Classic very old grub kernel & initramfs

[Moriah]

BACKGROUND:

I've been running gentoo for 20 years, and I have always built my kernels the old fashioned way, but I haven't built a kernel in several years now, and I am trying to clean up my Lenovo Thinkpad W530. Since I need to keep the old system running for my paying work, I bought a new SSD and just popped the old SSD out and put the new one in, so I would always have a bootable backup by swapping the disks back to the original SSD. So I started with an empyt disk.

I use LVM directly on the SSD without any partition table at all. I boot the system with a USB drive I carry on my keychain in my pocket, so the USB drive is like my ignition key for my laptop. The main SSD is LUKS encrypted as the entire disk -- remember, no partition table.

The USB boot drive has an init script that first mounts /proc and /sys, then runs cryptsetup luksOpen to ask for the pass phrase to decrypt the SSD. Next, it runs vgscan and vgchange to get LVM going, and then mounts what will eventually be root on /mnt/root.

Finally, it unmounts /proc and /sys and does the switch_root to make the system on the SSD appear at / and runs /sbin/init to start the full blown gentoo system.

THE PROBLEM:

I have built my kernel, but I can't remember where make menuconfig puts the resulting kernel, and the handbook now omits that information because everything has been automated by config-kernel or kernel-config and by making things so automatic and easy, so I need to know where the compiled kernel image lies after running make to build the kernel. I guess I could look into the Makefile and figure it out, but I thought I would ask first.

Also, to boot into a LUKS encrypted LVM managed disk, I need an initrd/initramfs. As it now stands, I have an initramfs directory that holds everything I need, and I have foggy memories of having to tar and gzip the initramfs directory and then having to use cpio to combine the kernel image with the initramsf.tar.gz file. Then I copy this resulting file to my /boot drive (the USB stick), and edit the /boot/grub/grub.conf file to tell grub which kernel to boot.

I would prefer to do all this manually again, the good old fashioned way, but the handbook thinks evrybody wants automatic transmission and driver assist, while I still prefer to shift my own gears and be the only one working the controls. I do understand that newer users expect everything to be one click of the mouse easy, like ubunto, but when you are doing custom stuff, which is gentoo's strength, fully manual is more versatile, and educates you on the details so you can more easily troubleshoot problems.

THE REQUEST

Can someone tell me how to setup up my nice shiny new linux-6.6.13-gentoo kernel so I can boot it with my boot stick?

I need to know where the built kernel resides after doing the make in /usr/src/linux to build it.

I need to know how to package my initramfs directory into a combined kernel and initramfs.

I can take it from there.

Please excuse the long post, but I am trying to explain the situation I am in.

Here is my initramfs directory:

[Hu]

The kernel has supported make install, without the aid of any fancy supporting packages, for a long time. I expect that make -n V=1 install would show you the commands it would run (V=1) and not do them (-n), so that you can see where it would copy the files from. Alternatively, you could set INSTALL_PATH and INSTALL_MOD_PATH to cause make install to write to a temporary area of your choosing, after which you could copy the files to the directory representing your USB stick.

As regards building the initramfs, my preference has always been to use the kernel's built-in support for composing an initramfs (CONFIG_INITRAMFS_SOURCE), which also embeds it into the resulting kernel image. This makes the image a bit bigger and is less space efficient, since every kernel has a copy of the initramfs, even if you never change it. On the other hand, since it is built into the kernel, the bootloader does not need to be informed of the initramfs, which simplifies configuring the bootloader.

[Moriah]

Thanks Hu! Its just been so long since I built a kernel for this laptop that I forgot the details of packaging the initramfs and the kernel into a single file. This is the first kernel I have built for this box in 5 years.

The USB boot stick has 32 GB, so no problem with the wasted space.

I am finished playing with the new kernel build for today; I gotta do some work with the old SSD to earn some money.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[NeddySeagoon]

Moriah,

Be warned that if you have a separate /usr filesystem, the initrd must mount it just after root is mounted.
That's not new news but the breaking implementation is new this week.

My box didn't boot this morning after an update yesterday but I knew that this was coming so I had the initrd already prepared and on the boot menu.

