You are not logged in.
Hello,
I am trying to link my kernel with an external initramfs, for it to be a single signable binary. I followed the instructions here, performed the full kernel packaging command that is described there, with the files that are available on my Arch laptop:
EFISTUB=/usr/lib/systemd/boot/efi/linuxx64.efi.stub
DESTINATION=testkernel.bin
KERNEL=/boot/vmlinuz-linux
INITRD=/boot/initramfs-linux.img
CMDLINE=/proc/cmdline
OSREL=/etc/os-release
objcopy --add-section .osrel="$OSREL" --change-section-vma .osrel=0x20000 \
--add-section .cmdline="$CMDLINE" --change-section-vma .cmdline=0x30000 \
--add-section .linux="$KERNEL" --change-section-vma .linux=0x40000 \
--add-section .initrd="$INITRD" --change-section-vma .initrd=0x3000000 \
"$EFISTUB" "$DESTINATION"Sometimes I just get a warning (the presence of the warning depends on which kernel I do it to):
Warning: Ignoring section flag IMAGE_SCN_MEM_NOT_PAGED in section .bssbut the resulting kernel is always unbootable.
I try to boot it with QEMU like this:
qemu-system-x86_64 -bios /usr/share/ovmf/x64/OVMF_CODE.fd -enable-kvm -cpu host -kernel testkernel.bin... And it just doesn't boot, while other kernels that I have built as EFI stubs without any modifications after the build boot just fine like that.
Can anyone please explain what am I missing?
Last edited by blochl (2018-10-24 12:50:53)
Offline
I don't think you can use -bios and -kernel in qemu, at least -bios seems superfluous
make a boot entry for your image with efibootmgr, something like
sudo efibootmgr -c -l /EFI/Secure/secure-boot-linux.efi -L 'SecureBoot linux' -v -d /dev/nvme0n1
Offline
I don't think you can use -bios and -kernel in qemu, at least -bios seems superfluous
make a boot entry for your image with efibootmgr, something like
sudo efibootmgr -c -l /EFI/Secure/secure-boot-linux.efi -L 'SecureBoot linux' -v -d /dev/nvme0n1
I use '-bios' in order to boot with TianoCore UEFI (otherwise it will be legacy BIOS). Also, kernels without all this 'objcopy ...' procedure that are compiled as EFI stubs and have initramfs compiled-in boot fine with this exact command.
But anyway, I can't make a boot entry, because my entire purpose is to make the kernel completely standalone, so it will boot into its embedded init[rootfs/rd] on a bare metal machine with nothing else besides the kernel binary itself. I can achieve this already with initramfs compiled-in, but then I can not modify the initramfs without recompilation. That's why this 'objcopy ...' method looks so appealing to me - here you can modify the (externally linked) initramfs freely.
Offline
Alright, marking this as solved, because I've realized that this problem is unsolvable:
* The externally linked section is good only for systemd-boot, and I can't use this, because I want my kernel to be bootable in legacy mode as well as in UEFI, but systemd-boot "EFI Unified Kernel Images" are working only with UEFI boot.
* Re-linking the initramfs inside the kernel is impossible to do in a reliable way: first of all, a lot of work needs to be done to re-link the binary, and even when done and automated, there is no guarantee that it will work on another version of the kernel, or even on the same version that was compiled with a different config.
Therefore I'm going for the really messy solution of recompiling the kernel each time I want to change the initramfs. It's very messy and not elegant, but it's the only way to get what I want in a reliable manner.
I'm amazed of the asymmetry - how easy it is to extract the built-in initramfs, and how difficult it is to insert a new one in its place!
Offline
When you run the VM with the -kernel option, qemu reads and starts the kernel directly and doesn't go through the EFI firmware. So it doesn't run the stub and won't put the initramfs in memory for the kernel to find.
But if you put that file as /EFI/BOOT/BOOTX64.EFI on an EFI System partition on a GPT partitioned disk it should work.
Offline