Custom Initramfs/Examples

This article contains fully functional Custom Initramfs scripts. If you have made something which you feel is worth showing off, please add it here.

Self-Decrypting Server
This is an example for an encrypted server which produces its own key based on hardware data such as CPU, RAM, MAC-Address, a random file, etc… That way the machine can reboot (after power loss) without any user interaction whatsoever and still offer some protection against HDD theft. Since such a key is prone to changes, the Initramfs will install the current key if a standard passphrase (foobar) is valid.

LUKS, LVM, Resume from Hibernate, Script to Build the Initramfs
The following script will (re)build an initramfs from scratch by copying the required files and all dependencies to the initramfs. An /init script is included as a here document. An unencrypted keyfile is used to decrypt the root partition without user input.

This initramfs is intended for a setup where /boot is encrypted (LVM inside Luks). grub2 can boot from this. If your boot parition is not encrypted, simply remove anything related to crypto_key.bin.

Simple initramfs for unlocking LUKS encrypted root remotely over SSH
This is a very basic script that creates and installs an initramfs that unlocks LUKS encrypted root remotely over SSH. It's an idempotent script that could be run every time the initramfs needs to be re-created, or when the kernel upgrades as it takes the current kernel (one linked under ) version for the initramfs filename.

The script is simplistic and takes a passphrase, but it could be modified to use keyfiles for better security.