mkinitrd(8)
NAME
mkinitrd - creates initial ramdisk images for preloading modules
SYNOPSIS
mkinitrd [--version] [-v] [-f]
[--preload=module] [--omit-scsi-modules]
[--omit-raid-modules] [--omit-lvm-modules]
[--with=module] [--image-version]
[--fstab=fstab] [--nocompress]
[--builtin=module] [--nopivot]
[--with-fips]
image kernel-version
DESCRIPTION
mkinitrd creates an initial image used by the kernel for preloading the
block device modules (such as IDE, SCSI or RAID) which are needed to
access the root filesystem. mkinitrd automatically loads filesystem
modules (such as ext3 and jbd), IDE modules, all scsi_hostadapter
entries in /etc/modprobe.conf, and raid modules if the system's root
partition is on raid, which makes it simple to build and use kernels
using modular device drivers.
Any module options specified in /etc/modprobe.conf are passed to the
modules as they are loaded by the initial ramdisk.
The root filesystem used by the kernel is specified in the boot configuration file, as always. The traditional root=/dev/hda1 style device
specification is allowed. If a label is used, as in root=LABEL=rootPart
the initrd will search all available devices for an ext2 or ext3
filesystem with the appropriate label, and mount that device as the
root filesystem.
FIPS
mkinitrd will add a number of checks to the created initrd if the system is running in fips mode. First the kernel gets integrity checked by
running "sha512hmac -c /boot/.vmlinuz-kernel-version.hmac" from the
initrd. Then all the crypto algorithm modules get loaded using the
embedded signature to integrity check them, and last the tcrypt module
gets loaded which runs self tests on all approved crypto algorithms.
You can force mkinitrd to add these checks to a created initrd with the
--with-fips commandline option.
There are a number of limitations to mkinitrd's fips support:
/boot Must be on a separate partition
/boot Must not be on nfs, dmraid or mdraid
OPTIONS
- --builtin=module
- Act as if module is built into the kernel being used. mkinitrd will not look for this module, and will not emit an error if it does not exist. This option may be used multiple times.
- -f Allows mkinitrd to overwrite an existing image file.
- --fstab=fstab
- Use fstab to automatically determine what type of filesystem the root device is on. Normally, /etc/fstab is used.
- --image-version
- The kernel version number is appended to the initrd image path before the image is created.
- --nocompress
- Normally the created initrd image is compressed with gzip. If this option is specified, the compression is skipped.
- --nopivot
- Do not use the pivot_root system call as part of the initrd. This lets mkinitrd build proper images for Linux 2.2 kernels at the expense of some features. In particular, some filesystems (such as ext3) will not work properly and filesystem options will not be used to mount root. This option is not recommended, and will be removed in future versions.
- --omit-lvm-modules
- Do not load any lvm modules, even if /etc/fstab expects them.
- --omit-raid-modules
- Do not load any raid modules, even if /etc/fstab and /etc/raidtab expect them.
- --omit-scsi-modules
- Do not load any scsi modules, including 'scsi_mod' and 'sd_mod' modules, even if they are present. If the root partition is on a scsi device, mkinitrd will still include the necessary scsi modules to support that device.
- --preload=module
- Load the module module in the initial ramdisk image. The module gets loaded before any SCSI modules which are specified in /etc/modprobe.conf. This option may be used as many times as necessary.
- -v Prints out verbose information while creating the image (nor
- mally the mkinitrd runs silently).
- --version
- Prints the version of mkinitrd that's being used and then exits.
- --with=module
- Load the modules module in the initial ramdisk image. The module gets loaded after any SCSI modules which are specified in /etc/modprobe.conf. This option may be used as many times as necessary.
- ---with-fips
- Force adding kernel integrity checking to the created initrd.
FILES
- /dev/loop* A block loopback device is used to create the
- image, which makes this script useless on systems without block loopback support available (only used on kernels < 2.6)
- /etc/modprobe.conf Specifies SCSI modules to be loaded and module
- options to be used.
- /etc/modules.conf Specifies SCSI modules to be loaded and module
- options to be used. (only used on kernels < 2.6)