Skip to content

Latest commit

 

History

History
391 lines (329 loc) · 18.5 KB

README.md

File metadata and controls

391 lines (329 loc) · 18.5 KB

tiny-initramfs - A minimalistic initramfs implementation

This is a very minimalistic initramfs implementation for booting Linux systems. It has nearly no features, but is very small and very fast. It is written purely in C, but uses only parts of the standard library.

There are three primary use cases:

  • It is designed for systems where an initramfs is typically not necessary (block device drivers + root file system compiled into the kernel, no separate /usr file system), but where an initramfs is required for microcode upgrades. Instead of having to use a full initramfs, which is larger (more time spent in the boot loader loading it) and slower (because it does more), tiny-initramfs will add next to no overhead.
  • In cases where UUID-based boot is wanted not a full initramfs.
  • In systems with a split /usr file system, it is necessary to mount that in the initramfs already, else subtle problems may occur. If /usr resides on a simple block device already known to the kernel (without user space helpers such as udev), tiny-initramfs provides a mechanism with very little overhead to mount it before the system is started.

Features

  • Simplicity: the implementation is really simple and very linear. It's most likely easier to understand than other initramfs implementations. The entire program is less about 2500 LoC, and that includes the License headers in the files.
  • Size: the implementation is really small (see below).
  • Speed: there is no noticeable performance penalty, because very little is done before execution is handed over to the operating system proper.
  • Supports kernel-named devices, for example root=/dev/sda1.
  • Supports root=0xMAJMIN.
  • Supports root=UUID=... for ext2, ext3, ext4, xfs and btrfs.
  • Supports parsing /etc/fstab to determine if a separate /usr partition exists and mounting that - as long as the entry there follows the same rule as the root= parameter (kernel device name, or UUID= entry for a select number of filesystems).
  • Supports the root=, rootflags=, rootfstype=, rootdelay=, rootwait, ro, rw and init= parameters.
  • Default timeout of 180 seconds to wait for the root device to appear (starts after the rootdelay= delay is over), after which a kernel panic is caused; if rootwait is specified it will wait indefinitely. (Recompilation is necessary for a larger timeout.)
  • Supports mounting NFSv4 file systems with sec=sys that do not use the idampper, i.e. use raw UIDs/GIDs. For the /usr file system the standard /etc/fstab entries are interpreted, for the root file system one should use root=/dev/nfs and the nfsroot= parameter (as documented in the kernel documentation). The network configuration needs to be specified via the ip= kernel command line parameter.
  • Very trivial module loading support (no automatic dependency resolution).

When compiled on an x86_64 system with the default -Og compiler flags, statically linked against dietlibc 0.33~cvs20120325-6, the binary stripped and the resulting initramfs (without any modules added) compressed with gzip -9, the images produced are between 9 kiB and 14 kiB, depending on the feature set selected.

Using musl instead of dietlibc adds between 1.8 and 2.4 kiB to the resulting initrd.img size (depending on the feature set).

Using glibc instead of dietlibc adds around 310 kiB to the resulting initrd image and is not recommended (although it will work).

Adding modules to the initramfs will increase the size, and many block device and file system drivers are 100s of kiB in size. On the other hand, the kernel would be larger if they were compiled in, so the actual amount of space lost due to using modules is quite a bit smaller.

Requirements

  • The kernel should have the necessary block device and file system drivers built-in that are required to access the root and /usr file systems. Warning: this is not true for most default kernels of mainstream distributions, as they require a full initramfs to load the modules required to mount the root file system.
  • If the necessary drivers are not built into the kernel, there is limited support for loading modules from within the initramfs, see below for details.
  • The kernel must have CONFIG_DEVTMPFS built-in, because this implementation assumes the kernel will just create the devices by itself. (This is true for most distribution kernels.)
  • NFSv4 requires at least kernel 3.5 on both server and client (in order for raw UIDs/GIDs to work) and requires built-in kernel support for network autoconfiguration (CONFIG_IP_PNP and for DHCP support also CONFIG_IP_PNP_DHCP) as well as built-in kernel support for NFSv4 (CONFIG_NFS_FS as well as CONFIG_NFS_V4).

When not to use

  • tiny-initramfs does not support PARTUUID= for mounting the root or /usr file systems. It also doesn't support symlinks created by udev (such as /dev/disk/by-label/...). Only the kernel names themselves, such as /dev/sda1, as well as UUID= and hexadecimal device numbers (0xMAJMIN, e.g. 0x801) are supported.
  • NFSv2/NFSv3 are currently not supported.
  • When booting from USB storage you should always use UUID=, because device names are not necessarily stable.
  • /usr on a FUSE file system, as they require user space helpers running to be able to mount. Generally speaking, any file system that can't be mounted with just a trivial mount syscall, but requires a userspace helper, will not work.
  • Any complex storage setup, such as LVM, encryption, iSCSI, etc. Basically, only things that the kernel provides devices for out of the box (potentially with additional kernel parameters) is supported.

If your setup falls into one of these cases, please use a full initramfs instead of tiny-initramfs. It is not meant to replace those, but provide a light-weight solution in cases where the complexities of a full initramfs are unnecessary.

