| View previous topic :: View next topic |
| Author |
Message |
MrSnivvel
n00b
Joined: 05 May 2007
Posts: 14
|
 Posted: Tue Dec 19, 2023 7:47 pm Post subject: UKI creation problems with Genkernel and Dracut |
 |
|
I'm using a UKI (Unified Kernel Image) to boot directly from UEFI on my system that I'm currently creating using Genkernel. For the most part works, but has to be ran a second time to actually build the kernel image completely because it fails with a message that '/lib/modules/${kernel_version}' does not for creating the initramfs. My workaround is to manually do make modules ; make modules_install and re-run Genkernel which rebuilds the kernel again. I don't see an option in the genkernel.conf to either enable those steps or just make genkernel realize that a UKI doesn't use modules.
genkernel.conf (with comments, whitespace removed)
| Code: |
INSTALL="yes"
OLDCONFIG="yes"
MENUCONFIG="yes"
MOUNTBOOT="yes"
SAVE_CONFIG="yes"
NOCOLOR="false"
MAKEOPTS="$(portageq envvar MAKEOPTS)"
LUKS="yes"
DMRAID="yes"
BUSYBOX="yes"
MDADM="yes"
BTRFS="yes"
ALLFIRMWARE="no"
FIRMWARE="yes"
FIRMWARE_DIR="/lib/firmware"
FIRMWARE_FILES="amd-ucode/microcode_amd_fam19h.bin,amd/amd_sev_fam19h_model0xh.sbin,amdgpu/navi14_asd.bin,amdgpu/navi14_ce.bin,amdgpu/navi14_ce_wks.bin,amdgpu/navi14_gpu_info.bin,amdgpu/navi14_me.bin,amdgpu/navi14_mec2.bin,amdgpu/navi14_mec2_wks.bin,amdgpu/navi14_mec.bin,amdgpu/navi14_mec_wks.bin,amdgpu/navi14_me_wks.bin,amdgpu/navi14_pfp.bin,amdgpu/navi14_pfp_wks.bin,amdgpu/navi14_rlc.bin,amdgpu/navi14_sdma1.bin,amdgpu/navi14_sdma.bin,amdgpu/navi14_smc.bin,amdgpu/navi14_sos.bin,amdgpu/navi14_ta.bin,amdgpu/navi14_vcn.bin"
BOOTLOADER="grub2"
GK_SHARE="${GK_SHARE:-/usr/share/genkernel}"
CACHE_DIR="/var/cache/genkernel"
DISTDIR="${GK_SHARE}/distfiles"
LOGFILE="/var/log/genkernel.log"
LOGLEVEL=1
DEFAULT_KERNEL_SOURCE="/usr/src/linux"
BUILD_STATIC="yes"
INITRAMFS_FILENAME="initramfs-%%KV%%.img"
ALLRAMDISKMODULES="yes"
INTEGRATED_INITRAMFS="yes"
COMPRESS_INITRD="yes"
COMPRESS_INITRD_TYPE="best"
|
I've tried to "migrate" to just using Dracut directly but have not found the secret sauce yet to just build with I need after looking at various Wiki pages on what to set in there. But it's hard to tell if those settings are outdated/deprecated/superseded these days.
dracut.conf
| Code: |
add_dracutmodules+=" btrfs crypt dm rootfs-block systemd "
uefi="yes"
early_microcode="yes"
compress="bzip2"
kernel_cmdline+=" crypt_root=PARTUUID=3d833d6e-2a01-c44e-a004-25c9ad4b6f8f root=/dev/mapper/root init=/usr/lib/systemd/systemd "
use_fstab="yes"
hostonly="yes"
hostonly_mode="strict"
|
Does someone have a surefire way of making UKIs for UEFI booting that completes successfully in one-shot? I get the feeling that going straight Dracut is the better long term method than genkernel, is that a correct perception? |
|
| Back to top |
|
 |
AndrewAmmerlaan
Developer
Joined: 25 Jun 2014
Posts: 266
Location: Nijmegen
|
| Posted: Tue Jan 16, 2024 2:48 pm Post subject: Re: UKI creation problems with Genkernel and Dracut |
|
|
| MrSnivvel wrote: | | Does someone have a surefire way of making UKIs for UEFI booting that completes successfully in one-shot? I get the feeling that going straight Dracut is the better long term method than genkernel, is that a correct perception? |
I am not sure about genkernel, but for dist-kernels (i.e. gentoo-kernel) and manually configured kernels (i.e. gentoo-sources) setting USE="dracut uki" on sys-kernel/installkernel should do the trick, to use ukify instead of dracut enable USE=ukify as well.
_________________
OS: Gentoo 6.7.3-gentoo-dist, ~amd64, 17.1/desktop/plasma/systemd/merged-usr
MB: MSI Z370-A PRO
CPU: Intel Core i9-9900KS
GPU: Intel Arc A770 16GB & Intel UHD Graphics 630
SSD: Samsung 970 EVO Plus 2 TB
RAM: Crucial Ballistix 32GB DDR4-2400 |
|
| Back to top |
|
|
Screenager
n00b
Joined: 26 Nov 2023
Posts: 37
|
| Posted: Thu Jan 18, 2024 3:57 am Post subject: Re: UKI creation problems with Genkernel and Dracut |
|
|
| MrSnivvel wrote: | | I've tried to "migrate" to just using Dracut directly but have not found the secret sauce yet to just build with I need after looking at various Wiki pages on what to set in there. But it's hard to tell if those settings are outdated/deprecated/superseded these days. |
I know exactly what you mean, I felt the same way. I became friends with dracut after I stopped worrying about rd.luks parameters and just doing the luks unlocking myself.
You can modify the script I shared here. You just need a single password prompt and replace the cryptsetup command with:
| Code: |
echo $pword | cryptsetup luksOpen /dev/disk/by-partuuid/3d833d6e-2a01-c44e-a004-25c9ad4b6f8f root |
|
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21650
|
| Posted: Thu Jan 18, 2024 4:00 pm Post subject: |
|
|
Regarding https://wiki.gentoo.org/wiki/User:Screenager/install/encrypted_detached_header_lvm_unified_gentoo_kernel_image_customized_dracut#Configuring_and_modifying_dracut :
If you only want to use the password once and then discard it, then letting cryptsetup read from the keyboard is a better solution than loading it into the shell and making the shell pass it to cryptsetup. Also, note that the comment removes password from memory is probably wrong. There is no guarantee that unsetting the shell variable will clear the memory before marking it as free.
You can test the return code of cryptsetup instead of testing for the existence of the resulting block device. It will return a failure code if the user supplied an invalid password. Even better, it will return different failure codes depending on whether the error is that the target is not a LUKS device versus that it is a LUKS device that the user failed to unlock. |
|
| Back to top |
|
|
Screenager
n00b
Joined: 26 Nov 2023
Posts: 37
|
| Posted: Fri Jan 19, 2024 6:57 am Post subject: |
|
|
| Thank you yet again, Hu, I will rewrite that script. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Kernel & Hardware
