Clarify Project Policy on Default Writes to NVRAM

Michael Richardson mcr at sandelman.ca
Sat Aug 23 17:03:33 PDT 2025 

Tom Li via openwrt-devel <openwrt-devel at lists.openwrt.org> wrote:
    > For OpenWrt routers, writing to NVRAM by default can serve useful
    > purposes in several contexts:

Would the discussion change if these things went into uboot variables?
While that's often the same NVRAM as the system, sometimes it's not.
NVRAM is also getting much better.
(Of course, I think that there are systems that don't use uboot)

Certainly the IPv6 prefix seems like a good candidate.
It doesn't change that often.  So a READ-CHECK-MODIFY-WRITE process would
avoid wear.

urandom and last-known system date are ideally written only just before
shutting down, but my bet is that 90% of shutdowns are because power loss.
So, really both need to be written periodically, which is exactly what hurts NVRAM.

    > As a result, any project discussion that involves writing to the
    > filesystem would quickly become an off-topic one about "whether one
    > should write to NVRAM by default" rather than its original
    > problem. Although the answer seems to be "No, we shouldn't", but those
    > discussions had an extremely limited audience - only a few developers
    > (perhaps 3) who happened to work on that specific project were
    > involved, their ideas and conclusions are not known to others. The next
    > time the same problem is raised in a different context, the whole
    > discussion repeats again. For example, in [1], Etienne Champetier said
    > that they "would love to have more devs comment".

:-)

    > We need to answer these questions:

    > 1. In the current OpenWrt Stable Release or Development Build, do we
    > have anything that writes to the filesystem by default (e.g. do we
    > still have /etc/dnsmasq.time)? If yes, do we have a full list of them?

    > 2. When is it acceptable to write to NVRAM by default? Always banned?
    > Or is it conditionally allowed, with a rate limit (based on the file's
    > timestep and NTP time, via NTP hotplug)? My impression is that
    > rate-limited writes are allowed by the project, but this needs
    > clarification.

I think this is the right policy.

    > 3. Should we set a filesystem default-write policy for all OpenWrt
    > packages?

Packages should say if they follow that policy.
(Probably we should have policies more subtle than 0/1)
Perhaps no default/critical packages should write more often than X.

    > 4. In a previous discussion, an alternative solution was suggested by
    > John Crispin that "let's add a system.system.write_state_to_
    > flash_on_boot=0/1 UCI option, and lock this and the DNSSEC time stuff
    > with it, and default it to 0". Should we consider this idea?

This is a good thing to do, regardless.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20250823/62c0354b/attachment.sig>

More information about the openwrt-devel mailing list