later by Linux itself. This means that if there is any error happening before the linux and the initramfs are loaded, it cannot be seen on the screen. This can be fixed but nobody added the necessary code to turn on the display to uboot yet. Luckily, the USB UART adapters are very cheap and can be acquired for less than 10 EUR.

The problem is, that the artifacts produced by the gitlab CI jobs expire after some time. So instead, one has to either manually select the latest successful CI job and get the artifacts from there or use this link which automatically will lead you to the latest successful build:

That link is also published on the release page:

Looking at your output of uname -a and the timestamps and name of your initramfs, it looks like you are using sysimage-v3.

These are not installed on your system. I hope you are not running that script as root? You can run it without being root and then it will be clear that those packages are not installed on your system (because the script will not have the necessary privileges to do so) but into the sysimage.

Right now, you need 4.3 GB of disk space to build the system image. 120 GB of free space are way more than enough. The final image is only a few GB large, so 120 GB is plenty. You have to copypaste the exact error message or otherwise I cannot tell you more about what happened.

Ok, back up. SD/SD works with new image, so yes, I will reflash shortly and retry these procedures. In other words, if I reflash (what you say I have is sysimage-v3) to the SD it boots and both / and /boot are on mmcblk (p2 and p1 respecctively).

I was running it as root. I won’t make execuses, but I put it all in /usr/local/src not ~/myhome … and didn’t chown it. Point taken. However, it was the images and the tarballs and userland directories that were eating up MUCH more than 4.xGB:

#usr/local/src/reform-system-image# du --max-depth=1 -h -x
200K ./reform1-imx6qp
9.8M ./.git
21G ./reform2-imx8mq
21G .

#usr/local/src/reform-system-image/reform2-imx8mq# ls -alh
-rw-r–r-- 1 root root 2.5G Oct 10 02:03 reform-rescue-system.img
-rw-r–r-- 1 root root 9.3G Oct 10 02:27 reform-system.img
drwxr-xr-x 17 root root 4.0K Oct 7 06:57 target-userland
-rw-r–r-- 1 root root 6.6G Oct 10 02:24 target-userland-full.tar
-rw-r–r-- 1 root root 1.9G Oct 10 01:46 target-userland.tar

And the last thing it printed:

mke2fs 1.46.6-rc1 (12-Sep-2022)
fs_types for mke2fs.conf resolution: ‘ext4’
Discarding device blocks: done
Discard succeeded and will return 0s - skipping inode table wipe
Filesystem label=MNTREFORMROOT
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
577088 inodes, 2304000 blocks
115200 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2151677952
71 block groups
32768 blocks per group, 32768 fragments per group
8128 inodes per group
Filesystem UUID: 604c2da0-2780-47ec-b1da-d61e104f71ee
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Copying files into the device: crtbegin.o: Ext2 inode is not a directory while looking up “crtbegin.o”
mke2fs: Ext2 inode is not a directory while populating file system


I apparently partitioned the 120GB USB SDD as 40GB for ‘/’ and 80GB unused, but this is is still a humongous download and resource effort. I’ll go with what you said - I have the right sysimage-v3 so don’t need to build again.

I assume I have the right u-boot because I downloaded that from git as well.

Today’s ‘work’

1. Flash new image on SD
2. Test SD-only config (worked fine before on multiple flashes)
3. Convert to SD–>USB config (same comment)
4. Convert back to SD–>SD (has not worked, but for me if there’s no regression option, something is not right)
5. Convert back to SD–> USB (depends on 4)
6. Convert back to SD–>SD (second test, depends on 4, requires 5)
7. Convert to SD–>encrypted USB
8. Convert back to SD–>SD (third test, requires 7, no deps)

I do take a lot of detailed notes, and I do keep logs, but alas no UART. I agree with you on arch’s documentation… superb. In a previous life I taught coding teams about ‘process’ and ‘documentation’ being paramount before coding. In this case if I understand correctly you’re saying there’s a toolset issue and documents are timed out or are inaccurate. I’m too newb here to suggest a replacement, but an out-of-gitland page with starter links and “better” README.md files would be useful… but of course getting working code is higher priority for an already-released product people are using.

Keep those questions and advice coming. Other than the lack of feedback from the device prior to linux… I’m making progress by seeing this not work. That helps too. Just not in the happy ‘birthday cake’ way.

Thanks, Josch.

Ehud
P.S. I can’t seem to quote the previous replies… it works when I edit, but when I hit “Reply” your part goes away. Probably because I’m a newb but not sure.