iwd in initramfs

dawg_migga_bro · 2025-07-17 21:51:34

Hi all,

I’ve been trying to set up my Arch Linux server to unlock the root and swap partitions (both encrypted via LUKS) via SSH during early userspace using sd-tinyssh. However, the system is connected to the network via Wi-Fi only, and I’ve been attempting to get iwd working in the initramfs so the network comes up before the encryption prompt.
However, despite many attempts, including writing custom mkinitcpio hooks and following various guides by various different AI models and also snippets I found googling, I haven’t been able to get iwd to bring up the wireless connection in early userspace. I am using systemd in initramfs (no busybox) and mkinitcpio-systemd-extras (not the deprecated mkinitcpio-systemd-tool). Based on journalctl output, I can see that the hardware wireless adaptor drivers, iwlwifi + iwlmvm, are working correctly and the wlan0 is up (just not connected to any wireless network).

Has anyone successfully used iwd in initramfs (via mkinitcpio) with systemd to bring up Wi-Fi before LUKS unlock?
Any help would be appreciated.

EDIT:
I can connect to my wifi network with no problems, using iwd, once I am logged in my normal userpace, having unlocked the LUKS-encrypted partitions. IWD connects automatically because of the PSK file whose content I share below.
Below are some relevant outputs. "archlinux" is the hostname of my machine in the early userspace before unlocking the encrypted partitions. Once I unlock the hostname changes to what I have set it up.

