More and more systems require an initramfs to boot up properly. In this guide, the concepts of the initramfs as well as how to properly create and manage initramfs instances will be covered.
For many users, an initramfs system is of no concern. Their system uses a simple partitioning schema with no exotic drivers or setups (like encrypted file systems), so the Linux kernel is entirely capable to hand over control to the init binary on their system. But for many systems, an initramfs is mandatory.
The key concept to understanding what an initramfs is (or is needed for) is to understand how the Linux boot process works, even in a high-level approach.
Linux boot process
Once the Linux kernel has control over the system (which it gets after being loaded by the boot loader), it prepares its memory structures and drivers. It then hands over control to an application (usually init) whose task it is to further prepare the system and make sure that, at the end of the boot process, all necessary services are running and the user is able to log on. The init application does that by launching, among other services, the udev daemon who will further load up and prepare the system based on the detected devices. When udev is launched, all remaining file systems that have not been mounted are mounted, and the remainder of services is started.
For systems where all necessary files and tools reside on the same file system, the init application can perfectly control the further boot process. But when multiple file systems are defined (or more exotic installations are done), this might become a bit more tricky:
- When the /usr partition is on a separate file system, tools and drivers that have files stored within /usr cannot be used unless /usr is available. If those tools are needed to make /usr available, then we cannot boot up the system.
- If the root file system is encrypted, then the Linux kernel will not be able to find the init application, resulting in an unbootable system.
The solution for this problem has since long been to use an initrd (initial root device).
The initial root disk
The initrd is an in-memory disk structure (ramdisk) that contains the necessary tools and scripts to mount the needed file systems before control is handed over to the init application on the root file system. The Linux kernel triggers the setup script (usually called linuxrc but that name is not mandatory) on this root disk, which prepares the system, switches to the real root file system and then calls init.
Although the initrd method is all that is needed, it had a few drawbacks:
- It is a full-fledged block device, requiring the overhead of an entire file system; it has a fixed size. Choosing an initrd that is too small and all needed scripts cannot fit. Make it too big and memory will be wasted.
- Because it is a real, static device it consumes cache memory in the Linux kernel and is prone to the memory and file management methods in use (such as paging), this makes initrd greater in memory consumption.
To resolve these (for some perhaps hardly called) problems, the initramfs was created.
The initial ram file system
An initramfs is an initial ram file system based on tmpfs (a size-flexible, in-memory lightweight file system), which also did not use a separate block device (so no caching was done and all overhead mentioned earlier disappears). Just like the initrd, it contains the tools and scripts needed to mount the file systems before the init binary on the real root file system is called. These tools can be decryption abstraction layers (for encrypted file systems), logical volume managers, software raid, bluetooth driver based file system loaders, etc.
The content of the initramfs is made by creating a cpio archive. cpio is an old (but proven) file archiver solution (and its resulting archive files are called cpio files). cpio is definitely comparable to the tar archiver. The choice of cpio here was because it was easier to implement (code-wise) and supported (back then) device files which
tar could not.
All files, tools, libraries, configuration settings (if applicable), etc. are put into the cpio archive. This archive is then compressed using the gzip utility and stored alongside the Linux kernel. The boot loader will then offer it to the Linux kernel at boot time so the kernel knows an initramfs is needed.
Once detected, the Linux kernel will create a tmpfs file system, extract the contents of the archive on it, and then launches the init script located in the root of the tmpfs file system. This script will then mount the real root file system (after making sure it can mount it, for instance by loading additional modules, preparing an encryption abstraction layer, etc.) as well as vital other file systems (such as /usr and /var ).
Once the root file system and the other vital file systems are mounted, the init script from the initramfs will switch the root towards the real root file system and finally call the /sbin/init binary on that system to continue the boot process.
Creating an initramfs
Introduction and bootloader configuration
To create an initramfs, it is important to know what additional drivers, scripts and tools will be needed to boot the system. For instance, if LVM is used, then LVM tools will be needed in the initramfs. Likewise, if software RAID is used, mdadm utilities will be needed, etc.
Some tools exist that help users create initramfs' (compressed cpio archives) for their system. But for those who want total control can easily create personal, custom initramfs' as well.
Once created, the bootloader configuration will need adjusted to inform it an initramfs is to be used. For instance, if the initramfs file is stored as /boot/initramfs-3.2.2-gentoo-r5, then the configuration in /boot/grub/grub.conf could look like the following:
title Gentoo Linux 3.2.2-r5 root (hd0,0) kernel /boot/kernel-3.2.2-gentoo-r5 initrd /boot/initramfs-3.2.2-gentoo-r5
Gentoo's kernel building utility, genkernel, can be used to generate an initramfs, even if genkernel was not used to configure and build the kernel.
genkernel for generating an initramfs, it is recommended all necessary drivers and code that is needed to mount the / and /usr file systems be included in the kernel (not as modules). Then, call genkernel as follows:
genkernel --install --no-ramdisk-modules initramfs
Depending on the system, one or more of the following options may be needed:
|| Add support for |
||Add support for fake hardware RAID.|
||Add in firmware code found on the system.|
||Add in GnuPG support.|
||Add support for iSCSI.|
||Add support for luks encryption containers.|
||Add support for LVM.|
||Add support for software RAID.|
||Add support for multiple I/O access towards a SAN.|
||Add support for ZFS.|
When finished, the resulting initramfs file will be stored in /boot .
At the time of writing, dracut is not marked stable yet, so it may need unmasked before continuing.
The dracut utility is created for the sole purpose of managing initramfs files. It uses a highly modular approach on what support is to be included and what is not to be included.
To install dracut, make special care to include support for the correct
DRACUT_MODULES. This is a variable that can be set in /etc/portage/make.conf to include support for system specific setups:
DRACUT_MODULES="dmraid lvm syslog -biosdevname -btrfs -caps -crypt -crypt-gpg -dmsquash-live -gensplash -iscsi -livenet -mdraid -multipath -nbd -nfs -plymouth -ssh-client"
It is advisable to set (or unset) the modules needed. After configuring the
DRACUT_MODULES variable in /etc/portage/make.conf, emerge dracut to install the Dracut utility.
The next step is to configure dracut by editing /etc/dracut.conf. In the configuration file, which is well commented, in order to add support for needed modules.
Once configured, create an initramfs by calling dracut as follows:
The resulting image supports generic system boots based on the configuration in /etc/dracut.conf. It is also possible to generate an initramfs specifically tailored to your system (which dracut tries to detect the needed tools, drivers, etc. from the existing system). If the modules and drivers are built into the kernel (not as separate modules and references to the firmware), then the
--no-kernel option can be added:
dracut --host-only --no-kernel
For more information, check out the dracut and dracut.cmdline manual pages:
- ramfs-rootfs-initramfs.txt within the Linux kernel documentation.