(Solved)mkinitcpio systemd hook help

MrSplitsG · 2022-05-22 17:47:55

Hi everyone,

I was hoping that there might be some one that understand systemd's boot process, I'm experimenting with Secure boot, TPM2 (not clevis) and overlayfs, with udev I'm able to follow mkinitcpio hooks for a aur package liveroot, however I read somewhere that systemd kind off "ignores" other kernel parameters or hooks (https://bbs.archlinux.org/viewtopic.php?id=248836).

My goal is to mount root on an overlayfs like liveroot does inside the initramfs but using the systemd hook so that I can use sd-encrypt.

My reason for doing this is that Liveroot has saved my skin a few times with me experimenting with broken packages and custom scripts, when i stuff up a simple reboot, fixes all my problems.
The reason for wanting to use systemd is that it is already pre-installed on the OS and has TPM2 support.

I'm struggling to understand how systemd mounts root in the initramfs and I'm not all that familiar with systemd in general.

With systemd hook in kernel perimeters using init=/bin/sh, rescue or emergency doesn't help me because the root is already mounted and switched to.
with udev I can use break=premount or break=postmount to follow the code in a hook but with systemd in mkinitcpio break no longer works.

if anyone can help me understand how I can implement overlay with systemd that would be great.

Ill provide details on what I did when i get a chance to again.
Just really hope systemd developers wont patch it out without providing another way to mount root as overlay.

Last edited by MrSplitsG (2022-07-14 14:46:18)

MrSplitsG · 2022-07-14 07:47:35

Note that if systemd updates or some components of systemd updates that /usr/lib/systemd/system/initrd-switch-root.service and /usr/lib/initcpio/install/systemd might be set back to its original state and will need to be re modified to re apply the below
You may have to modify some parts mentioned below to work for your environment as i was using my systems root mount point in the script and not a system variable
It may not work for everyone and there is still plenty of improvement required in the below

Found a Way to get it to work.

Not sure if this is a proper way but here goes.

I am using the techniques used in liveroot.

I have tested this on opensuse using dracut, it does work but i will not be explaining using dracut, this is for mkinitcpio

First modify: mkinitcpio.conf

/etc/mkinitcpio.conf
MODULES=(.. zram ext4 overlay ..)
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck)

Then modify the below by adding the entried underneath build, ignore line 70 its just to show that the original systemd entries exists underneath what was added:
(The numbers in the front of the code showes what lines i added the code to)

/usr/lib/initcpio/install/systemd 

61 build() {
62     local rules unit
63     add_dir /lroot
64     add_dir /troot
65     add_binary zramctl
66     add_binary nproc
67     add_binary mkfs.ext4
68     add_binary free
69     add_binary /usr/lib/systemd/sd-root /usr/lib/systemd/sd-root
70     ...........

Next create sd-root execution script:

/usr/lib/systemd/sd-root

#!/bin/ash

modprobe zram num_devices=1
oroot=$(cat /proc/cmdline | awk  -Fsdroot= '{print ($2)}')
if [ "$oroot" = "cmp" ]; then

    umount /sysroot

    ms=$(free -m | awk '/Mem/ {print int($2)}')
    od=$(zramctl -f -s $(($ms*2))M -a lzo -t $(nproc))
    mkfs.ext4 $od

    mount /dev/CryptLVMVol/root /lroot
    mount $od /troot

    mkdir /troot/upper
    mkdir /troot/work

    mount sd-oroot -t overlay -o lowerdir=/lroot,upperdir=/troot/upper,workdir=/troot/work /sysroot

    systemctl --no-block switch-root /sysroot

else

    systemctl --no-block switch-root /sysroot

fi

Next hashout the current ExecStart and add a new entry in:

/usr/lib/systemd/system/initrd-switch-root.service

#  SPDX-License-Identifier: LGPL-2.1-or-later
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Switch Root
DefaultDependencies=no
AssertPathExists=/etc/initrd-release
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
AllowIsolate=yes

[Service]
Type=oneshot
#ExecStart=systemctl --no-block switch-root /sysroot
ExecStart=/usr/lib/systemd/sd-root

Next compile initramfs

# mkinitcpio -P

Next modify grub.cfg by adding sdroot=cmp to the end of the kernel parameters :

/boot/grub/grub.cfg

linux   /vmlinuz-linux-lts rd.luks.name=Device-UUID=CryptLVM root=/dev/CryptLVMVol/root loglevel=3 quiet sdroot=cmp

if sdroot=cmp is not added it will always boot normally, for if you have multiple entries in your grub boot menu.

Last edited by MrSplitsG (2022-11-03 10:54:57)

ewaller · 2022-07-14 13:56:37

Could you please elaborate so as to be helpful to the next person with this issue?

Arch Linux

#1 2022-05-22 17:47:55

(Solved)mkinitcpio systemd hook help

#2 2022-07-14 07:47:35

Re: (Solved)mkinitcpio systemd hook help

#3 2022-07-14 13:56:37

Re: (Solved)mkinitcpio systemd hook help

Board footer