Caveats

  • Since the initramfs is supposed to be small, fsck will not be executed by tiny-initramfs. For the / file system this is perfectly fine, as most distributions support checking the root file system at boot outside of the initramfs. But this doesn't work for /usr, because e.g. e2fsck will not check a mounted file system other than the root file system; and e.g. systemd passes -M to fsck by default for non-root file systems, so mounted file systems are excluded anyway. It shouldn't be too difficult to special-case /usr here as well, but that work needs to be done if a file system check at boot is to be performed for /usr with tiny-initramfs. (Note that e2fsck plus the required libraries are about 2.5 MiB in size, so having fsck present in the initramfs image is not in the scope of tiny-initramfs, because it would remove all the advantages.)
  • You need to make sure that a split-/usr file system is remounted read-write if the ro option is passed on the kernel command line (because tiny-initramfs will also mount /usr read-only then); otherwise /usr will remain read-only after boot. If you use systemd as your init system, or e.g. the newest Debian initscripts (2.88dsf-59.3 or higher) in conjunction with sysvinit, this should work. tiny-initramfs itself doesn't care about which init system is used, but the init system must be able to cope with the state that tiny-initramfs leaves the /usr file system in. This may require changes to some scripts.
  • If /usr is a bind mount in /etc/fstab, this will currently fail, even though it should be supportable. (It's on the TODO list, as long as that doesn't require yet another file system.)
  • Overlay-type file systems for /usr are untested, but they should work if they are compiled into the kernel. What is not supported are overlay-type file systems for / and/or if something has to be done prior to mounting these file systems (such as creating a directory, or mounting an additional tmpfs or similar).
  • Booting from kernel-assembled RAID arrays (via md=...) should work, but is untested. Don't combine this with UUID=, though, as tiny-initrd currently does not check if a block device has array metadata, so it could falsely identify a member device (instead of the entire array) when using UUID= in some cases. But for arrays that are assembled by the kernel via md=... the device name is known anyway (typically /dev/md0), so this shouldn't be an issue.
  • NFS support is not thoroughly tested.
  • Host names are unsupported for NFS mounts, only IP addresses work.
  • While this is supposed to be portable, this has only been tested on x86_64 (amd64). Since low-level kernel syscalls are performed, there may be some issues on other architectures. Please report those if they are present.

HOWTO

Install an alternative libc implementation that's designed for embedded use cases, such as musl or dietlibc. This is strictly speaking not required, as the default glibc will also work, but then the binary size of the resulting binary will be far larger. If tiny-initramfs doesn't work with your favorite libc implementation, please report this, so that it may be fixed.

Find out the compile command required to use your C library. For example, with dietlibc it's "diet gcc", with musl it's musl-gcc.

Use

./configure CC="diet gcc"
make

to compile the tiny_initramfs binary and

make initrd.img

to auto-create the initramfs image. Replace "diet gcc" with the appropriate command for your libc implementation.

Note that if you specify CFLAGS (potentially via your build system) you should take care to specify -Os and not to specify any debug (-g) options, as those tend to increase the binary size quite a bit. ./configure will warn you about it, but it not abort in that case, because the binary will work. Likewise, if you don't use an alternative libc implementation but glibc, ./configure will warn you about it, because that will increase the binary size by a factor of 10 to 20.

You may specify multiple options to enable/disable certain features in the initramfs. Specifically, you can disable UUID mounting support (enabled by default), and you can enable NFSv4 support (disabled by default). A list of possible options is displayed when using

./configure --help

The initramfs creation is really simple, you may also do so manually:

  1. create an empty directory, let's call it initramfs/
  2. copy tiny_initramfs to the directory, call it init (you can call it something else, but then you also need to pass the rdinit=/newname option to the kernel command line)
  3. strip the binary to reduce it's size (optional)
  4. create the dev, proc and target subdirectories
  5. cpio the directory and compress it

The following commands do just that:

mkdir initramfs
cp tiny_initramfs initramfs/init
strip initramfs/init
mkdir initramfs/dev initramfs/proc initramfs/target
cd initramfs ; find . | cpio -o --quiet -R 0:0 -H newc | gzip > ../initrd.img

With this there's now a (kernel-independent) initramfs image that may be used to boot the system. Note that as of now there is no integration with distributions, so configuring the boot loader etc. has to be done manually.

Support for loading modules

There is limited support for loading modules if --enable-modules is specified during the configure invocation. To use this feature, one needs to create a file /modules in the initramfs image that is of the following format:

/file.ko options

The modules should not be in a sub-directory, because the directory containing them will not be cleaned-up by tiny-initramfs after mounting the root file system. (Loading the modules will work though.)

