ugRD
µgRD (Microgram Ramdisk) is a framework used to generate ramdisks using TOML definitions and Python functions.
µgRD was originally designed to create a very minimal initramfs for LUKS decryption. It started as a simple script to do dependency resolution for binaries pulled into the system, to avoid having to compile tools statically. Currently, it support multiple encryption methods, such as YubiKey/GPG, and automatic configuration and validation for basic LUKS based rootfs encryption.
Unlike many other frameworks, µgRD aims to do nothing more than mount the rootfs, so booting can continue. It does not include udev, and requires no configuration for most systems. By default µgRD configures the initramfs image specifically to boot the system which built it. This enables it to run various checks to validate the image will actually function before the user reboots.
µgRD is written using only a few thousand lines of Python, the majority of which are for logging, validation, or contain embedded bash. The init file generated by µgRD will generally be fewer than 10 lines of bash, with most lines being references to functions placed in the generated /etc/profile.
Installation
Emerge
root #emerge --ask sys-kernel/ugrdInstallkernel
To install the ugrd hook for sys-kernel/installkernel, enable the ugrd USE flag for installkernel in /etc/portage/package.use.
/etc/portage/package.use/ugrdsys-kernel/installkernel ugrd
Usage
Installkernel integration
If the ugrd USE flag is enabled on sys-kernel/installkernel, ugrd will automatically run on each kernel install. If ugrd is unable to make a working image, it will fail, and a new image will not be installed to /boot or /efi.
Building an initramfs manually
To build an initramfs with ugrd, run ugrd:
root #ugrdBy default, ugrd will output images to the path defined by out_dir, which is /tmp/initramfs_out by default.
Configuration
For most basic setups, ugrd should work without any additional config.
If keyfiles are used, or more specific configuration is required, /etc/ugrd/config.toml can be modified.
More detailed configuration usage is described in the project documentation.
Example configurations are located at examples.
In most cases, ugrd does not require additional configuration. It's important to realize that autodetection will generally not run if a parameter already has a value.
systemd
When ugrd used to boot a systemd system, and mounts based on LUKS/LVM volumes are required during the boot process, systemd will stall without the fakeudev module.
This module can be enabled by adding ugrd.fs.fakeudev to the modules list in /etc/ugrd.config.toml.
In the event of boot issues cause by this problem, mount -a can be used to mount filesystems so systemd can continue.
fakeudev issues is open for discussion about this udev issue.
Kernel log level
By default, ugrd sets the kernel log level to 5. This can be adjusted by setting loglevel in ugrd's config, or by passing the loglevel as a command line arg to the kernel.
While both methods act similarly, setting the value in ugrd will set it shortly after init, while setting it in the kernel command line sets it immediately.
See also
- Full Disk Encryption — a guide which covers the process of configuring a drive to be encrypted using LUKS and btrfs.
- Rootfs encryption — Encrypting the root filesystem can enhance privacy, and prevent unauthorized access.
- Dracut — an initramfs infrastructure and aims to have as little as possible hard-coded into the initramfs.