qubes-vm-kernel - dracut support inside App Qubes #8649

adrelanos · 2023-10-24T15:12:54Z

The problem you're addressing (if any)

Qubes inside VM kernel booting is broken when using dracut.

https://www.qubes-os.org/doc/managing-vm-kernels/#distribution-kernel

The solution you'd like

Add dracut support.

The value to a user, and who that user might be

Better security, because then security-misc's dracut module for nosuid, nodev, noexec could be used. (mount /tmp /var/tmp /dev/shm with nodev nosuid #5329) (Package security-misc from Whonix to Qubes #1885)
Perhaps faster booting.
Other dracut functionality, advantages.
Towards Create qrexec dracut module #1310

Additional information

This might actually be a bug report. Qubes VMs might already have dracut booting functionality. But I haven't found any documentation on this. This is implied because Qubes already has several dracut modules.

/usr/lib/dracut/modules.d/90qubes-vm
/usr/lib/dracut/modules.d/90qubes-vm-modules
/usr/lib/dracut/modules.d/90qubes-vm-simple

The text was updated successfully, but these errors were encountered:

adrelanos · 2023-10-24T15:27:00Z

Qubes OS release

R4.2

Brief summary

VM using Qubes VM kernel fails to boot

Steps to reproduce

Create a Kicksecure for Qubes Template.
Set up Qubes VM kernel as per https://www.qubes-os.org/doc/managing-vm-kernels/#distribution-kernel
Make sure it's bootable and working normally.
Inside the Template: sudo apt install --no-install-recommends dracut

Expected behavior

Functional boot.

Actual behavior

Broken boot.

