Re: Producing verifiable initramfs images

To: Matthew Garrett <mjg59@google.com>
Cc: debian-devel@lists.debian.org, debian-kernel@lists.debian.org, initramfs@vger.kernel.org
Subject: Re: Producing verifiable initramfs images
From: Sam Hartman <hartmans@debian.org>
Date: Wed, 05 Feb 2020 20:53:21 -0500
Message-id: <[🔎] tslzhdwh46m.fsf@suchdamage.org>
In-reply-to: <[🔎] CACdnJutwsCPERLR=tF65O=2tCgf+BHbWmsC6bpVrhwyOXcKCxA@mail.gmail.com> (Matthew Garrett's message of "Wed, 5 Feb 2020 16:37:39 -0800")
References: <[🔎] CACdnJutwsCPERLR=tF65O=2tCgf+BHbWmsC6bpVrhwyOXcKCxA@mail.gmail.com>

This is not a disagreement with anything you write.

I've noticed that there is a lot more configuration that gets encoded in
the initramfs than I thought.
The most surprising for me is that if you want to control the names of
network devices or anything else set by the .link file,
that ends up needing to go on the initramfs, because udevd will set up
network devices even if they are not needed to find the root.
Unfortunately, that means that initramfs udev configuration (including
/etc/systemd/network/*.link) tends to need to be on the initramfs.

I realize you only gave crypttab as an example, but the set of initramfs
configuration is larger than I at least expected.

--Sam

Reply to:

References:
- Producing verifiable initramfs images
  - From: Matthew Garrett <mjg59@google.com>

Prev by Date: packages that are touching /srv?
Next by Date: Re: Heads up: persistent journal has been enabled in systemd
Previous by thread: Producing verifiable initramfs images
Next by thread: Re: Producing verifiable initramfs images
Index(es):
- Date
- Thread