For example, the virtio block device driver virtio_blk requires some additional modules to work. Using modprobe one may find out which:

$ /sbin/modprobe --all --ignore-install --quiet --show-depends virtio_blk
insmod /lib/modules/[...]/kernel/drivers/virtio/virtio.ko
insmod /lib/modules/[...]/kernel/drivers/virtio/virtio_ring.ko
insmod /lib/modules/[...]/kernel/drivers/block/virtio_blk.ko

It turns out that this is not quite sufficient, because the virtio_pci driver is also required for virtio_blk to work (the driver loads without virtio_pci, but doesn't work), so one may use:

$ /sbin/modprobe --all --ignore-install --quiet --show-depends virtio_blk virtio_pci
insmod /lib/modules/3.16.0-4-amd64/kernel/drivers/virtio/virtio.ko
insmod /lib/modules/3.16.0-4-amd64/kernel/drivers/virtio/virtio_ring.ko
insmod /lib/modules/3.16.0-4-amd64/kernel/drivers/block/virtio_blk.ko
insmod /lib/modules/3.16.0-4-amd64/kernel/drivers/virtio/virtio.ko
insmod /lib/modules/3.16.0-4-amd64/kernel/drivers/virtio/virtio_ring.ko
insmod /lib/modules/3.16.0-4-amd64/kernel/drivers/virtio/virtio_pci.ko

(Note that in case soft dependencies are treated via install lines, these have to be resolved manually. This is typically not the case for drivers needed within initramfs, because other implementations also suffer from the same issue. install is deprecated anyway according to the manual page of modprobe.d.)

One may then copy these drivers to the initramfs image, and then add a module file with the following contents:

/virtio.ko
/virtio_ring.ko
/virtio_blk.ko
/virtio.ko
/virtio_ring.ko
/virtio_pci.ko

The order is important, because dependency resolution is not performed by tiny-initramfs, it has to be done while creating the initramfs image. Duplicate entries are not a problem, because they will silently be ignored (but you may remove duplicate entries if you don't change the order otherwise).

Options may be specified when followed by a space (tab characters not supported), for example:

/libata.ko noacpi

Debugging

If an error occurs, tiny-initramfs will print an error message indicating the problem and then sleep for 10s before exiting. This is because exiting will cause a kernel panic, but typical kernel traces are so large that they replace the entire screen contents on a standard terminal, so that the original message is not visible anymore. The 10s delay allows the user to see what the problem is.

Additionally, one may use the --enable-debug flag of ./configure to make initrd.img verbose (while increasing the size a bit). This makes debugging easier, especially if the system hangs at a certain point. When compiled with that option, tiny-initramfs will print the contents of /proc/self/mountinfo and sleep for 5s after mounting the root (and potentially /usr) file systems before executing init.

Design considerations

The design of tiny-initramfs is as minimalistic as possible. The buffered I/O functions from the stdio.h standard library are completely avoided, because they can increase the code size quite a bit, depending on the libc implementation. At one point an own minimalistic buffered I/O routine is implemented (much smaller than the full standard library linked in).

Dynamic allocations are avoided and buffers on the stack are used. Code that properly handles dynamic allocations tends to be longer, so this reduces code size. The buffers are sized generously (there are not that many buffers that the amount of RAM used is a concern just yet, even for small systems), so that no real flexibility is sacrificed.

None of this is extremely performance-critical (it is going to be quite fast regardless, because very little is done compared to even just running a shell), so no algorithm is optimized for speed directly. For example, the mount option parser table is somewhat compressed to reduce the code size (negation and recursive variants of mount options are not repeated), to the point where further reduction would likely sacrifice the readability of the code. Execution speed is achieved by doing very little, not by micro-optimizing algorithms.

Sometimes it is necessary to reimplement certain libc functions because using the libc variants increase the image size too much. For example, using inet_ntoa and inet_aton (to convert between ASCII to binary representations of IP addresses) from the musl C library will cause initramfs images (after compression) to be an additional 5 KiB larger as compared to the own implementation.

Of course, changes that reduce the current code size even further (as long as the code remains readable) are very welcome.

Future features

There is no goal of adding too many additional features here, because any additional feature is going to increase the binary size, and this is supposed to be minimalistic and not a replacement for a full initramfs. If you need advanced features, please use an already existing solution. That said, there are a couple of things that might be interesting regardless:

  • Minimalistic NFSv2/3 mounting support (akin to the current NFSv4 code).
  • Maybe support host name lookups for NFS mounts? (Probably not going to happen, as an own DNS resolver will likely increase the image size by too much - and is likely going to be rather complicated.)
  • Support UUID= for more filesystems, as long as they are really simple. Currently, the implementation checks the magic bytes of a given file system on the each device, and then compares the UUID at the right position in the file system metadata. (See devices.c for details on how this is implemented for the currently supported file systems.)
  • Support for excluding MD/RAID/... devices when probing for UUIDs of file systems.

Note that the goal is to keep the initrd.img size smaller than 16 KiB on all platforms, so a cutoff of 15 KiB is used on x86_64, to leave room for different assembly code sizes etc., at least when used in a minimal configuration. Therefore, some features (such as UUID= and NFSv4 support) are compile-time optional.

Note: any features missing from tiny-initramfs that would be required in a space-constrained environment (i.e. mainly embedded), where it was designed for, stand an excellent chance of being included later, at least compile-time optional. Please make your case if you are missing something.

TODO

  • bind mounts for /usr
  • clean up the code a bit.
  • go through all messages printed and make sure they are uniform in style