Consider

[Moriah]

I think I have found where the make leaves the kernel imags. Is it in /usr/src/linux/x86/boot/bzImage ?

So where do I find documentation on using CONFIG_INITRAMFS_SOURCE to combine the initramfs with the kernel? My initramfsdirectory is in /usr/src/initramfs. Do I need to manually cpio it and then gzip it and leave the resume somewhere, of does CONFIG_INITRAMFS_SOURCE just contain /usr/src/initramfs like so:

[pietinger]

[Moriah]

So:

[Moriah]

OK, I tried it today. Guess what? The settings to combine the initramfs at /usr/src/initramfs with the kernel were already there! They are now apparently the default. So that means I had already built the kernel with the initramfs incorporated into it.

But it doesn't boot. It doesn't even get as far as trying to run the init script in my initramfs, at least not as far as I can see.

The kernel panics, but the screen won't hold enough for me to understand exactly where it was when it paniced.

I have copied the output of dmesg to the file at: http://www.elilabs.com/~rj/w530_dmesg.txt

A copy of the screen when the panic kills everythin is at: http://www.elilabs.com/~rj/w520_boot_fail.jpg

The last line of the panic screen says "Attempt to kill init"
the last line of the dmesg says "XFS (dm-1): Ending clean mount"

So my root filesystem did get mounted, but somehow the init script in my initramfs failed to get executed. My initramfs is shown earlier in this thread.

Since I haven't built a kernel in several years, I am very rusty at this. Can someone suggest what might be causing my problem?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[pietinger]

I guess you are using outdated binaries and libraries in your /usr/portage/initramfs (in your first post I see directory dates from 2010 ...)

You must provide every binary you use in your directory structure AND every library; you find out with "ldd" or "lddtree". Your first binary - cryptsetup - you start needs (I have amd64 stable) for example:

[Moriah]

All the executables used by my initramfs are static linked and in the initramfs, so no dependencies to worry about there.

The weird messages about /dev/sda are because the disk is not partitioned and uses LVM directly on the raw disk, and it is fully whole disk LUKS encrypted. The main reason for the initramfs is to enable LVM and to run cryptsetup luksOpen and then mount the root filesystem, then chroot to it. This is the same initramfs I have used for years; it booted the disk I am running now to answer this post.

I suspect that the initramfs init script has not yet started to run, but I can check that by putting some sleeps in the script to slow things down so I can watch it. I will try that tomorrow and post here what happens.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[pietinger]

To be on a safe side with device nodes you might do something we have in every modern init: Automounting of device nodes in /dev/*

If you use Gentoo Sources this is usually already enabled:

[Moriah]

It has nothing to do with the initramfs. The new kernel is panicking before it gets that far.

I am placing the .config for my old 4.14.83-gentoo system in:

[pietinger]

It is not possible to proof if a kernel configuration fits to a machine, without knowing the machine ... or VM where it runs.

(our Wiki is not a great Help for your https://wiki.gentoo.org/wiki/Lenovo_Thinkpad_W530 )

Do you boot a GPT or MBR disk (CSM mode in BIOS enabled or disabled?) ? Do you use a bootmanager (which?) or UEFI to boot the kernel ? Output of "lsmod", "lspci -nnk" AND "dmesg" after booting with our GentooAdminCD (or LiveCD) ?

What I can say: You will get no output on your terminal because of missing FrameBuffer and FBConsole:

[Moriah]

I have the disk containing the old system for my lenovo thinkpad w530 laptop. It boots and runs, but it is so out of date that it is unmaintainable. In particular, I have the old .config file for the 4.14.83-gentoo kernel that it currently is running.

[pietinger]

[Moriah]

I had thought of "incrementally" increasing the kernel version uising makeoldconfig myself.

Regarding the kernel panic, no I haven't had much time to work on it the past few days. I had a big wedding to attend Saturday, and Sunday was filled with church and Monday was tied up with working on cabinetry in the laundry room. Seems a bit strange for woodworking to interfere with kernel building, but my wife is growing impatient waiting for the construction in the house to get finished.