Jul 17 17:20:33 archlinux kernel: e820: remove [mem 0xff000000-0xffffffff] reserved
Jul 17 17:20:33 archlinux kernel: SMBIOS 3.3.0 present.
Jul 17 17:20:33 archlinux kernel: DMI: ASUS System Product Name/TUF GAMING X570-PRO (WI-FI), BIOS 5031 01/13/2025
Jul 17 17:20:33 archlinux kernel: DMI: Memory slots populated: 2/4
Jul 17 17:20:33 archlinux kernel: tsc: Fast TSC calibration using PIT
--
Jul 17 17:20:33 archlinux kernel: pci 0000:03:00.0: 31.504 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x4 link at 0000:00:01.2 (capable of 63.012 Gb/s with 16.0 GT/s PCIe x4 link)
Jul 17 17:20:33 archlinux kernel: pci 0000:02:01.0: PCI bridge to [bus 03]
Jul 17 17:20:33 archlinux kernel: pci 0000:04:00.0: [8086:2723] type 00 class 0x028000 PCIe Endpoint
Jul 17 17:20:33 archlinux kernel: pci 0000:04:00.0: BAR 0 [mem 0xfc900000-0xfc903fff 64bit]
Jul 17 17:20:33 archlinux kernel: pci 0000:04:00.0: PME# supported from D0 D3hot D3cold
Jul 17 17:20:33 archlinux kernel: pci 0000:02:04.0: PCI bridge to [bus 04]
Jul 17 17:20:33 archlinux kernel: pci 0000:05:00.0: [8086:15f3] type 00 class 0x020000 PCIe Endpoint
--
Jul 17 17:20:33 archlinux kernel: pci 0000:02:0a.0: Adding to iommu group 14
Jul 17 17:20:33 archlinux kernel: pci 0000:03:00.0: Adding to iommu group 15
Jul 17 17:20:33 archlinux kernel: pci 0000:04:00.0: Adding to iommu group 16
Jul 17 17:20:33 archlinux kernel: pci 0000:05:00.0: Adding to iommu group 17
Jul 17 17:20:33 archlinux kernel: pci 0000:06:00.0: Adding to iommu group 12
--
Jul 17 17:20:33 archlinux kernel: hub 3-3:1.0: USB hub found
Jul 17 17:20:33 archlinux kernel: hub 3-3:1.0: 6 ports detected
Jul 17 17:20:33 archlinux kernel: Intel(R) Wireless WiFi driver for Linux
Jul 17 17:20:33 archlinux kernel: iwlwifi 0000:04:00.0: enabling device (0000 -> 0002)
Jul 17 17:20:33 archlinux systemd-journald[204]: Journal started
Jul 17 17:20:33 archlinux systemd-journald[204]: Runtime Journal (/run/log/journal/26da34e406ad44dd94b883d0ecd54813) is 8M, max 1.2G, 1.2G free.
--
Jul 17 17:20:33 archlinux systemd-networkd[223]: sysctl monitor disabled, as BPF support is not available.
Jul 17 17:20:33 archlinux systemd[1]: Started Journal Service.
Jul 17 17:20:33 archlinux kernel: iwlwifi 0000:04:00.0: Detected crf-id 0x3617, cnv-id 0x100530 wfpm id 0x80000000
Jul 17 17:20:33 archlinux kernel: iwlwifi 0000:04:00.0: PCI dev 2723/0084, rev=0x340, rfid=0x10a100
Jul 17 17:20:33 archlinux kernel: iwlwifi 0000:04:00.0: Detected Intel(R) Wi-Fi 6 AX200 160MHz
Jul 17 17:20:33 archlinux systemd-modules-load[205]: Inserted module 'iwlwifi'
Jul 17 17:20:33 archlinux kernel: iwlwifi 0000:04:00.0: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37
Jul 17 17:20:33 archlinux kernel: iwlwifi 0000:04:00.0: loaded firmware version 77.864baa2e.0 cc-a0-77.ucode op_mode iwlmvm
Jul 17 17:20:33 archlinux kernel: pps_core: LinuxPPS API ver. 1 registered
Jul 17 17:20:33 archlinux kernel: pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
--
Jul 17 17:20:34 archlinux kernel: nvme nvme0: 16/0/0 default/read/poll queues
Jul 17 17:20:34 archlinux kernel:  nvme0n1: p1 p2 p3
Jul 17 17:20:34 archlinux kernel: iwlwifi 0000:04:00.0: Detected RF HR B3, rfid=0x10a100
Jul 17 17:20:34 archlinux systemd[1]: Condition check resulted in GIGABYTE G440E250G primary being skipped.
Jul 17 17:20:34 archlinux systemd[1]: Condition check resulted in GIGABYTE G440E250G primary being skipped.
--
Jul 17 17:20:34 archlinux systemd[1]: Created slice Slice /system/systemd-cryptsetup.
Jul 17 17:20:34 archlinux systemd[1]: Starting Cryptography Setup for root...
Jul 17 17:20:34 archlinux kernel: iwlwifi 0000:04:00.0: base HW address: 84:1b:77:09:4c:0a
Jul 17 17:20:34 archlinux kernel: igc 0000:05:00.0: 4.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x1 link)
Jul 17 17:20:34 archlinux kernel: igc 0000:05:00.0 eth0: MAC: f0:2f:74:dc:8f:4b
Jul 17 17:20:34 archlinux systemd-modules-load[205]: Inserted module 'iwlmvm'
Jul 17 17:20:34 archlinux systemd[1]: Finished Load Kernel Modules.
Jul 17 17:20:34 archlinux systemd[1]: Reached target System Initialization.
Jul 17 17:20:34 archlinux systemd[1]: Reached target Basic System.
Jul 17 17:20:34 archlinux systemd-networkd[223]: wlan0: Found matching .network file, based on potentially unpredictable interface name: /etc/systemd/network/25-wireless.network
Jul 17 17:20:34 archlinux systemd-networkd[223]: wlan0: Configuring with /etc/systemd/network/25-wireless.network.
Jul 17 17:20:34 archlinux kernel: tsc: Refined TSC clocksource calibration: 3792.875 MHz
Jul 17 17:20:34 archlinux kernel: clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x6d581b92771, max_idle_ns: 881590605997 ns
--
Jul 17 17:20:35 archlinux kernel: hid-generic 0003:0B05:1939.0001: hiddev96,hidraw0: USB HID v1.11 Device [AsusTek Computer Inc. AURA LED Controller] on usb-0000:06:00.3-4/input2
Jul 17 17:20:35 archlinux kernel: input: Dell KB216 Wired Keyboard as /devices/pci0000:00/0000:00:01.2/0000:01:00.0/0000:02:08.0/0000:06:00.3/usb3/3-3/3-3.1/3-3.1:1.0/0003:413C:2113.0002/input/input2
Jul 17 17:20:35 archlinux systemd-networkd[223]: wlan0: Link UP
Jul 17 17:20:35 archlinux kernel: iwlwifi 0000:04:00.0: Registered PHC clock: iwlwifi-PTP, with index: 1
Jul 17 17:20:35 archlinux kernel: Console: switching to colour dummy device 80x25
Jul 17 17:20:35 archlinux kernel: amdgpu 0000:09:00.0: vgaarb: deactivate vga console
--
Jul 17 17:20:37 archlinux kernel: usb 3-3.3: New USB device found, idVendor=046d, idProduct=c542, bcdDevice= 3.02
Jul 17 17:20:37 archlinux kernel: usb 3-3.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jul 17 17:20:37 archlinux kernel: usb 3-3.3: Product: Wireless Receiver
Jul 17 17:20:37 archlinux kernel: usb 3-3.3: Manufacturer: Logitech
Jul 17 17:20:37 archlinux kernel: input: Logitech Wireless Receiver Mouse as /devices/pci0000:00/0000:00:01.2/0000:01:00.0/0000:02:08.0/0000:06:00.3/usb3/3-3/3-3.3/3-3.3:1.0/0003:046D:C542.0004/input/input5
Jul 17 17:20:37 archlinux kernel: hid-generic 0003:046D:C542.0004: input,hidraw3: USB HID v1.11 Mouse [Logitech Wireless Receiver] on usb-0000:06:00.3-3.3/input0
Jul 17 17:20:37 archlinux kernel: usb 3-3.5: new high-speed USB device number 7 using xhci_hcd
Jul 17 17:20:37 archlinux kernel: usb 3-3.5: New USB device found, idVendor=0bda, idProduct=54bb, bcdDevice= 1.01

