Mkinitcpio
Summary |
---|
A detailed guide to the Parabola initramfs creation utility. |
Overview |
In order to boot Parabola, a Linux-capable boot loader such as GRUB, GRUB2, LILO, or Syslinux must be installed to the Master Boot Record, or the GUID Partition Table. The boot loader is responsible for loading the kernel and initial ramdisk before initiating the boot process.
|
mkinitcpio is the next generation of initramfs creation.
Contents
Overview
mkinitcpio is a Bash script used to create an initial ramdisk environment. From the mkinitcpio man page:
- The initial ramdisk is in essence a very small environment (early userspace) which loads various kernel modules and sets up necessary things before handing over control to init. This makes it possible to have, for example, encrypted root filesystems and root filesystems on a software RAID array. mkinitcpio allows for easy extension with custom hooks, has autodetection at runtime, and many other features.
Traditionally, the kernel was responsible for all hardware detection and initialization tasks early in the boot process before mounting the root filesystem and passing control to init. However, as technology advances, these tasks have become increasingly complex.
Nowadays, the root filesystem may be on a wide range of hardware, from SCSI to SATA to USB drives, controlled by a variety of drive controllers from different manufacturers. Additionally, the root filesystem may be encrypted or compressed; within a software RAID array or a logical volume group. The simple way to handle that complexity is to pass management into userspace: an initial ramdisk.
mkinitcpio is a modular tool for building an init ramfs cpio image, offering many advantages over alternative methods, including:
- The use of busybox to provide a small and lightweight base for early userspace (prior to version 0.6, klibc was used instead).
- Support for udev for hardware autodetection at runtime, thus preventing the loading of unnecessary modules.
- Being an extendable hook-based init script, custom hooks can easily be included in pacman packages.
- Support for lvm2, dm-crypt for both legacy and LUKS volumes, mdadm, and swsusp and suspend2 for resuming and booting from USB mass storage devices.
- The ability to allow many features to be configured from the kernel command line without needing to rebuild the image.
- Support for the inclusion of the image in a kernel, thus making a self-contained kernel image possible.
mkinitcpio has been developed by phrakture, tpowa, and brain0 with some help from the community. More recently, development has been taken over by falconindy.
Installation
The mkinitcpio package is available in the official repositories and is installed by default as a member of the base group.
Image creation and activation
By default, the mkinitcpio script generates two images after kernel installation or upgrades: /boot/initramfs-linux-libre.img and /boot/initramfs-linux-libre-fallback.img. The fallback image utilizes the same configuration file as the default image, except the autodetect hook is skipped during creation, thus including a full range of modules. The autodetect hook detects required modules and tailors the image for specific hardware, shrinking the initramfs.
Users may create any number of initramfs images with a variety of different configurations. The desired image must be specified for the bootloader, often in its configuration file (/boot/grub/menu.lst for GRUB users). After changes are made to the configuration file, the image must be regenerated. For the stock Parbola kernel, linux-libre, this is accomplished with the command:
mkinitcpio --preset linux-libre
The -p switch specifies a preset to utilize; most kernel packages provide a related mkinitcpio preset file, found in /etc/mkinitcpio.d (e.g. /etc/mkinitcpio.d/linux-libre.preset for linux-libre). A preset is a predefined definition of how to create an initramfs image instead of specifying the configuration file and output file every time.
Users can manually create an image using an alternate configuration file:
mkinitcpio --config /etc/mkinitcpio-custom.conf --generate /boot/linux-libre-custom.img
This will generate the initramfs image for the currently running kernel and save it at /boot/linux-libre-custom.img.
If creating an image for a kernel other than the one currently running, add the kernel version to the command line:
mkinitcpio --generate /boot/linux-libre.img --kernel 3.0.0-LIBRE
Configuration
The primary configuration file for mkinitcpio is /etc/mkinitcpio.conf. Additionally, preset definitions are provided by kernel packages in the /etc/mkinitcpio.d directory (e.g. /etc/mkinitcpio.d/linux-libre.preset).
Users can modify six variables within the configuration file:
- MODULES
- Kernel modules to be loaded before any boot hooks are run.
- BINARIES
- Additional binaries to be included in the initramfs image.
- FILES
- Additional files to be included in the initramfs image.
- HOOKS
- Hooks are scripts that execute in the initial ramdisk.
