1

In debian-like distros, initramfs-tools is used to automatically generate ramdisk. I only find options to add extra modules via initramfs.conf or /etc/initramfs-tools/modules. But how can I blacklist some modules? I definitely do not want to use list in initramfs.conf which is an allowlist.

In fedora, there is configuration file that I can put something like omit_drivers+=driver-a driver-b in dracut configuration to avoid some modules. Then I do not need to rebuild the ramdisk after kernel/driver update. How can I do the same in debian/ubuntu?

has been answered here: https://askubuntu.com/a/1433196/862165 there is no simple option to do so with initramfs-tools, one have to use hook script to delete them. And, we can actually use dracut instead in debian-like distro, though it breaks a lot of meta packages.

Improve this question
2
  • so there is no way to do this in ubuntu or debian? Commented Jul 24, 2022 at 16:39
  • how can I close my own question? Since no one answered here. I posted also on askubuntu and get a good answer. askubuntu.com/a/1433196/862165 Commented Oct 26, 2022 at 19:10

1 Answer 1

Reset to default
-1

basically in order to prevent kernel modules loading during boot, the module name must be added to a configuration file for the "modprobe" utility (for preventing the initrd to load module in aka initramfs ramdisk follow the same steps as i'ts the representation of the local state of file system you run on):

a) ensure the module is not configured to get loaded in either /etc/modprobe.conf, /etc/modprobe.d/, /etc/rc.modules, or /etc/sysconfig/modules/ before making bellow modifications

b) unload module$ modprobe -r module_name

c) blacklist module (this alone will not prevent a module being loaded if it is a required or an optional dependency of another module as some kernel modules will attempt to load optional modules on demand, which we mitigate in next step) $ echo "blacklist module_name" >> /etc/modprobe.d/local-dontload.conf

d) add install line which simply causes /bin/false to be run instead of installing a module (the same can be achieved by using /bin/true) $ echo "install module_name /bin/false" >> /etc/modprobe.d/local-dontload.conf

e) backup current initramfs (may need adjust used paths/naming) $ ORGIRD=/boot/initrd.img-$(uname -r); TOD="$(date +%m-%d-%H%M%S).bakup"; BKPIRD=${ORGIRD}.${TOD}; [[ -f "${ORGIRD}" ]] && { echo "backuping initrd ${ORGIRD} to ${BKPIRD}"; cp ${ORGIRD} ${BKPIRD}; } || { echo "skipping backup no initrd found ${ORGIRD}"; }

f) if the kernel module is part of the initramfs (use lsinitrd ${ORGIRD} | grep module-name.ko to verify), and you are using direct call to dracut to rebuild it (initial ramdisk image), call it with param omitting the module$ dracut --omit-drivers module_name -f

g) make module exclusion persistent for dracut (by add to dracut config) `$ MODNAME="module_name"; echo "omit_dracutmodules+=" $MODNAME "" >> /etc/dracut.conf.d/omit-$MODNAME.conf

h) if using dracut-install with initramfs-tools instead dracut to generate initrd ramdisk call update-initramfs -k $(uname -r) -u

h) if using grub add module_name.blacklist=1 rd.driver.blacklist=module_nameto GRUB_CMDLINE_LINUX_DEFAULT | GRUB_CMDLINE_LINUX line in /etc/default/grub

i) call update-grub to write changes to grub config allowing boot using newly generated ramdisk

ps.

by omit the dracut modules in the initramfs creation process (either by do some setup in config related to initramfs-tools or self deletion the modules at the stage before ramdisk is compressed/finished or after by repacking), you would lose the possibility to turn it on on demand (so better just blacklist and install fake for modprobe - then always you can load it by yourself)

some basics and key terms that need to be understand

Purpose of initrd/initramfs:

  1. Speed and Flexibility: The primary role of initrd or initramfs is not necessarily to speed up kernel loading but to provide a temporary root filesystem in RAM. This enables essential drivers (e.g., for filesystems, disk controllers) to be loaded and initialized early in the boot process.
  2. Pre-init Setup: The kernel requires a basic environment before it can mount the real root filesystem. This is where initrd/initramfs comes in — it provides the necessary environment, often including necessary kernel modules, device drivers, and a basic init script (/init) that can do things like mount the real root filesystem.
  3. Transition to Local Filesystem: Once the necessary drivers are loaded (e.g., to access the storage device), initrd/initramfs will typically mount the real root filesystem and hand control to the real /init, which continues the boot process.

initrd vs. initramfs:

initrd (Initial Ramdisk): Traditionally, initrd is a block device that is loaded into RAM and contains a compressed filesystem (often ext2) with tools and scripts needed to prepare the system (e.g., loading kernel modules, detecting the root filesystem, etc.). It's typically used with an init script that handles these tasks and then mounts the real root filesystem.

initramfs (Initial RAM Filesystem): More modern, initramfs is an archive (usually cpio format) that is extracted directly into RAM. It's typically more flexible and dynamic than initrd, and it doesn't require a block device or specific filesystem type. It also contains an /init script that is executed early in the boot process.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.