/boot on a separate partition

[vnd]

We're using OSTree on an embedded Linux board, with rootfs produced by Yocto using meta-updater, and U-Boot as a bootloader. Now we need to encrypt root partition with LUKS, meaning that boot artifacts have to reside on a separate boot partition (since root partition will be encrypted).

However I can't figure out what is the proper way make OSTree work with /boot on another partition. Apparently it has to do something with symlinks, or so it seems from PR #2149 and also ostree-prepare-root.c file, but I don't quite get it.. Manually mounting boot partition under /sysroot/boot inside initrd seems to work but looks like an ugly workaround, or?

[cgwalters]

Hi, #2705 should help a lot with this. Can you give it a try?

[msalvinik]

Hi @vnd, did you manage how to move the /boot directory under another partition? I have the same setup and same requirements and I'm struggling finding a way to do this...
Seems to me that to have the separate boot part, the ostree filesystem has to be prepared with /boot mounted from a separated boot part...but for good reasons meta-updater prepares the ostree filesystem with /boot and /ostree on same partition

[vnd]

@msalvinik we ended up with this:

• copy data from ostree 'boot' folder to the boot partition at the end of board flashing process
• mount boot partition to '/sysroot/boot' inside initramfs, just before 'ostree-prepare-root /sysroot'

[msalvinik]

thanks for sharing that @vnd, works like a charm

[msalvinik]

@vnd I would add just another little bit of information.
Also the following setup works:

• copy data from ostree 'boot' folder to the boot partition at the end of board flashing process, AND remove the ostree 'boot' folder
• mount boot partition to /boot during init system startup using /etc/fstab, instead of doing it in initramfs