- COMPRESSION
- Used to compress the initramfs image.
- COMPRESSION_OPTIONS
- Command line options to pass to the COMPRESSION program.
MODULES
The MODULES array is used to specify modules to load before anything else is done. To accelerate the boot process, users may opt to disable the udev hook and list required modules here instead:
MODULES="piix ide_disk reiserfs" [...] HOOKS="base autodetect ide filesystems"
Modules suffixed with a '?' will not throw errors if they are not found. This might be useful for custom kernels that compile in modules which are listed explicitly in a hook or config file.
Known modules that are not autoloaded during boot process (status stock kernel 2.6.18): scsi_transport_sas, ultrastor, qlogicfas, eata, BusLogic, pas16, wd7000, sym53c416, g_NCR5380_mmio, fdomain, u14-34f, dtc, initio, in2000, imm, t128, aha1542, aha152x, atp870u, g_NCR5380, NCR53c406a, qlogicfas408, megaraid_mm, advansys.
If one of the above modules are required for the root device, consider explicitly adding it to /etc/mkinitcpio.conf to avoid kernel panics.
BINARIES and FILES
These options allow users to add files to the image. Both BINARIES and FILES are added before hooks are run, and may be used to override files used or provided by a hook. BINARIES are auto-located within a standard PATH and dependency-parsed, meaning any required libraries will also be added. FILES are added as-is. For example:
FILES="/etc/modprobe.d/modprobe.conf"
BINARIES="kexec"
HOOKS
A hook is a script that executes in the initial ramdisk. Hooks are found within the /lib/initcpio/install directory; for a list of available hooks:
$ ls -1 /lib/initcpio/install
Use mkinitcpio's -H option to output help for a specific hook. For example, to display information about the base hook:
$ mkinitcpio -H base
Hooks are listed in order of execution, and are used to add files or modules to the image. Thus, hooks can affect installation – when mkinitcpio is run to generate the image – and/or runtime – via an included script that is run during boot. Scripts can be found within the /lib/initcpio/hooks directory.
The default configuration will work for most users with a standard setup:
HOOKS="base udev autodetect pata scsi sata filesystems"
If using the image on more than one machine, remove the autodetect hook, which tailors the image to the build machine:
HOOKS="base udev pata scsi sata filesystems"
For support for encrypted volumes on LVM2 volume groups:
HOOKS="base udev autodetect pata scsi sata lvm2 encrypt filesystems"
A table of common hooks and their function follows. Note that this table is not complete, as packages can provide custom hooks.
Hook | Installation | Runtime |
---|---|---|
base | Sets up all initial directories and installs base utilities and libraries. Always add this hook as the first hook unless you know what you are doing. | -- |
udev | Adds udevd, udevadm, and a small subset of udev rules to your image. | Starts the udev daemon and processes uevents from the kernel; creating device nodes. As it simplifies the boot process by not requiring the user to explicitly specify necessary modules, using the udev hook is recommended. |
autodetect | Shrinks your initramfs to a smaller size by creating a whitelist of modules from a scan of sysfs. Be sure to verify included modules are correct and none are missing. This hook must be run before other subsystem hooks in order to take advantage of auto-detection. Any hooks placed before 'autodetect' will be installed in full. | -- |
pata | Deprecated—use the block hook. |
-- |
sata | Deprecated—use the block hook. |
-- |
scsi | Deprecated—use the block hook. |
-- |
usb | Deprecated—use the block hook. |
-- |
usbinput | Adds USB HID modules to the image. Use this if you have an USB keyboard and need it in early userspace (either for entering encryption passphrases or for use in an interactive shell). | -- |
fw | Deprecated—use the block hook. |
-- |
net | Adds the necessary modules for a network device. For PCMCIA net devices please add the pcmcia hook too. | Provides handling for an NFS based root filesystem. |
pcmcia | Adds the necessary modules for PCMCIA devices. You need to have pcmciautils installed to use this. | -- |
dsdt | Loads a custom ACPI DSDT file during boot. Place your custom DSDT file for inclusion at /lib/initcpio/custom.dsdt | The custom DSDT file is automatically used by the kernel if it is present in initramfs. |
filesystems | This includes necessary filesystem modules into your image. This hook is required unless you specify your filesystem modules in MODULES. | -- |
lvm2 | Adds the device mapper kernel module and the lvm tool to the image. You must have lvm2 installed to use this. | Enables all LVM2 volume groups. This is necessary if you have your root filesystem on LVM. |
dmraid | Providers support for fakeRAID root devices. You must have dmraid installed to use this. | Locates and assembles fakeRAID block devices using mdassemble. |
mdadm | Provides support for assembling the arrays from /etc/mdadm.conf, or autodetection during boot. You must have mdadm installed to use this. The mdadm_udev hook is preferred over this hook. | Locates and assembles software RAID block devices using mdassemble. |
mdadm_udev | Provides support for assembling the arrays via udev. | Locates and assembles software RAID block devices using udev and mdadm incremental assembly. This is the preferred method of mdadm assembly (rather than using the above mdadm hook).
