Once upon a time, Chris Murphy <lists(a)colorremedies.com> said:
The issue with journaled file systems is that GRUB's file system
drivers have no ability to do journal replay. Therefore there is a
small risk the file system is rendered unbootable in a crash, because
the bootloader only sees the no-replay state of the file system used
for /boot. e.g. the bootloader can see grub.cfg, bls snippets, or even
the kernel as either missing or as 0 length files, until the journal
has been replayed. Small risk, big penalty. My suggestion for
mitigation is to use FAT for /boot in simple cases, and Btrfs in less
simple cases. It's just an idea, it's not urgent, but if things are
being reconsidered for simplification anyway, this makes sense to me.
I've been bitten by that issue before. I would probably avoid FAT for a
couple of reasons: no ownership/permissions, and could get stepped on in
dual-boot setups by Windows. I'd go with one of the Linux
non-journaling filesystems, like good ol' ext2. With few writes, it
should always be in a "safe" state.
Ideally, it could be left mounted read-only and only remounted RW during
updates (and then back to RO to make sure everything is flushed);
although I guess doing that would generally cover the journaled FSes as
well.
--
Chris Adams <linux(a)cmadams.net>