Boot log

tail -f /var/log/xen/console/guest-kicksecure-bookworm.log

[user@dom0 ~]$ tail -n 0 -f /var/log/xen/console/guest-kicksecure-bookworm.log
[2023-10-24 11:21:33] Logfile Opened
[2023-10-24 11:21:33] .[30m.[47mWelcome to GRUB!
[2023-10-24 11:21:33] 
[2023-10-24 11:21:33] .[37m.[40m.[37m.[40m.[37m.[40m.[3;34H      [ grub-xen.cfg  424B  100%  18.82KiB/s ].[3;1Herror: no such device: /boot/xen/pvboot-x86_64.elf.
[2023-10-24 11:21:33] Reading (xen/xvda,gpt3/boot/grub/grub.cfg
[2023-10-24 11:21:33] .[H.[J.[1;1Herror: file `/boot/grub/fonts/unicode.pf2' not found.
[2023-10-24 11:21:33] error: no suitable video mode found.
[2023-10-24 11:21:33] error: no video mode activated.
[2023-10-24 11:21:33] .[4;34H      [ grub.cfg  24.01KiB  100%  61.26KiB/s ].[4;1H.[H.[J.[1;1H  Booting `Kicksecure GNU/Linux'
[2023-10-24 11:21:33] 
[2023-10-24 11:21:33] Loading Linux 6.1.0-13-amd64 ...
[2023-10-24 11:21:33] .[4;23H      [ vmlinuz-6.1.0-13-amd  7.76MiB  100%  10.24MiB/s ].[4;1HLoading initial ramdisk ...
[2023-10-24 11:21:35] .[5;23H      [ initrd.img-6.1.0-13-  68.97MiB  66%  29.33MiB/s ].[5;1H.[5;21H      [ initrd.img-6.1.0-13-  103.46MiB  100%  37.38MiB/s ].[5;1H[    0.000000] Linux version 6.1.0-13-amd64 ([email protected]) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29)
[2023-10-24 11:21:37] [    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0
[2023-10-24 11:21:37] [    0.000000] BIOS-provided physical RAM map:
[2023-10-24 11:21:37] [    0.000000] BIOS-e820: [mem 0x0000000000000000-0x00000000f9ffffff] usable
[2023-10-24 11:21:37] [    0.000000] BIOS-e820: [mem 0x00000000fc000000-0x00000000fc008fff] ACPI data
[2023-10-24 11:21:37] [    0.000000] BIOS-e820: [mem 0x00000000feff8000-0x00000000feffffff] reserved
[2023-10-24 11:21:37] [    0.000000] SMT: Force disabled
[2023-10-24 11:21:37] [    0.000000] NX (Execute Disable) protection: active
[2023-10-24 11:21:37] [    0.000000] DMI not present or invalid.
[2023-10-24 11:21:37] [    0.000000] Hypervisor detected: Xen HVM
[2023-10-24 11:21:37] [    0.000000] Xen version 4.17.
[2023-10-24 11:21:37] [    0.000000] platform_pci_unplug: Xen Platform PCI: unrecognised magic value
[2023-10-24 11:21:37] [    0.000003] HVMOP_pagetable_dying not supported
[2023-10-24 11:21:37] [    0.046142] tsc: Fast TSC calibration failed
[2023-10-24 11:21:37] [    0.046146] tsc: Detected 1896.423 MHz processor
[2023-10-24 11:21:37] [    0.046301] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
[2023-10-24 11:21:37] [    0.046308] e820: remove [mem 0x000a0000-0x000fffff] usable
[2023-10-24 11:21:37] [    0.046313] last_pfn = 0xfa000 max_arch_pfn = 0x400000000
[2023-10-24 11:21:37] [    0.046419] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
[2023-10-24 11:21:37] [    0.049722] Kernel/User page tables isolation: force enabled on command line.
[2023-10-24 11:21:37] [    0.049728] Using GB pages for direct mapping
[2023-10-24 11:21:37] [    0.050882] printk: log_buf_len: 1048576 bytes
[2023-10-24 11:21:37] [    0.050885] printk: early log buf free: 129032(98%)
[2023-10-24 11:21:37] [    0.050886] RAMDISK: [mem 0x2b101000-0x31877fff]
[2023-10-24 11:21:37] [    0.050895] ACPI: Early table checksum verification disabled
[2023-10-24 11:21:37] [    0.050901] ACPI: RSDP 0x00000000FC008000 000024 (v02 Xen   )
[2023-10-24 11:21:37] [    0.050904] ACPI: XSDT 0x00000000FC007F60 000034 (v01 Xen    HVM      00000000 HVML 00000000)
[2023-10-24 11:21:37] [    0.050909] ACPI: FACP 0x00000000FC007D60 00010C (v05 Xen    HVM      00000000 HVML 00000000)
[2023-10-24 11:21:37] [    0.050912] ACPI: DSDT 0x00000000FC001040 006C9B (v05 Xen    HVM      00000000 INTL 20220331)
[2023-10-24 11:21:37] [    0.050914] ACPI: FACS 0x00000000FC001000 000040
[2023-10-24 11:21:37] [    0.050916] ACPI: FACS 0x00000000FC001000 000040
[2023-10-24 11:21:37] [    0.050917] ACPI: APIC 0x00000000FC007E70 00003C (v02 Xen    HVM      00000000 HVML 00000000)
[2023-10-24 11:21:37] [    0.050918] ACPI: Reserving FACP table memory at [mem 0xfc007d60-0xfc007e6b]
[2023-10-24 11:21:37] [    0.050919] ACPI: Reserving DSDT table memory at [mem 0xfc001040-0xfc007cda]
[2023-10-24 11:21:37] [    0.050920] ACPI: Reserving FACS table memory at [mem 0xfc001000-0xfc00103f]
[2023-10-24 11:21:37] [    0.050920] ACPI: Reserving FACS table memory at [mem 0xfc001000-0xfc00103f]
[2023-10-24 11:21:37] [    0.050921] ACPI: Reserving APIC table memory at [mem 0xfc007e70-0xfc007eab]
[2023-10-24 11:21:37] [    0.051010] No NUMA configuration found
[2023-10-24 11:21:37] [    0.051011] Faking a node at [mem 0x0000000000000000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051017] NODE_DATA(0) allocated [mem 0xf9b55000-0xf9b7ffff]
[2023-10-24 11:21:37] [    0.051188] Zone ranges:
[2023-10-24 11:21:37] [    0.051189]   DMA      [mem 0x0000000000001000-0x0000000000ffffff]
[2023-10-24 11:21:37] [    0.051190]   DMA32    [mem 0x0000000001000000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051191]   Normal   empty
[2023-10-24 11:21:37] [    0.051192]   Device   empty
[2023-10-24 11:21:37] [    0.051192] Movable zone start for each node
[2023-10-24 11:21:37] [    0.051194] Early memory node ranges