You must have mdadm installed to use this. |
encrypt | Adds the dm-crypt kernel module and the cryptsetup tool to the image. You must have cryptsetup installed to use this. | Detects and unlocks an encrypted root partition. See #Runtime customization for further configuration. |
resume | -- | This tries to resume from the "suspend to disk" state. Works with both swsusp and suspend2. See #Runtime customization for further configuration. |
keymap | Adds keymap and consolefonts from rc.conf. | Loads the specified keymap and consolefont from rc.conf during early userspace. |
fsck | Adds the fsck binary and filesystem specific helpers. If added after the autodetect hook, only the helper specific to your root filesystem will be added. Usage of this hook is strongly recommended, and it is required with a separate /usr partition. | Runs fsck against your root device (and /usr if separate) prior to mounting. |
shutdown | Adds shutdown initramfs support. Usage of this hook is strongly recommended if you have a separate /usr partition or encrypted root. | Unmounts and disassembles devices on shutdown. |
Creating a custom hook
An initcpio hook is just another shell script containing necessary information pointing mkinitcpio which executables should be loaded and with what options. It can be useful in some rare occasions when something is needed in early or late userspace, when not provided by other already installed scripts.
First create the actual script:
/lib/initcpio/install/hook
#!/bin/bash build() { SCRIPT="hook" #the name of the hook add_binary /bin/bash #/bin/bash is given as an example, you can type your desired executable here } help() { cat <<HELPEOF Line used as help information #Typing mkinitcpio -H hook will display this information HELPEOF }
Now create the actual hook:
/lib/initcpio/hooks/hook
run_hook () { msg -n ":: This is an example hook" bash #your executable example msg "done." }
Now edit /etc/mkinitcpio.conf accordingly to include your custom hook. You can also include it in /etc/rc.sysinit to load it in late userspace.
COMPRESSION
The kernel supports several formats for compression of the initramfs - gzip, bzip2, lzma, xz (also known as lzma2), and lzo. For most use cases, gzip or lzop provide the best balance of compressed image size and decompression speed.
COMPRESSION="gzip" COMPRESSION="bzip2" # requires kernel 2.6.30 COMPRESSION="lzma" # requires kernel 2.6.30 COMPRESSION="lzop" # requires kernel 2.6.34 COMPRESSION="xz" # requires kernel 2.6.38
Specifying no COMPRESSION will result in a gzip compressed initramfs file. To create an uncompressed image, specify COMPRESSION=cat in the config or use -z cat on the command line.
COMPRESSION_OPTIONS
These are additional flags passed to the program specified by COMPRESSION, such as:
COMPRESSION_OPTIONS='-9'
In general these should never be needed as mkinitcpio will make sure that any supported compression method has the necessary flags to produce a working image.
Runtime customization
Runtime configuration options can be passed to init and certain hooks via the kernel command line. Kernel command line parameters are often supplied by the bootloader. For example, a typical Parabola GRUB entry:
/boot/grub/menu.lst
... # (0) Parabola GNU/Linux-Libre title Parabola GNU/Linux-Libre root (hd0,0) kernel /vmlinuz-linux-libre root=/dev/sda3 ro initrd /initramfs-linux-libre.img ...
