Oh, I made a (or, at least one) mistake. The root= parameter *is* a standard kernel parameter that the kernel can interpret, but it is overridden by the initrd option from grub/lilo. So, if you don't use initrd, root= is the way to tell the kernel which device contains your root filesystem is located. But with initrd you can call it root=, real_root=, my_root=, whatever, as long as your initrd script(s) know what to look for.
It's been awhile since I could boot without an initrd, so I forgot how that works. -Richard Richard Fish wrote: >>Richard Fish <[EMAIL PROTECTED]> writes: >> >> >> >>>>carcharias root # cat /boot/grub/grub.conf >>>>default 0 >>>>timeout 5 >>>>splashimage=(hd0,0)/grub/splash.xpm.gz >>>> >>>>title Linux >>>> kernel (hd0,0)/vmlinuz-2.6 root=/dev/sys/root >>>>video=radeonfb:[EMAIL PROTECTED] noapic quiet >>>> initrd (hd0,0)/initrd-2.6 >>>> >>>>title Safe >>>> kernel (hd0,0)/vmlinuz-safe root=/dev/system/root >>>>video=radeonfb:[EMAIL PROTECTED] noapic 1 >>>> initrd (hd0,0)/initrd-safe >>>> >>>> >>As an aside [ I don't want to change thread subject here ] >> I don't understand what your setup is doing or what some of the >> appended stuff is. >> >> >> > >Well, my setup is pretty custom (that's why I love Gentoo!). But it >might be educational for the curious or new users... > >So, I will explain what happens on my system from grub-to-init. Since >my system uses software RAID0, loop-AES encryption (including the root >filesystem), swsusp2, and possibly boot-splash, it is fairly complex. >Most setups will be far simpler, but maybe this will give you some ideas >for customizing your startup > >First for 'title Linux'. The 'noapic' and 'quiet' options are standard >kernel options (see Documentation/kernel-parameters.txt in the kernel >sources). I require noapic for software suspend to work correctly, and >quiet because I don't need to see all of the kernel verbosity during >boot. The video option you can probably guess...it is for setting up >the framebuffer on my Mobility Radeon 9700. > >The root= option is the equivalent of your 'real_root' option. It is >interpreted by the initrd scripts, and ignored by the kernel. I use >LVM, so I have a volume group named 'sys' with a logical volume named >'root', hence the device path /dev/sys/root. I also have /dev/sys/home, >/dev/sys/tmp, /dev/sys/var, /dev/sys/swap, /dev/external/backups, etc. > >The 'title Safe' group is essentially the same, just using a backup (and >hopefully working!) copy of my kernel and initrd. Since it is 'Safe' >mode, I want as much verbosity as possible, so no 'quiet' option here. >Oh, I just noticed that I still have my old volume group name 'system' >there...oops. It doesn't matter though...keep reading. > >Like any linux system, the kernel boots and any device drivers built >into the kernel get initialized and start controlling their hardware. >All of the drivers I need to boot are built into my kernel, except for >the loop-AES encryption module. When you use an initrd, the kernel >extracts that to ram, mounts it (hopefully, assuming your didn't compile >your initrd filesystem driver as a module!) and executes /linuxrc >there. Although it could be a binary, it is almost always a shell >script, so the shell and any required libraries must be present in the >initrd. > >My system using software raid0 on partitions /dev/hda2 and /dev/hdd2, >which have type 'fd' (Linux Raid autodetect) and persistent superblocks, >so the kernel finds and starts my RAID setup automatically. > >This is where things get complex. On top of the RAID0 array, I use >loop-AES for encryption. (/dev/loop/0). THAT in turn is my physical >volume for the LVM setup. The problem with this is that the memory used >by my initrd is *never* freed by the system, because two device nodes >(/dev/md0, /dev/loop/0) get locked by the initrd sequence. So I have >stripped my initrd down as much as reasonably possible, and it now fits >in 2M of memory (with 1G of ram, I don't miss the 2M...really. ;->) >Note that 2M is the uncompressed size. > >To do this, I moved most of the programs and libraries that would >normally reside in initrd to /boot, and use /boot as a miniature root >filesystem to get the encryption and LVM drivers up and running. > >So, the /linuxrc script in my initrd is very short, it basically just >mounts /proc, /sys, and /boot and punts to /boot/linuxrc. I added some >comments for this message: > >---------------------------------------------------------------------- >carcharias root # cat /initrd/linuxrc >#!/bin/ash ># Using ash to make initrd a bit smaller, since ># this memory will never be freed due to the loop-AES ># setup. >export PATH=/bin:/boot/bin >export LD_LIBRARY_PATH=/boot/lib > ># must have these to do anything with the system >mount -n -t proc /proc /proc >mount -n -t sysfs /sys /sys > ># mount mini-root (/boot) read-only. There is a chance ># of corrupting the filesystem when we resume from a ># suspend cycle if it is mounted read-write, so better ># to be safe. >mount -n -t xfs /dev/hda1 -o ro /boot > ># Punt... >/boot/linuxrc /dev/sys/root > >---------------------------------------------------------------------- >Notice that /boot/linuxrc is given the name of the real root device, in >this case hard-coded to /dev/sys/root. The root= parameter on my kernel >command line is completely ignored. > >The /boot/linuxrc script is fairly long, but in the interests of >education, I have included it and added some comments > >---------------------------------------------------------------------- >carcharias root # cat /boot/linuxrc >#!