My company uses the Raspberry Pi 3 as an embedded controller in the product. The user does not turn it off gracefully, they simply toggle the switch. To avoid corruption, the / boot and / root file systems are read-only. It seems bulletproof - we used the test setup to “pull out the plug” again and again (2000+ cycles) without any problems.
We are working on a new feature that requires local logging. To do this, we created an additional file for reading / writing ext4 on the SD card (currently we use about 2 GB on the 8 GB card) for the log file. To minimize wear and tear, the application buffers log data and writes to the card only once per minute. The log file is closed between entries. Nothing else uses this section. The log file is not written when the application is in a state that probably indicates that the user is about to shut down.
During testing, we found that, despite the rather conservative approach that we use, the read / write section is always marked as dirty after a reboot, it often contains file system errors and often has a damaged log file. We also had several cards that could not recover fatal errors that prevented the device from loading.
Losing the last set of log entries is not a problem.
Losing a log file is undesirable but acceptable.
Damage to the / root and / boot file systems is unacceptable, as well as physical damage (except for standard NAND flash wear) to the card.
With the exception of adding a UPS to gracefully close the Pi, is there any approach that will allow you to safely allow read / write operations?
SD-, , ?