mkinitrd - Unix, Linux Command


previous next AddThis Social Bookmark Button

NAME

mkinitrd - creates initial ramdisk images for preloading modules

SYNOPSIS

mkinitrd [--version] [-v] [-f]
[--preload=module] [--omit-scsi-modules]
[--omit-raid-modules] [--omit-lvm-modules]
[--with=module] [--image-version]
[--fstab=fstab] [--nocompress]
[--builtin=module] [--nopivot]
[--with-fips]
image kernel-version

DESCRIPTION

mkinitrd creates an initial image used by the kernel for preloading the block device modules (such as IDE, SCSI or RAID) which are needed to access the root filesystem. mkinitrd automatically loads filesystem modules (such as ext3 and jbd), IDE modules, all scsi_hostadapter entries in /etc/modprobe.conf, and raid modules if the system’s root partition is on raid, which makes it simple to build and use kernels using modular device drivers.

Any module options specified in /etc/modprobe.conf are passed to the modules as they are loaded by the initial ramdisk.

The root filesystem used by the kernel is specified in the boot configuration file, as always. The traditional root=/dev/hda1 style device specification is allowed. If a label is used, as in root=LABEL=rootPart the initrd will search all available devices for an ext2 or ext3 filesystem with the appropriate label, and mount that device as the root filesystem.

FIPS

mkinitrd will add a number of checks to the created initrd if the system is running in fips mode. First the kernel gets integrity checked by running "sha512hmac -c /boot/.vmlinuz-kernel-version.hmac" from the initrd. Then all the crypto algorithm modules get loaded using the embedded signature to integrity check them, and last the tcrypt module gets loaded which runs self tests on all approved crypto algorithms. You can force mkinitrd to add these checks to a created initrd with the --with-fips commandline option.

There are a number of limitations to mkinitrd’s fips support:

TagDescription
/boot Must be on a separate partition
/boot Must not be on nfs, dmraid or mdraid

OPTIONS

TagDescription
--builtin=module
  Act as if module is built into the kernel being used. mkinitrd will not look for this module, and will not emit an error if it does not exist. This option may be used multiple times.

-f Allows mkinitrd to overwrite an existing image file.

--fstab=fstab
  Use fstab to automatically determine what type of filesystem the root device is on. Normally, /etc/fstab is used.

--image-version
  The kernel version number is appended to the initrd image path before the image is created.

--nocompress
  Normally the created initrd image is compressed with gzip. If this option is specified, the compression is skipped.

--nopivot
  Do not use the pivot_root system call as part of the initrd. This lets mkinitrd build proper images for Linux 2.2 kernels at the expense of some features. In particular, some filesystems (such as ext3) will not work properly and filesystem options will not be used to mount root. This option is not recommended, and will be removed in future versions.

--omit-lvm-modules
  Do not load any lvm modules, even if /etc/fstab expects them.

--omit-raid-modules
  Do not load any raid modules, even if /etc/fstab and /etc/raidtab expect them.

--omit-scsi-modules
  Do not load any scsi modules, including ’scsi_mod’ and ’sd_mod’ modules, even if they are present. If the root partition is on a scsi device, mkinitrd will still include the necessary scsi modules to support that device.

--preload=module
  Load the module module in the initial ramdisk image. The module gets loaded before any SCSI modules which are specified in /etc/modprobe.conf. This option may be used as many times as necessary.

-v Prints out verbose information while creating the image (normally the mkinitrd runs silently).

--version
  Prints the version of mkinitrd that’s being used and then exits.

--with=module
  Load the modules module in the initial ramdisk image. The module gets loaded after any SCSI modules which are specified in /etc/modprobe.conf. This option may be used as many times as necessary.

---with-fips
  Force adding kernel integrity checking to the created initrd.

FILES

TagDescription
/dev/loop* A block loopback device is used to create the image, which makes this script useless on systems without block loopback support available (only used on kernels < 2.6)

/etc/modprobe.conf Specifies SCSI modules to be loaded and module options to be used.

/etc/modules.conf Specifies SCSI modules to be loaded and module options to be used. (only used on kernels < 2.6)

SEE ALSO


previous next Printer Friendly


  

Advertisements



Advertisements