In this case, root=/dev/sda3 and ro are kernel command line parameters. The options discussed below can be appended to the kernel command line to alter default behavior. See Parabola Boot Process for more information.
init
- root
- This is the most important parameter specified on the kernel command line, as it determines what device will be mounted as your proper root device. mkinitcpio is flexible enough to allow a wide variety of formats, for example:
root=/dev/sda1 # /dev node root=LABEL=CorsairF80 # label root=UUID=ea1c4959-406c-45d0-a144-912f4e86b207 # UUID root=/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0-part1 # udev symlink (requires the udev hook) root=801 # hex-encoded major/minor number
- break
- If break or break=premount is specified, init pauses the boot process (after loading hooks, but before mounting the root filesystem) and launches an interactive shell which can be used for troubleshooting purposes. This shell can be launched after the root has been mounted by specifying break=postmount. Normal boot continues after exiting from the shell.
- disablehooks
- Disable hooks at runtime by adding disablehooks=hook1{,hook2,...}. For example:
disablehooks=resume
- earlymodules
- Alter the order in which modules are loaded by specifying modules to load early via earlymodules=mod1{,mod2,...}. (This may be used, for example, to ensure the correct ordering of multiple network interfaces.)
- rootdelay=N
- Pause for N seconds before mounting the root file system by appending rootdelay. (This may be used, for example, if booting from a USB hard drive that takes longer to initialize.)
See also: Debugging with GRUB and init
Using RAID
First, add the mdadm hook to the HOOKS array and any required RAID modules to the MODULES array in /etc/mkinitcpio.conf.
Kernel Parameters: Using the mdadm hook, you no longer need to configure your RAID array in the GRUB parameters. The mdadm hook will either use your /etc/mdadm.conf file or automatically detect the array(s) during the init phase of boot.
Assembly via udev is also possible using the mdadm_udev hook. Upstream prefers this method of assembly. /etc/mdadm.conf will still be read for purposes of naming the assembled devices if it exists.
Using net
Required Packages:
net requires the mkinitcpio-nfs-utils package from the official repositories.
Kernel Parameters:
ip=
An interface spec can be either short form, which is just the name of an interface (eth0 or whatever), or long form. The long form consists of up to seven elements, separated by colons:
ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf> nfsaddrs= is an alias to ip= and can be used too.
Parameter explanation:
<client-ip> IP address of the client. If empty, the address will either be determined by RARP/BOOTP/DHCP. What protocol is used depends on the <autoconf> parameter. If this parameter is not empty, autoconf will be used. <server-ip> IP address of the NFS server. If RARP is used to determine the client address and this parameter is NOT empty only replies from the specified server are accepted. To use different RARP and NFS server, specify your RARP server here (or leave it blank), and specify your NFS server in the `nfsroot' parameter (see above). If this entry is blank the address of the server is used which answered the RARP/BOOTP/DHCP request. <gw-ip> IP address of a gateway if the server is on a different subnet. If this entry is empty no gateway is used and the server is assumed to be on the local network, unless a value has been received by BOOTP/DHCP. <netmask> Netmask for local network interface. If this is empty, the netmask is derived from the client IP address assuming classful addressing, unless overridden in BOOTP/DHCP reply. <hostname> Name of the client. If empty, the client IP address is used in ASCII notation, or the value received by BOOTP/DHCP. <device> Name of network device to use. If this is empty, all devices are used for RARP/BOOTP/DHCP requests, and the first one we receive a reply on is configured. If you have only one device, you can safely leave this blank. <autoconf> Method to use for autoconfiguration. If this is either 'rarp', 'bootp', or 'dhcp' the specified protocol is used. If the value is 'both', 'all' or empty, all protocols are used. 'off', 'static' or 'none' means no autoconfiguration.
Examples:
ip=127.0.0.1:::::lo:none --> Enable the loopback interface. ip=192.168.1.1:::::eth2:none --> Enable static eth2 interface. ip=:::::eth0:dhcp --> Enable dhcp protocol for eth0 configuration.
BOOTIF=
If you have multiple network cards, this parameter can include the mac address of the interface you're booting from. This is often useful as interface numbering may change, or in conjunction with pxelinux IPAPPEND 2 or IPAPPEND 3 option. If not given, eth0 will be used.
