Clarify Project Policy on Default Writes to NVRAM

Sebastian Moeller moeller0 at gmx.de
Sat Aug 23 23:46:28 PDT 2025 

See below...

On 24 August 2025 02:03:33 CEST, Michael Richardson <mcr at sandelman.ca> wrote:
>
>Tom Li via openwrt-devel <openwrt-devel at lists.openwrt.org> wrote:
>    > For OpenWrt routers, writing to NVRAM by default can serve useful
>    > purposes in several contexts:
>
>Would the discussion change if these things went into uboot variables?
>While that's often the same NVRAM as the system, sometimes it's not.
>NVRAM is also getting much better.
>(Of course, I think that there are systems that don't use uboot)
>
>Certainly the IPv6 prefix seems like a good candidate.
>It doesn't change that often.  

That is a hypothesis, not a fact unfortunately. ISPs, as far as I can tell, do not all have a decent grasp on IPv6 provisioning so there will be cases in which the prefix changes quite often. Hopefully these will be transient, but I would not bet the farm on that...
So I thing saving this information out should be done in a rate limited fashion and cause a report if attempted too often, no?

>So a READ-CHECK-MODIFY-WRITE process would
>avoid wear.
>
>urandom and last-known system date are ideally written only just before
>shutting down, but my bet is that 90% of shutdowns are because power loss.
>So, really both need to be written periodically, which is exactly what hurts NVRAM.
>
>    > As a result, any project discussion that involves writing to the
>    > filesystem would quickly become an off-topic one about "whether one
>    > should write to NVRAM by default" rather than its original
>    > problem. Although the answer seems to be "No, we shouldn't", but those
>    > discussions had an extremely limited audience - only a few developers
>    > (perhaps 3) who happened to work on that specific project were
>    > involved, their ideas and conclusions are not known to others. The next
>    > time the same problem is raised in a different context, the whole
>    > discussion repeats again. For example, in [1], Etienne Champetier said
>    > that they "would love to have more devs comment".
>
>:-)
>
>    > We need to answer these questions:
>
>    > 1. In the current OpenWrt Stable Release or Development Build, do we
>    > have anything that writes to the filesystem by default (e.g. do we
>    > still have /etc/dnsmasq.time)? If yes, do we have a full list of them?
>
>    > 2. When is it acceptable to write to NVRAM by default? Always banned?
>    > Or is it conditionally allowed, with a rate limit (based on the file's
>    > timestep and NTP time, via NTP hotplug)? My impression is that
>    > rate-limited writes are allowed by the project, but this needs
>    > clarification.
>
>I think this is the right policy.
>
>    > 3. Should we set a filesystem default-write policy for all OpenWrt
>    > packages?
>
>Packages should say if they follow that policy.
>(Probably we should have policies more subtle than 0/1)
>Perhaps no default/critical packages should write more often than X.
>
>    > 4. In a previous discussion, an alternative solution was suggested by
>    > John Crispin that "let's add a system.system.write_state_to_
>    > flash_on_boot=0/1 UCI option, and lock this and the DNSSEC time stuff
>    > with it, and default it to 0". Should we consider this idea?
>
>This is a good thing to do, regardless.
>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

More information about the openwrt-devel mailing list