cat /etc/systemd/network/25-wireless.network

[Match]
Name=wl*

[Network]
DHCP=yes
IgnoreCarrierLoss=3s
DNS=8.8.8.8

sudo cat /etc/iwd/NAME_OF_MY_WIFI_NETWORK_5G.psk

[Security]
PreSharedKey=MY_WIFI_NETWORK_PRESHARED_KEY
Passphrase=MY_WIFI_NETWORK_PASSWORD
SAE-PT-Group19=SOME_LETTERS_AND_NUMBERS
SAE-PT-Group20=MORE_LETTERS_AND_NUMBERS

[Settings]
AutoConnect=true

sudo cat /var/lib/iwd/NAME_OF_MY_WIFI_NETWORK_5G.psk (it is the same as the previous PSK file)

[Security]
PreSharedKey=MY_WIFI_NETWORK_PRESHARED_KEY
Passphrase=MY_WIFI_NETWORK_PASSWORD
SAE-PT-Group19=SOME_LETTERS_AND_NUMBERS
SAE-PT-Group20=MORE_LETTERS_AND_NUMBERS

[Settings]
AutoConnect=true

Last edited by dawg_migga_bro (2025-07-18 06:48:05)

seth · 2025-07-18 05:16:30

many attempts, including writing custom mkinitcpio hooks and following various guides by various different AI models and also snippets … I can see that

Please don't paraphrase, https://bbs.archlinux.org/viewtopic.php?id=57855

https://wiki.archlinux.org/title/Iwd#Usage
https://wiki.archlinux.org/title/Iwd#En … figuration (otherwise you'll have a carrier but no lease)
Post what's there and some diagnostics (iwctl calls from the initramfs for the known networks and scan results etc)

dawg_migga_bro · 2025-07-18 06:48:50

I edited my original post having added the logs and some other outputs.

seth · 2025-07-18 07:58:22

Below are some relevant outputs.

