Concepts

ArkOS is fundamentally two components:

  • the rootfs, which is a packed (squashfs) root filesystem that can be easily swapped out
  • the kernel, which boots, mounts the rootfs, and runs the system

The rootfs can be constructed through any desired means. Right now, debootstrap is used to construct the rootfs. There are very few restrictions placed on the rootfs, other then it needs some form of init (such as systemd) to execute.

The kernel is built using the standard kernel build process. Further, we build a custom initramfs into the kernel itself. This serves two purposes: it’s slightly more secure (if the kernel is signed), and it simplifies EFI booting.

There are two main partitions of concern (three if using UEFI):

  • the arkos-image partition, which stores the kernels and rootfs
  • the arkos-persistent partition, which can store things like data logs, software updates, etc.

In UEFI mode, there is also an EFI system partition.

Typically arkos-image is read-only, while arkos-persistent is read-write. Both mount (by default) with journaled data mode and commit relatively frequently, making it more likely that they will survive unexpected power loss without losing data.

BIOS Boot Process

We use extlinux for the BIOS-based boot process. The MBR of the disk marks the arkos-image as bootable, and we install extlinux to that partition. extlinux will boot the /boot/active/kernel kernel on the arkos-image.

EFI Boot Process

We use refind for the UEFI-based boot process. This disk is formatted with GPT, and refind is installed to the EFI system partition. refind contains drivers for ext4. It will find the arkos-image partition and then boot the /boot/active/kernel file.

Kernel Boot Process

At this point, booting is identical between BIOS and EFI. The kernel boots, and then runs its initramfs. This is a minimal image which contains modules from the built kernel, busybox, and our init script. This generally follows this process:

  • mounts /proc, /dev, /sys, etc.
  • mounts arkos-image into /mnt/arkos-image
  • verifies the image hash file is signed with the appropriate public key
  • verifies the ‘rootfs.squashfs’ per the image hash file
  • mounts the /boot/active/rootfs.squashfs file into /mnt/rootfs-overlay/lower
  • creates an overlayfs and mounts that over the squash file into /mnt/rootfs
  • mounts the arkos-persistent filesystem into /mnt/rootfs/mnt/arkos-persistent
  • copies over the kernel modules to the overlay
  • bind mounts /mnt/arkos-image/boot to /mnt/rootfs/boot
  • pivots the root filesystem to /mnt/rootfs
  • starts /sbin/init (typically systemd)

It will take some care to ensure drives come up before trying to mount them, for systems where discovery takes a while (such as USB).

Runtime

Once the system is booted, you’ll find just a few services running (again, using the generic config):

  • systemd (journald, udevd, networkd, logind, and resolved)
  • dbus
  • sshd
  • ark-platform-supervisor

Note that the rootfs is fully customizable; you can use an alternate init system, or avoid ssh, if you prefer.

Typically the ark-platform-supervisor will handle software deployments and execution. See the section on deploys for more information.

Security

The rootfs image must be signed – this signature will be verified during boot via a public key of your choice.

The ark-platform-supervisor will further use the appropriate public key to verify that the software you are launching is signed.

Note that at the moment, verifying the kernel (and thus, initramfs) is signed is somewhat custom based on the underlying hardware. If using UEFI, this can typically be acheived with a custom refind solution, but feel free to contact us if this additional layer of security is desired.