Example:
BOOTIF=01-A1-B2-C3-D4-E5-F6 # Note the prepended "01-" and capital letters.
nfsroot=
If the nfsroot parameter is NOT given on the command line, the default /tftpboot/%s will be used.
nfsroot=[<server-ip>:]<root-dir>[,<nfs-options>]
Parameter explanation:
<server-ip> Specifies the IP address of the NFS server. If this field is not given, the default address as determined by the `ip' variable (see below) is used. One use of this parameter is for example to allow using different servers for RARP and NFS. Usually you can leave this blank. <root-dir> Name of the directory on the server to mount as root. If there is a "%s" token in the string, the token will be replaced by the ASCII-representation of the client's IP address. <nfs-options> Standard NFS options. All options are separated by commas. If the options field is not given, the following defaults will be used: port = as given by server portmap daemon rsize = 1024 wsize = 1024 timeo = 7 retrans = 3 acregmin = 3 acregmax = 60 acdirmin = 30 acdirmax = 60 flags = hard, nointr, noposix, cto, ac
root=/dev/nfs
If you do not use the nfsroot parameter, you need to set root=/dev/nfs to boot from an NFS root by autoconfiguration.
Using lvm
If your root device is on lvm, you have to add the lvm2 hook. You have to pass your root device on the kernel command line in the format
root=/dev/mapper/<volume group name>-<logical volume name>
for example
root=/dev/mapper/myvg-root
in addition, if your root device might initialize slow (e.g. a USB device) and/or you receive a "volume group not found" error during boot, you might add to the kernel command line
lvmwait=/dev/mapper/<volume group name><logical volume name>
for example
lvmwait=/dev/mapper/myvg-root
This lets the boot process wait until the lvm manages to make device available.
Using encrypted root
If your root volume is encrypted, you need to add the encrypt hook. Then specify your root device on the kernel command line, just as if it was unencrypted.
For an encrypted partition on a SATA or SCSI disk:
root=/dev/sda5
For an encrypted LVM volume:
root=/dev/mapper/myvg-root
The root device will be automatically changed to /dev/mapper/root.
Using LUKS volumes
If you use LUKS for hard disk encryption, the init script will detect the encryption automatically if the encrypt hook is enabled. It will then ask for a passphrase and try to unlock the volume.
If this fails, try to add your filesystem-module to the module list in /etc/mkinitcpio.conf, if it is not compiled into your kernel.
Using a key-file
You can use a key-file to encrypt your root filesystem. Use the following format:
cryptkey=device:fs-type:path
device is the device-file representing the device your key is stored on (e.g. /dev/sda1), fs-type is the filesystem type of this device (e.g. ext3) and path is the path to the key-file inside the filesystem of this device.
Using legacy cryptsetup volumes
If you are using a legacy cryptsetup volume, you have to specify all cryptsetup options necessary to unlock it on the kernel command line. The option format is
crypto=hash:cipher:keysize:offset:skip
representing cryptsetup's --hash, --cipher, --keysize, --offset, and --skip options. If you omit an option, cryptsetup's default value is used, so you could just specify the following if you created your volume with the default settings:
crypto=::::
Using loop-aes volumes
mkinitcpio does not support loop-aes yet.
/usr as a separate partition
If you keep /usr as a separate partition, you must adhere to the following requirements[1]
- Add the shutdown hook. At shutdown, initscripts will pivot to a saved copy of the initramfs and allow for /usr (and root) to be properly unmounted from the VFS.
- Add the fsck hook. While recommended for everyone, this is a hard requirement if you want your /usr partition to be fsck'ed at bootup. Without this hook, /etc/rc.sysinit will attempt to fsck /usr while still mounted and will fail.
Even without these hooks in place, /usr will be automatically found and mounted by the initramfs, but a setup not using these hooks is not supported.
Troubleshooting
Extracting the image
If you are curious about what is inside the initrd image, you can extract it and poke at the files inside of it.
The initrd image is an SVR4 CPIO archive, generated via the find and bsdcpio commands, optionally compressed with a compression scheme understood by the kernel: namely gzip, bzip2, lzma, lzo, or xz.
mkinitcpio includes a utility called lsinitcpio which will list and extract the contents of initramfs images.
You can list the files in the image with:
$ lsinitcpio /boot/initramfs-linux-libre.img
And to extract them all in the current directory:
$ lsinitcpio -x /boot/initramfs-linux-libre.img
You can also get a more human-friendly listing of the important parts in the image:
$ lsinitcpio -a /boot/initramfs-linux-libre.img
See Also
- Boot Debugging - Debugging with Grub