noauto option ignored in /etc/fstab?
jw at raven.inka.de
Wed Dec 6 09:58:54 UTC 2017
On Tue, Dec 05, 2017 at 12:40:31PM -0500, Tom H wrote:
> > I understand that grub wants to remember that the last boot was successful.
> > But:
> > 1. It stores only an empty /boot/grub/grubenv (1024 bytes of '#' characters)
> > 2. shouldn't it undo what it have done? When it needs to mount an unmounted
> > partition, it should umount this partition again when done.
> I disable grub-common on my Ubuntu and Debian systems, so I don't
> really care what/where/how.
I thought grub is mandatory? How do you boot without grub? The days of lilo
> I suspect that the great majority of Ubuntu installations "/boot" is
> always mounted, even if it's a separate filesystem but you could file
> an RFE to take your use-case into account.
My use-case is a completely encrypted laptop. Since /boot can't be encrypted,
I've implemented the following strategy to detect whether the boot partitions
1. The following script is run regularly by cron:
mkdir -p $DIR
md5sum /dev/sda >$TMP
LASTFILE=`ls md5log-*T* | tail -1`
if cmp -s "$LASTFILE" "$TMP" ; then
mv $TMP md5log-`date -Iseconds`
2. Before booting, I check whether somebody messed with the boot partitions.
I do this by booting a live-CD, cryptsetup+mount the partition with the
logs, and running the following script:
FILE=`find "$DIR" -name 'md5log-*' | sort | tail -1`
md5sum /dev/sda | diff -qs -- - "$FILE"
Since the log files with the original md5sum's are on an encrypted FS, nobody
can mess with the unencrypted partitions without me to notice it.
But this works only, when the /boot partition is normally not mounted. This is
because mounting/umounting the partition will modify it.
Do you think this use case is considered to be "sane" by the Ubuntu-Gurus? Or
will they just call me paranoid ;-)
> >> [You might want to add "x-systemd.auto" to the "/boot" line in
> >> ?etc/fstab". "/boot" will be automounted when it's needed.]
> > Will this umount the partition again when it's no longer needed?
> You can add "x-systemd.idle-timeout=xxx" too.
I really see only one use case for /boot to be mounted: Upgrade of
grub/kernel/initrd. There's really no reason for /boot to remain mounted all
the time. When some script (in this case grubenv) wants to mount it, this
script should undo what it has done.
jw at raven.inka.de
More information about the ubuntu-users