| View previous topic :: View next topic |
| Author |
Message |
midnite
Guru
Joined: 09 Apr 2006
Posts: 435
Location: Hong Kong
|
 Posted: Mon May 16, 2022 4:26 pm Post subject: Extract dracut initramfs, edit for raid on LUKS, then repack |
 |
|
May I ask how to extract the dracut initramfs's binary? I would like to edit it to take the same passphrase for two LUKS encrypted disks. [1] Then repack the dracut initramfs.
Is it safe ...
[1] Is it safe to (may be using shell script in the "init" file) save the passphrase into a variable, then open two containers with that variable? May be overwriting that variable with another value, and unset the variable. Will this leave the passphrase in memory such that creates a security hole?
sys-kernel/bliss-initramfs
I know that there is a bliss-initramfs package which helps to unlock a system with encrypted ZFS. It is written by Fearedbliss, who wrote the very good Gentoo ZFS installation wiki. But obviously it is not using LUKS for the encryption, it uses ZFS native encryption. In addition, I think it does not handle multiple encrypted container with the same passphrase.
https://packages.gentoo.org/packages/sys-kernel/bliss-initramfs
https://wiki.gentoo.org/wiki/User:Fearedbliss/Installing_Gentoo_Linux_On_ZFS
Custom Initramfs
I did read about and consider building my custom initramfs. But it would be better, safer, and more convenient if I can reference to and modify an existing working one.
https://wiki.gentoo.org/wiki/Custom_Initramfs
lsinitrd -f init initramfs-5.15.26-gentoo.img | less
At the moment I can use lsinitrd to view the content of the init file. I can use cpio -iF initramfs-5.15.26-gentoo.img to extract it. However after extract, there is only one binary file ./kernel/x86/microcode/AuthenticAMD.bin that I do not know how to interrupt it.
Any helps or suggestions are very much appreciated. Thanks a lot in advance.
_________________
- midnite. |
|
| Back to top |
|
 |
midnite
Guru
Joined: 09 Apr 2006
Posts: 435
Location: Hong Kong
|
| Posted: Mon May 16, 2022 5:35 pm Post subject: |
|
|
| Code: | (cpio -id; zcat | cpio -id) < /path/to/initrd.img
lsinitrd --unpack /boot/initramfs-5.15.26-gentoo.img ; lsinitrd --unpackearly /boot/initramfs-5.15.26-gentoo.img |
With the help from this stack exchange answer, I managed to extract the dracut initramfs by the upper command. I was overlooked that lsinitrd already has the ability to unpack the initramfs by the lower command. Either command will work. I verified by diff -qr that both commands produces the same outputs.
https://unix.stackexchange.com/a/329937/150246
| Code: | find | cpio -H newc -o > /tmp/my_archive.cpio
gzip /tmp/my_archive.cpio
cat my_microcode_image.cpio /tmp/my_archive.cpio.gz > mynewinitrd.img |
Suggested in the comment from the same stack exchange post, one should repack the initramfs by the commands above. However the result img file is no longer able to be phrased by lsinitrd. I cannot verify if these commands produce the correct output.
https://unix.stackexchange.com/questions/163346/why-is-it-that-my-initrd-only-has-one-directory-namely-kernel#comment500597_192058
Edit:
| Code: | find . -print0 | cpio --null --create --verbose --format=newc | gzip --best > /boot/custom-initramfs.cpio.gz
/usr/src/linux/usr/gen_init_cpio ../initramfs.list > ../initramfs.cpio
gzip --best ../initramfs.cpio |
In addition, using either code above is able to repack the initramfs. For more info, please refer to the Gentoo custom initramfs wiki.
https://wiki.gentoo.org/wiki/Custom_Initramfs
✔ Extract the dracut initramfs.
� Modify the script to take same passphrase for two LUKS encrypted disks.
� Is it safe to process the passphrase by variable?
✔ Repack the initramfs.
_________________
- midnite. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
