mkinitrd - creates initial ramdisk images for preloading modules
mkinitrd [--version] [-v] [-f]
mkinitrd creates an initial image used by the kernel for preloading the block device modules (such as IDE, SCSI or RAID) which are needed to access the root filesystem. mkinitrd automatically loads filesystem modules (such as ext3 and jbd), IDE modules, all scsi_hostadapter entries in /etc/modprobe.conf, and raid modules if the systems root partition is on raid, which makes it simple to build and use kernels using modular device drivers.
Any module options specified in /etc/modprobe.conf are passed to the modules as they are loaded by the initial ramdisk.
The root filesystem used by the kernel is specified in the boot configuration file, as always. The traditional root=/dev/hda1 style device specification is allowed. If a label is used, as in root=LABEL=rootPart the initrd will search all available devices for an ext2 or ext3 filesystem with the appropriate label, and mount that device as the root filesystem.
mkinitrd will add a number of checks to the created initrd if the system is running in fips mode. First the kernel gets integrity checked by running "sha512hmac -c /boot/.vmlinuz-kernel-version.hmac" from the initrd. Then all the crypto algorithm modules get loaded using the embedded signature to integrity check them, and last the tcrypt module gets loaded which runs self tests on all approved crypto algorithms. You can force mkinitrd to add these checks to a created initrd with the --with-fips commandline option.
There are a number of limitations to mkinitrds fips support:
/boot Must be on a separate partition /boot Must not be on nfs, dmraid or mdraid
--builtin=module Act as if module is built into the kernel being used. mkinitrd will not look for this module, and will not emit an error if it does not exist. This option may be used multiple times.
-f Allows mkinitrd to overwrite an existing image file.
--fstab=fstab Use fstab to automatically determine what type of filesystem the root device is on. Normally, /etc/fstab is used.
--image-version The kernel version number is appended to the initrd image path before the image is created.
--nocompress Normally the created initrd image is compressed with gzip. If this option is specified, the compression is skipped.
--nopivot Do not use the pivot_root system call as part of the initrd. This lets mkinitrd build proper images for Linux 2.2 kernels at the expense of some features. In particular, some filesystems (such as ext3) will not work properly and filesystem options will not be used to mount root. This option is not recommended, and will be removed in future versions.
--omit-lvm-modules Do not load any lvm modules, even if /etc/fstab expects them.
--omit-raid-modules Do not load any raid modules, even if /etc/fstab and /etc/raidtab expect them.
--omit-scsi-modules Do not load any scsi modules, including scsi_mod and sd_mod modules, even if they are present. If the root partition is on a scsi device, mkinitrd will still include the necessary scsi modules to support that device.
--preload=module Load the module module in the initial ramdisk image. The module gets loaded before any SCSI modules which are specified in /etc/modprobe.conf. This option may be used as many times as necessary.
-v Prints out verbose information while creating the image (normally the mkinitrd runs silently).
--version Prints the version of mkinitrd thats being used and then exits.
--with=module Load the modules module in the initial ramdisk image. The module gets loaded after any SCSI modules which are specified in /etc/modprobe.conf. This option may be used as many times as necessary.
---with-fips Force adding kernel integrity checking to the created initrd.
/dev/loop* A block loopback device is used to create the image, which makes this script useless on systems without block loopback support available (only used on kernels < 2.6)
/etc/modprobe.conf Specifies SCSI modules to be loaded and module options to be used.
/etc/modules.conf Specifies SCSI modules to be loaded and module options to be used. (only used on kernels < 2.6)
|MKINITRD (8)||Tue Aug 10 2004|