/boot/bin/bash > >rootdev="$1" # root device passed on command line > ># uname -r looks up the current kernel version. I have a build script ># so that every time I rebuild the kernel, I also rebuild the loop-AES ># module and copy it to the correct location under /boot ># The lo_prealloc option adds some buffering for the loop/0 device. >insmod /boot/lib/modules/`uname -r`/block/loop.ko lo_prealloc=128,0,256 > ># I switch back and forth between boot-splash and radeonfb. Boot-splash ># only works with the vesafb driver, but the radeonfb driver is faster ># and gives me a higher resolution. ># This next section determines whether bootsplash is being used or not, ># because I need a text window for the password prompt below >silentmode="" >if test -f /proc/splash; then > grep ", silent" < /proc/splash >/dev/null > test $? -eq 0 && silentmode="silent" >fi > ># If bootsplash is used in silent mode, put it into ># verbose mode to get a text prompt >test -n "$silentmode" && echo "verbose" >/proc/splash > >clear # clears the display... > ># A nice, polite banner... ># No contact info...I don't need the person who steals my laptop to call ># me for the password. >echo >"**********************************************************************" >echo "*** This computer is the private property of Richard Fish >***" >echo >"**********************************************************************" >echo "" > >loopdone=0 >while test $loopdone -ne 1; do > # and a password prompt. I could have losetup/gpg ask for the >password directly, > # but one configuration I used had /dev/hda2 and /dev/hdd2 as >separate loop > # volumes, that were then LVM physical volumes and stiped by LVM. >So to avoid > # having to enter my password twice on bootup, I decided to have the >script read > # the password, then I found that I liked this setup better. > read -s -p "Password: " passwd > echo "" # so that any errors appear in 1st column > > # ...um...man gpg. > echo "$passwd" | gpg --quiet --batch --homedir=/ \ > --no-tty --passphrase-fd 0 -d /boot/systemkey.gpg 2>/dev/null \ > | losetup -p0 -e AES128 /dev/loop0 /dev/md0 >/dev/null 2>&1 > > # Note that my losetup command is patched by the loop-AES distribution. > # Normal losetup doesn't have the -p or -e options. > > loopdone=1 # optimistic... > > # test that loop is setup > losetup -a | grep "/dev/md0" >/dev/null > test $? -ne 0 && loopdone=0 > > if test $loopdone -eq 0; then > # cleanup for next attempt > losetup -d /dev/loop0 >/dev/null 2>&1 > > echo >"**********************************************************************" > echo "*** ENCRYPTION SETUP FAILED...INVALID >PASSWORD? ***" > echo >"**********************************************************************" > echo "" > fi >done > ># Now to restore the nice bootsplash screen, if any >test -n "$silentmode" && echo "silent" >/proc/splash > ># From here, things get normal...scan for LVM volumes, ># activate them, etc etc. >echo "Scanning logical volumes" >vgscan > >echo "Activating logical volumes" >vgchange -a y sys > ># My swap is on an LVM volume that is encrypted with loop-AES, ># so suspending does not leak any keys to unencrypted parts of ># the disk. But that means I have to setup the suspend ># device manually, which is what I do here. >if test -f /proc/software_suspend/resume2; then ># With LVM, /dev/sys/swap is really a symbolic link to /dev/mapper/sys-swap. ># But I can never remember if test -b works with symbolic links or not, so ># I use the real block device node below. > if test -b /dev/mapper/sys-swap; then > devnum=`stat -L --format="0x%.2t%.2T" /dev/mapper/sys-swap` > printf "0x%x\n" "$devnum" >/proc/software_suspend/resume2 > else > printf "CANNOT SET SWSUSP RESUME DEVICE:" > printf "missing /dev/mapper/sys-swap\n" > fi >fi > ># Here is where the kernel gets notified about the ># real root device. >devnum=`stat -L --format="0x%.2t%.2T" $rootdev` >devnum=`printf "%d" "$devnum"` > >echo "$devnum" >/proc/sys/kernel/real-root-dev > >---------------------------------------------------------------------- >>From here, the system returns back to the /linuxrc script in the initrd, >which has just two things left to do: unmount /boot and tell swsusp2 >that it should try to resume now. If there is no resume image in swap, >the script just keeps executing > >---------------------------------------------------------------------- >umount /boot > >if test -f /proc/software_suspend/do_resume; then > echo > /proc/software_suspend/do_resume >fi > >umount /sys >umount /proc >---------------------------------------------------------------------- > >That's it. Assuming we didn't resume, the kernel next mounts the root >filesystem, runs /sbin/init, and the system boots normally. > >There are a few things that I will fix up when I get around to them. >The /boot/linuxrc should really look at the kernel command line for the >root volume, so I could theoretically change it at boot time. I could >also add a parameter for which /boot/linuxrc script to run, so I could >have /boot/linuxrc-safe, for example. > >Comments and questions are welcome. > >-Richard > > > > -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
