Debian initramfs: Difference between revisions
(simple initramfs modifications are easier) |
mNo edit summary |
||
| Line 41: | Line 41: | ||
# In particular, set OLPC=$(HOME), ROOTSKEL=$(HOME)/olpcrd-rootskel, and DI=$(HOME)/olpcrd |
# In particular, set OLPC=$(HOME), ROOTSKEL=$(HOME)/olpcrd-rootskel, and DI=$(HOME)/olpcrd |
||
make di |
make di |
||
If the build is successful, your new initramfs will be available at |
|||
ls build/dest/initrd.gz |
|||
To change the initramfs, modify the source files in <tt>~/olpcrd-rootskel/olpc-src/</tt> then re-run <tt>make di</tt> from <tt>~/olpcrd</tt>. |
To change the initramfs, modify the source files in <tt>~/olpcrd-rootskel/olpc-src/</tt> then re-run <tt>make di</tt> from <tt>~/olpcrd</tt>. |
||
| Line 53: | Line 57: | ||
### make your changes here ### |
### make your changes here ### |
||
find . -print | cpio -H newc -o | gzip -9 >../olpcrd.img # and repack it |
find . -print | cpio -H newc -o | gzip -9 >../olpcrd.img # and repack it |
||
=== Kernel modules and firmware === |
|||
Due to some peculiarities of the OLPC build system, initramfsen are created and only later combined with appropriate kernel modules and firmware by the build compose-tools. This means that when generating initramfsen for testing purposes, it is necessary to install appropriate kernel modules and firmware by hand. |
|||
To install modules and firmware, simply unpack the initramfs produced by the build system, locate the modules you want to install (e.g. by extracting them from the kernel RPM used by OLPC, from an older initramfs, or from the XO you want to modify) |
|||
FOO=/path/to/modules |
|||
and install the modules into your initramfs. |
|||
cp -r $FOO/lib/modules/* $FOO/lib/firmware/* . |
|||
Finally, repack the initramfs according to the instructions above. |
|||
Revision as of 20:34, 26 December 2008
Because of our firmware security model, we regularly use signed initramfsen such as olpcrd/olpcrd-rootskel to handle deployment and security related tasks on laptops which may be unactivated, activated but not individuated, or fully indivduated (i.e. configured for a specific user). This article describes the method we use for constructing these initramfsen.
Our initramfsen are current constructed with debian-installer on a lenny or sid. Since I happen to be working from an F-7 machine located at MIT, I built an appropriate Debian chroot by running
sudo su - yum install debootstrap mkdir sid-root debootstrap --arch i386 sid sid-root/ http://debian.lcs.mit.edu/debian/
as root. NB: debootstrap requires that lots of things from /sbin and /usr/sbin be accessible on $PATH. Be careful if you're using sudo to exercise root privilege.
(If you're making your own chroot, please choose a suitable Debian mirror)
Once we've got the chroot up, we need to do some configuration inside the chroot:
chroot sid-root /bin/su - mount -t proc proc /proc mount -t sysfs sys /sys mount -t devpts devpts /dev/pts echo 'deb-src http://debian.lcs.mit.edu/debian sid main' >> /etc/apt/sources.list apt-get update
Then we'll install the build-dependencies of the initramfs:
apt-get install git-core pbuilder yaird debhelper python-pyrex netpbm apt-get build-dep debian-installer
Next, we'll check out the source code of the initramfs:
git clone git://dev.laptop.org/users/cscott/olpcrd git clone git://dev.laptop.org/users/cscott/olpcrd-rootskel cd olpcrd-rootskel git submodule init git submodule update
Finally, we'll fill in appropriate paths and run make:
cd ../olpcrd
$EDITOR Makefile # patch up the paths in the first three environment variables. All we need are the paths to /root/olpcrd and /root/olpcrd-rootskel
# In particular, set OLPC=$(HOME), ROOTSKEL=$(HOME)/olpcrd-rootskel, and DI=$(HOME)/olpcrd
make di
If the build is successful, your new initramfs will be available at
ls build/dest/initrd.gz
To change the initramfs, modify the source files in ~/olpcrd-rootskel/olpc-src/ then re-run make di from ~/olpcrd.
Simple initramfs modification
To modify an existing initramfs it is often simplest to unpack it into a directory, modify it as suited, and pack it back up:
mkdir initramfs # make and enter work directory to unpack the initramfs cd initramfs gunzip -c ../olpcrd.img | cpio -i # unpack the image ### make your changes here ### find . -print | cpio -H newc -o | gzip -9 >../olpcrd.img # and repack it
Kernel modules and firmware
Due to some peculiarities of the OLPC build system, initramfsen are created and only later combined with appropriate kernel modules and firmware by the build compose-tools. This means that when generating initramfsen for testing purposes, it is necessary to install appropriate kernel modules and firmware by hand.
To install modules and firmware, simply unpack the initramfs produced by the build system, locate the modules you want to install (e.g. by extracting them from the kernel RPM used by OLPC, from an older initramfs, or from the XO you want to modify)
FOO=/path/to/modules
and install the modules into your initramfs.
cp -r $FOO/lib/modules/* $FOO/lib/firmware/* .
Finally, repack the initramfs according to the instructions above.