Disable Boot ReadOnly with OverlayFS on PiOS

PiOS shipped with Overlay FileSystem support. When enabled, the main partition (the second one) will be locked. The protection of OverlayFS doesn’t cover the boot partition (the first one). Boot partition can be set to read-only by raspi-config or editing fstab config file.

The problem is due to the read-only of the main partition, the mounting mode (readonly or read-write) cannot be changed when OverlayFS enabled. While disabling OverlayFS through raspi-config, there is no way to set the boot partition back to read-write before OverlayFS disabled, which requires a reboot. But when enabling OverlayFS, raspi-config has an option to set the boot partition to read-only at the same time before rebooting. In another word, when disabling both OverlayFS and Boot partition ReadOnly, the PiOS need to be reboot twice.

For easing the process for disabling both OverlayFS and change the boot partition back to writable, I write a script to set the boot partition writable when OverlayFS is not enabled currently. Sadly, there are two version of the script, based on the version of raspi-config.

For early releases of PiOS, raspi-config command line returns nothing but set the exit code. But it changed recently to print the result directly without setting the exit code. You can check your version by running such a command /usr/bin/raspi-config nonint get_overlay_now when OverlayFS is not enabled. For the old releases, nothing will be printed but a 1 is printed when you run echo $? after that. For new ones, you will get a 1 printed directly after the command /usr/bin/raspi-config nonint get_overlay_now processed and the exit code will always set to 0. The lucky thing is the raspi-config seems not be upgraded by apt command.

Now, let’s create the script named /usr/local/sbin/disablebootro.sh on your disk. Of cause, don’t do that with OverlayFS enabled.

Here is the version for the old silenced raspi-config:

#!/bin/sh
/usr/bin/raspi-config nonint get_overlay_now
if [ $? -eq 1 ]; then
  echo "Overlay FS is disabled."
  /usr/bin/raspi-config nonint get_bootro_conf
  if [ $? -eq 0 ]; then
    echo "Boot RO is enabled. Disabling..."
    /usr/bin/raspi-config nonint disable_bootro
    echo "Done. Rebooting..."
    reboot
  else
    echo "Boot RO is disabled."
  fi
else
  echo "Overlay FS is enabled."
fi

And this is for the new releases:

#!/bin/sh
OverlayFS=$(/usr/bin/raspi-config nonint get_overlay_now)
if [[ $OverlayFS -eq "1" ]]; then
  echo "Overlay FS is disabled."
  BootRO=$(/usr/bin/raspi-config nonint get_bootro_conf)
  if [[ $BootRO -eq "0" ]]; then
    echo "Boot RO is enabled. Disabling..."
    /usr/bin/raspi-config nonint disable_bootro
    echo "Done. Rebooting..."
    reboot
  else
    echo "Boot RO is disabled."
  fi
else
  echo "Overlay FS is enabled."
fi

Then, assign permission to this script for running by this command below.

chmod +x /usr/local/sbin/disablebootro.sh

Now, let’s create a systemd service to run this script when booting by create a file /etc/systemd/system/DisableBootRO.service with the content below.

[Unit]
Description=Disable Boot RO when Overlay Disabled
ConditionPathExists=/usr/local/sbin/disablebootro.sh

[Service]
WorkingDirectory=/usr/bin
ExecStart=/usr/local/sbin/disablebootro.sh
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
User=root
KillMode=process

[Install]
WantedBy=multi-user.target

And set the service start with system by this command:

systemctl enable DisableBootRO.service

It’s done. Every time the PiOS booting, this script will be run. When OverlayFS is disabled but the boot partition is left as read only, it will set the boot to writable and reboot. You just need to disable OverlayFS from raspi-config and reboot, leaving the boot partition things to this script and service.