I guess trace of iwd/iwctl would be irrelevant since they don't show up in the "relevant" output at all.
There systemd-networkd, but no iwd and systemd-networkd needs something (iwd or wpa_supplicant) to provide it with a wifi cable.

=> What have you *actually* setup in order to invoke iwd?
How did you *actually* add iwd to the initramfs?
What iwd/iwctl commands do you *actually* run in the initramfs to indicate that "its does nots works"?

Files on the root partition and nice, but you also don't have a problem there…

dawg_migga_bro · 2025-07-18 21:13:53

I don't have a shell access while in initramfs. I just have a prompt to unlock the encrypted partitions and that's it. Only when I am logged in can I investigate, using journalctl, what has happened while in initramfs. So, in this situation I don't know how I would run any iwd command in the early userspace.

Here's a relevant content from my mkinitcpio.conf file:

MODULES=(iwlwifi iwlmvm)
BINARIES=(/usr/lib/iwd/iwd)
FILES=(
  /etc/iwd/NAME_OF_MY_WIFI_NETWORK_5G.psk
  /etc/systemd/network/25-wireless.network
  )
HOOKS=(base systemd autodetect modconf block sd-vconsole sd-network sd-encrypt sd-tinyssh filesystems keyboard fsck)

I tried to set up iwd hook.I created the following custom files:
/etc/initcpio/hooks/iwd

#!/bin/bash
run_hook() {
    echo ">>> [iwd hook] Starting iwd manually..."
    /usr/lib/iwd/iwd --disable-autoscan &
    sleep 2
}

/etc/initcpio/install/iwd

#!/bin/bash
build() {
    add_binary "/usr/lib/iwd/iwd"
    add_file "/etc/iwd/NAME_OF_MY_WIFI_NETWORK_5G.psk"
    add_runscript
}

help() {
    echo "Hook to start iwd in initramfs."
}

I made sure both are executable and added iwd to the HOOKS array.

I confirmed with lsinitcpio that the modules, binaries and files I specified in mkinitcpio.conf are indeed present in the disk image.

I observed (using journalctl once logged in in normal userspace) that the iwlwifi and iwlmvm kernel modules load properly and initialize my AX200 device without errors. The wireless interface wlan0 is brought up, and systemd-networkd detects it. It matches it with my 25-wireless.network config file (confirmed by logs), and attempts to configure it using DHCP.
However, no IP address is acquired, and no Wi-Fi connection is actually established. The journal shows that the link is up, but there’s no DHCP lease and no mention of iwd running. I do not see any logs from iwd or iwctl, which suggests that although I placed the binary in the initramfs and included the hook, iwd is either not starting at all or is terminating silently.
Furthermore, since this test is occurring in early userspace before the root partition is unlocked, I can’t rely on any post-boot services or filesystem contents. I confirmed that the same .psk file works perfectly once the system has booted into the real root and IWD starts under my regular user session.

seth · 2025-07-19 13:29:08

So, in this situation I don't know how I would run any iwd command in the early userspace.

See eg. https://archlinux.org/packages/extra/an … o-netconf/ but basically what you did

I made sure both are executable and added iwd to the HOOKS array.

Here's a relevant content from my mkinitcpio.conf file:

Where?

I observed (using journalctl once logged in in normal userspace) that

">>> [iwd hook] Starting iwd manually..." ? Does that line show up?
but you want

msg -n ":: [iwd hook] Starting iwd manually..."

Arch Linux

#1 2025-07-17 21:51:34

iwd in initramfs

#2 2025-07-18 05:16:30

Re: iwd in initramfs

#3 2025-07-18 06:48:50

Re: iwd in initramfs

#4 2025-07-18 07:58:22

Re: iwd in initramfs

#5 2025-07-18 21:13:53

Re: iwd in initramfs

#6 2025-07-19 13:29:08

Re: iwd in initramfs

Board footer