Also, I keep having to interrupt kernel building (and a complete re-installation of gentoo in general ) on my laptop by re-installing the old disk so I can boot it and get some real work done. I get maybe 2 or 3 hours to tinker on the new system, then I have to switch back to the old disk.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[Hu]

Can your hardware support booting off an external drive? That might let you keep the working drive in the system, but boot into the new disk when you have time to work on this.

[Moriah]

Its not the time to swap disks that is the issue, its the loss of context on the running old system. I can swap the physical disk in a couple of minutes. Its the loss of all the context in the running old system when I shut it down and then later reboor it. One of the things I want to experimenrt with once the new system si working is using lxd coontainers like a slimmed down vm and saving and restoring the lxd container context across reboots. I used to do that with vm's back in the day by saving the state of a vmware vm. Then I could shut down the laptop, take it with me somewhere, then rebooty the laptop and restore the context of the vm. Voila! All my previously running windows, etc. are right back up just like the machine never got shut down.

Since I use whole disk LUKS encryption (and I boot from a usb stick on my keychain in my pocket) and hibernate function requires saving context on the disk, it won't work if the disk is fully encrypted, and worse yet, the encryption key is saved in the preserved memory image of the running system.

And to make it even worse, when I work on the new disk in the laptop, since the system is still in the unbootable beginning stages, I prefer to boot it with a live usb stick and then get networking running and connect via ssh from another system. But we are in the middle of moving from one location to another (5 minutes away), and my laptop is with me in the new location, but the rest of my machines and my network are still in the old location. So I have to drive the car to the old location to get on another machine to work on the new system disk.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[Hu]

Understood. Hibernation can work with an encrypted disk, though the standard advice in that case is that you should hibernate to encrypted swap, so that the filesystem device's encryption key is protected by the encryption of the swap device. I understand you may consider that insufficiently secure, and want to avoid it. For what it is worth, I have worked jobs where the IT security policy required an encrypted swap, encrypted filesystem device (ext4 inside LUKS on a partition), but permitted hibernating to that encrypted swap device. That was considered "secure enough" for the IT department.

[Moriah]

Well my laptop's old system runs 32 gb ram with no swap at all. I have configured my new disk for that laptop to have 64 gb of swap, and since the whole disk is LUKS encrypted and then LVM is used instead of partitioning, my swap is also encrypted. I am anticipating getting a new laptop, probably either a dell or another lenovo, with 128 gb ecc ram to support a kubernetes development environment. I will need it to handle kvm, lxd, docker, and kubernetes with ewnough room for multiple vm's that look like separate machines to kubernetes so clustered container configurations can be prototyped all on the laptop.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[sublogic]

You have to resolve that kernel panic first. Can you boot with init=/bin/sh, or modify your /init script to check /proc/cmdline and optionally give you a rescue shell ? If the kernel hasn't panicked yet you can look around and see what's wrong. (Just run a shell, don't exec one by calling rescue_shell.)

-----------------
If you get the kernel to work,

[Moriah]

I haven't used hibernation in a long time. Is it still possible to hibernate to a swap device that is under LVM on a LUKS encrypted SSD? As i said in an earlier post, I boot from a usb stick that loads the kernel and runs an init script that accepts the LUKS pass phrase, then decrypts the disk, activates LVN, and then does the pivot root to run on the decrypted LUKS managed disk. The LUKS/LVM disk is not partitioned, it runs LVM directly on the decrypted disk image.

Also, could my init script ask whether I what to resume from hibrenation, and possible bypass that step if wanted a fresh boot instead?

Evil maid is not generally a concern because the maid won't have my boot usb stick or my LUKS pass phrase, so she won't be able to boot the box or make sense of the disk if she steals an image of it.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.

[sublogic]

[1shot1kill]

Maybe I am not fully understanding this fully. But they way I am understanding this is that the boot drive is USB and then mounts an encrypted LUKSFS.

Why not run sys-kernel/gentoo-kernel-bin that supports LUKS and everything else. Yes its over kill in a lot of regards, but it will get you up and running and then you can pull your .config from your old drive to the new one and go from there.

Also why not just use UUID's to mount your LUKS device off your USB stick?

Again I might be miss understanding your needs/layout

[Moriah]

@1shot1kill: