View previous topic :: View next topic |
Author |
Message |
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Sun Dec 22, 2024 7:51 pm Post subject: how to use a custom initramfs and get a unified kernel image |
|
|
I have a custom initramfs with busytbox and I want to use it and create a unified kernel image. If its possible I'd like to have it done with install kernel. I've tried to use ukify but I can't get it working. Help appreciated |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5236 Location: Bavaria
|
Posted: Sun Dec 22, 2024 8:41 pm Post subject: |
|
|
Although these two pages:
https://wiki.gentoo.org/wiki/Unified_kernel_image
https://wiki.archlinux.org/title/Unified_kernel_image
say that a UKI can have a UEFI boot stub like systemd-stub:
Quote: | A unified kernel image (UKI) is a single executable which can be booted directly from UEFI firmware, or automatically sourced by boot loaders with little or no configuration. It is the combination of a UEFI boot stub program like systemd-stub(7), a Linux kernel image, an initrd, and further resources in a single UEFI PE file. |
our developers are of the opinion that it is only a UKI if it has the systemd-stub ... ... but I don't know how to name a UKI with the kernel's own stub.
I built my “UKI” 5 years ago when the term UKI didn't even exist. Of course I used the kernel's own stub ... and to this day I boot a signed (for SecureBoot) kernel image that contains everything ... it is even a monolithic kernel (=without module support).
Now if you already have a self-made initramfs (like me) then I recommend you to do everything else manually as well, because it's easier than you think (and installkernel is more complicated than you think; I even dont know if it is possible to use an own initramfs).
If you want go the manual route you have to do:
1. Ensure you have in your kernel the CPU microcode built-in (CONFIG_EXTRA_FIRMWARE) and maybe some firmware files if you need it,
2. Option for EFI-stub is enabled in your kernel (CONFIG_EFI_STUB=y),
3. Embedd your external initramfs into the kernel with these settings:
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Initramfs_Overview#Special_Case:_Building_an_embedded_initramfs_with_a_CPIO_archive _________________ https://wiki.gentoo.org/wiki/User:Pietinger |
|
Back to top |
|
|
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Sun Dec 22, 2024 9:57 pm Post subject: |
|
|
okay so I've just read the article. So when you're including files they have to also exist within the initramfs file system e.g
Code: |
file /sbin/mdadm /root/initramfs/bins/sbin/mdadm 755 0 0
|
so the how does this line "This lets the initramfs be built dynamically, always using the latest files from the system" make sense? aren't you still copying the static binaries. Or is it suggesting that you should make a script to create this file? (https://wiki.gentoo.org/wiki/Custom_Initramfs#External_file_list)
Last edited by Cheesyjuggler64 on Sun Dec 22, 2024 10:53 pm; edited 2 times in total |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22865
|
Posted: Sun Dec 22, 2024 10:49 pm Post subject: |
|
|
The Wiki is a bit confusing on this point. An initramfs list will always build the initramfs as part of the kernel, using the files specified as sources as they exist at build time. You can choose to specify those files as being pulled from the main filesystem (file /sbin/mdadm /sbin/mdadm 755 0 0 would pull from live), in which case they are always current to your routine updates, or you can choose to pull them from a hand-curated directory that changes only when you want to change it (as shown in the code fragment you posted). The text describes doing the former, but the shown example does the latter. |
|
Back to top |
|
|
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Sun Dec 22, 2024 10:54 pm Post subject: |
|
|
ah thanks maybe the wiki could do with some clarification there. Im going to try set it up now. I'm trying to build the initramfs for an encrypted btrfs root. |
|
Back to top |
|
|
zen_desu n00b
Joined: 25 Oct 2024 Posts: 60
|
Posted: Mon Dec 23, 2024 12:00 am Post subject: |
|
|
I'm not sure what a UKI helps with if the initramfs is built into the kernel itself.
Are you building that file list outside of the kernel build process? _________________ µgRD dev
Wiki writer |
|
Back to top |
|
|
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Mon Dec 23, 2024 12:46 am Post subject: |
|
|
Ah so if I embed my intramfs into the kernel the kernel will just be a single binary and as such I can boot it directly from uefi? |
|
Back to top |
|
|
zen_desu n00b
Joined: 25 Oct 2024 Posts: 60
|
Posted: Mon Dec 23, 2024 1:03 am Post subject: |
|
|
Cheesyjuggler64 wrote: | what do you mean by outside the build process? So if I embed the initramfs I can just rename it to .efi and have it boot via uefi ? |
I mean you can use that file list with gen_init_cpio to create an actual CPIO, or you can use CONFIG_INITRAMFS_SOURCE on a directory to have the kernel pack that initramfs into the image at build time.
The initramfs exists as a "CPIO" which may be compressed if the kernel supports it. It's not directly executable.
A UKI can pack this "external" initramfs into a single file along with your kernel and more which can be booted by an EFI system. This is mostly useful if you use some initramfs generator and the CPIO is a separate file. If you pack the initramfs into the kernel directly, the UKI may handle your microcode and possibly your kernel cmdline, but these could also be built into the kernel image itself.
I think the main advantage of a UKI is it allows you to easily reuse a kernel with a new initramfs, as embedding it into the kernel generally requires at least a partial rebuild. _________________ µgRD dev
Wiki writer |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5236 Location: Bavaria
|
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5236 Location: Bavaria
|
Posted: Mon Dec 23, 2024 1:22 am Post subject: |
|
|
Cheesyjuggler64 wrote: | Ah so if I embed my intramfs into the kernel the kernel will just be a single binary and as such I can boot it directly from uefi? |
YES
(... if you add also your CPU microcode into the kernel) _________________ https://wiki.gentoo.org/wiki/User:Pietinger |
|
Back to top |
|
|
zen_desu n00b
Joined: 25 Oct 2024 Posts: 60
|
Posted: Mon Dec 23, 2024 1:24 am Post subject: |
|
|
^^
If you're already building everything, you may as well build it into the kernel.
I think UKIS are mostly helpful if you're packing already made kernels/initramfs/etc into a file after the fact. If you're already going the custom route and building things into your kernel, the rest may not be necessary. _________________ µgRD dev
Wiki writer |
|
Back to top |
|
|
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Mon Dec 23, 2024 1:48 am Post subject: |
|
|
How exactly would I add the mircocode and how can I test my init is working without building the intramfs. Is there some sort of kernel parameter? |
|
Back to top |
|
|
zen_desu n00b
Joined: 25 Oct 2024 Posts: 60
|
|
Back to top |
|
|
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Mon Dec 23, 2024 3:08 am Post subject: |
|
|
okay so just to check I do this
Code: | mkdir --parents /usr/src/initramfs/{bin,dev,etc,lib,lib64,mnt/root,proc,root,sbin,sys}
emerge --ask --verbose sys-apps/busybox
cd /usr/src/initramfs
nano init |
Code: | nano initramfs_list |
then I go into the kernel and set CONFIG_INITRAMFS_SOURCE="/usr/src/initramfs/initramfs_list"
Code: | cd /usr/src/linux
make -j8 && make -j8 modules_install
make install
|
with the installkernel config being set as efistub
Code: |
layout="efistub"
initrd_generator=none
uki_generator=none
|
then reboot and it should work |
|
Back to top |
|
|
Cheesyjuggler64 n00b
Joined: 16 May 2024 Posts: 27
|
Posted: Mon Dec 23, 2024 11:17 am Post subject: |
|
|
Also is there anyway to automate grabbing the required dependencies for something like btrfs and cryptsetup? and where can I read up on device nodes? I understand tat the first parameter is for the permissions what about the others? |
|
Back to top |
|
|
|