diff options
| author | Aaron Ball <nullspoon@oper.io> | 2023-03-04 15:06:42 -0700 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2023-03-04 15:06:42 -0700 |
| commit | 98b1a3fb560c8e33c89e9cc644c5ceaa6b243a21 (patch) | |
| tree | f937fd0cdaeeddd378d677c49a5d2b7790d0275e | |
| parent | 5d652eb46cab242d999db7077ee943462e71c680 (diff) | |
| download | mkinitramfs-98b1a3fb560c8e33c89e9cc644c5ceaa6b243a21.tar.gz mkinitramfs-98b1a3fb560c8e33c89e9cc644c5ceaa6b243a21.tar.xz | |
Support modular dm-crypt
Previously dm-crypt had to be statically compiled into the kernel, which
is cumbersome, not well documented, and makes the kernel larger.
This supports dm-crypt being an external module, adding rmmod and
modprobe to the initramfs, and copying in the relevant kernel modules
directory, stripping out graphics device support, bluetooth, sound,
virtualization, and networking support modules.
This also updates the copyright year.
| -rwxr-xr-x | init | 16 | ||||
| -rwxr-xr-x | mkinitramfs | 29 |
2 files changed, 28 insertions, 17 deletions
@@ -182,10 +182,12 @@ wait_dev() { # main() { # Mount the /proc and /sys filesystems. - mount -t tmpfs none /run - mount -t devtmpfs none /dev - mount -t sysfs -o nodev,noexec,nosuid sysfs /sys - mount -t proc -o nodev,noexec,nosuid proc /proc + mount -t tmpfs none /run + mount -t sysfs -o nodev,noexec,nosuid sysfs /sys + mount -t proc -o nodev,noexec,nosuid proc /proc + mount -t devtmpfs none /dev + mount -t devpts devpts /dev/pts + mount -t tmpfs shm /dev/shm local fakeroot='/mnt/root' @@ -212,6 +214,12 @@ main() { /bin/bash -i fi + # Modprobe atkbd to ensure user can type password + for i in dm-crypt i8042 atkbd; do + printf 'Loading required module [%s]\n' "${i}" + modprobe "${i}" || printf 'Failed loading %s\n' "${i}" + done + if cryptsetup isLuks "${ROOTDEV}"; then # Set new rootdev location (/dev/mapper/something). This will update it to # the decrypted block device path. diff --git a/mkinitramfs b/mkinitramfs index 69c5289..52e0165 100755 --- a/mkinitramfs +++ b/mkinitramfs @@ -1,6 +1,6 @@ #!/usr/bin/env bash # Mkinitramfs creates a basic init ram fs with encryption support. -# Copyright (C) 2016 Aaron Ball <nullspoon@oper.io> +# Copyright (C) 2023 Aaron Ball <nullspoon@oper.io> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. - # Hash of fully-qualified binaries declare -a fqbins @@ -148,16 +147,21 @@ function cache_dir_setup { function check_crypto_support { [[ -z ${1} ]] && echo "Kernel version required." && exit 1 local version=${1} + local buf='' builtinpath=/lib/modules/${version}/modules.builtin - - # Check for encryption support - if [[ ! $(grep dm-crypt ${builtinpath}) ]]; then - echo -e "\n\nWarning: Static encryption support not found." - echo " Module dm-crypt not found in modules.builtin." - echo "Press enter to continue, or Ctrl+c to exit and resolve." - read - fi + + mkdir -p ${cache}/lib/modules/ + cp -vr "/lib/modules/${version}/" "${cache}/lib/modules/${version}" + + # Strip out kernel modules not required for bootstrapping + for i in virt net sound drivers/gpu drivers/bluetooth drivers/video; do + buf="${cache}/lib/modules/${version}/kernel/${i}" + if [ -d "${buf}" ]; then + printf 'Stripping %s from initramfs\n' "${buf}" + rm -r "${buf:?}" + fi + done } @@ -201,8 +205,8 @@ function main { # List of binaries to exist in the new initramfs resolve_bins \ bash cat echo ls cryptsetup chmod chown mount sleep umount clear cut \ - grep less tr which blkid partprobe reboot shutdown switch_root - + grep less tr which blkid partprobe reboot shutdown switch_root modprobe \ + rmmod # Set up the archive source dir. cache_dir_setup ${cache} @@ -237,5 +241,4 @@ function main { mkcpio ${cache} ${version} } - main ${@} |