Skip to content

rhboot/dracut-nmbl

2 Branches0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

marta-lewandowskamarta-lewandowska
Merge pull request #2 from rhboot/revert-1-makefile_changes
Mar 31, 2025
06ce58a · Mar 31, 2025

History

25 Commits
99grub2-emu-kexec
99grub2-emu-kexec
Aug 9, 2023
99grub2-emu-switchroot
99grub2-emu-switchroot
Aug 9, 2023
docs
docs
Aug 9, 2023
etc/dracut.conf.d
etc/dracut.conf.d
Aug 9, 2023
scripts
scripts
Aug 9, 2023
.gitignore
.gitignore
Aug 9, 2023
GPLv3
GPLv3
Aug 9, 2023
LICENSE
LICENSE
Aug 9, 2023
Makefile
Makefile
Mar 31, 2025
README.md
README.md
Aug 9, 2023
dracut-nmbl.spec.in
dracut-nmbl.spec.in
Aug 9, 2023
utils.mk
utils.mk
Mar 31, 2025

Repository files navigation

nmbl proof of concept

This is intended as a proof of concept for nmbl.

what's here so far

file description
99grub2-emu grub2-emu plugin for dracut
99grub2-emu/grub2-emu.service systemd service to run our grub menu
99grub2-emu/grub2-emu.target systemd target to run our services
99grub2-emu/grub2-mount-boot.sh helper to mount /boot inside the running initramfs
99grub2-emu/module-setup.sh dracut module setup program
etc/dracut-grub2.conf.d/grub2-emu.conf dracut configuration to use this plugin
etc/dracut.conf.d/grub2-emu.conf default dracut configuration to ignore this plugin
scripts/extract_initrd.sh simple (too simple) script to unpack an initramfs
scripts/generate_initrd.sh simple script to generate an initramfs
kernel patches/sig-bound-v2 kernel patch series to fix signature size rules

testing - work in progress - the easy way:

build the rpm:

make clean && make OS_DIST=.fc38 OS_VERSION=38 KVRA=6.2.9-300.fc38.x86_64 nmbl-6.2.9-300.fc38.x86_64.rpm

install that rpm on the machine

rpm -Uvh nmbl-6.2.9-300.fc38.x86_64.rpm

make a new efibootmgr entry

efibootmgr -q -b 0010 -B ;
echo -n "\nmbl-workstation.uki quiet boot=$(awk '/ \/boot / {print $1}' /etc/fstab) rd.systemd.gpt_auto=0" \
| iconv -f UTF8 -t UCS-2LE \
| efibootmgr -b 0010 -C -d /dev/vda -p 1 -L nmbl -l /EFI/fedora/shimx64.efi -@ - -n 0010

the old way that's basically the same thing

install fedora38

Use UEFI, with /boot on its own partition.

dnf install -y pesign mokutil keyutils rsync git emacs-nox dracut-network grub2-emu binutils systemd-ukify systemd-boot-unsigned systemd-networkd kexec-tools btrfs-progs lvm2

provision signing

efikeygen -d /etc/pki/pesign -S -k -c 'CN=Your Name Key' -n 'Custom Secureboot'
certutil -d /etc/pki/pesign -n 'Custom Secureboot' -Lr > sb_cert.cer
mokutil --import sb_cert.cer
reboot # and enroll key

build a custom kernel

(or skip and use http://ihatethathostname.lab.bos.redhat.com/~rharwood/nmbl/ )

  • apply kernel patches from repo dir
  • sign it with the key from above
    • I install it and then sign vmlinuz in place

load in this repo

mkdir /etc/dracut-grub2.conf.d/
rsync -avP --del 99grub2-emu/ /usr/lib/dracut/modules.d/99grub2-emu/
cp etc/dracut-grub2.conf.d/grub2-emu.conf /etc/dracut-grub2.conf.d/
cp etc/dracut.conf.d/grub2-emu.conf /etc/dracut.conf.d/

ukify

dracut --verbose --confdir /etc/dracut-grub2.conf.d/ --no-hostonly ./nmbl.uki 6.3.0-0.rc2.89f5349e0673.24.test.fc38.x86_64 --uefi --xz
pesign -s -c 'Custom Secureboot' -i nmbl.uki -o nmbl.uki.signed

install the uki

cp nmbl.uki.signed /boot/efi/EFI/fedora/nmbl.uki

make a new efibootmgr entry

efibootmgr -q -b 0010 -B ;
echo -n "\nmbl.uki quiet $(./scripts/guess_rootfs.sh) boot=$(awk '/ \/boot / {print $1}' /etc/fstab) rd.systemd.gpt_auto=0" \
| iconv -f UTF8 -t UCS-2LE \
| efibootmgr -b 0010 -C -d /dev/vda -p 1 -L nmbl -l /EFI/fedora/shimx64.efi -@ - -n 0010

About

dracut plugin for use in nmbl images

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

Languages