[2023-10-24 11:21:37] [    0.051194]   node   0: [mem 0x0000000000001000-0x000000000009ffff]
[2023-10-24 11:21:37] [    0.051195]   node   0: [mem 0x0000000000100000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051197] Initmem setup node 0 [mem 0x0000000000001000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051226] On node 0, zone DMA: 1 pages in unavailable ranges
[2023-10-24 11:21:37] [    0.051338] On node 0, zone DMA: 96 pages in unavailable ranges
[2023-10-24 11:21:37] [    0.053038] On node 0, zone DMA32: 24576 pages in unavailable ranges
[2023-10-24 11:21:37] [    0.053097] ACPI: No IOAPIC entries present
[2023-10-24 11:21:37] [    0.053098] ACPI: Using ACPI for processor (LAPIC) configuration information
[2023-10-24 11:21:37] [    0.053105] smpboot: Allowing 2 CPUs, 0 hotplug CPUs
[2023-10-24 11:21:37] [    0.053115] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
[2023-10-24 11:21:37] [    0.053117] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000fffff]
[2023-10-24 11:21:37] [    0.053118] [mem 0xfc009000-0xfeff7fff] available for PCI devices
[2023-10-24 11:21:37] [    0.053121] Booting paravirtualized kernel on Xen PVH
[2023-10-24 11:21:37] [    0.053125] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[2023-10-24 11:21:37] [    0.056240] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1
[2023-10-24 11:21:37] [    0.057641] percpu: Embedded 61 pages/cpu s212992 r8192 d28672 u1048576
[2023-10-24 11:21:37] [    0.057647] pcpu-alloc: s212992 r8192 d28672 u1048576 alloc=1*2097152
[2023-10-24 11:21:37] [    0.057649] pcpu-alloc: [0] 0 1 
[2023-10-24 11:21:37] [    0.057667] xen: PV spinlocks enabled
[2023-10-24 11:21:37] [    0.057668] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
[2023-10-24 11:21:37] [    0.057679] Fallback order for Node 0: 0 
[2023-10-24 11:21:37] [    0.057681] Built 1 zonelists, mobility grouping on.  Total pages: 1007744
[2023-10-24 11:21:37] [    0.057682] Policy zone: DMA32
[2023-10-24 11:21:37] [    0.057683] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0
[2023-10-24 11:21:37] [    0.057837] DMAR: IOMMU enabled
[2023-10-24 11:21:37] [    0.057847] AMD-Vi: Unknown option - 'on'
[2023-10-24 11:21:37] [    0.057990] Unknown kernel command line parameters "extra_latent_entropy BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 spectre_v2=on spec_store_bypass_disable=on tsx=off pti=on", will be passed to user space.
[2023-10-24 11:21:37] [    0.060409] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[2023-10-24 11:21:37] [    0.061613] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[2023-10-24 11:21:37] [    0.061642] mem auto-init: stack:all(zero), heap alloc:on, heap free:on
[2023-10-24 11:21:37] [    0.061643] mem auto-init: clearing system memory may take some time...
[2023-10-24 11:21:37] [    0.202483] Memory: 260860K/4095612K available (14342K kernel code, 2329K rwdata, 9132K rodata, 2772K init, 17416K bss, 236916K reserved, 0K cma-reserved)
[2023-10-24 11:21:37] [    0.203175] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[2023-10-24 11:21:37] [    0.203203] Kernel/User page tables isolation: enabled
[2023-10-24 11:21:37] [    0.203237] ftrace: allocating 40153 entries in 157 pages
[2023-10-24 11:21:37] [    0.210546] ftrace: allocated 157 pages with 5 groups
[2023-10-24 11:21:37] [    0.211075] Dynamic Preempt: voluntary
[2023-10-24 11:21:37] [    0.211181] rcu: Preemptible hierarchical RCU implementation.
[2023-10-24 11:21:37] [    0.211196] rcu: 	RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=2.
[2023-10-24 11:21:37] [    0.211201] 	Trampoline variant of Tasks RCU enabled.
[2023-10-24 11:21:37] [    0.211202] 	Rude variant of Tasks RCU enabled.
[2023-10-24 11:21:37] [    0.211202] 	Tracing variant of Tasks RCU enabled.
[2023-10-24 11:21:37] [    0.211205] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[2023-10-24 11:21:37] [    0.211206] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[2023-10-24 11:21:37] [    0.214455] Using NULL legacy PIC
[2023-10-24 11:21:37] [    0.214456] NR_IRQS: 524544, nr_irqs: 48, preallocated irqs: 0
[2023-10-24 11:21:37] [    0.214472] xen:events: Using FIFO-based ABI
[2023-10-24 11:21:37] [    0.214485] xen:events: Xen HVM callback vector for event delivery is enabled
[2023-10-24 11:21:37] [    0.214507] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[2023-10-24 11:21:37] [    0.214556] Console: colour dummy device 80x25
[2023-10-24 11:21:37] [    0.214667] printk: console [tty0] enabled
[2023-10-24 11:21:37] [    0.215336] printk: console [hvc0] enabled
[2023-10-24 11:21:37] [    0.215405] ACPI: Core revision 20220331
[2023-10-24 11:21:37] [    0.215523] ACPI: setting ELCR to 0200 (from ffff)
[2023-10-24 11:21:37] [    0.215559] Failed to register legacy timer interrupt
[2023-10-24 11:21:37] [    0.215565] APIC: Switch to symmetric I/O mode setup
[2023-10-24 11:21:37] [    0.215579] x2apic enabled
[2023-10-24 11:21:37] [    0.215584] Switched APIC routing to physical x2apic.
[2023-10-24 11:21:37] [    0.215613] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x36abf20e532, max_idle_ns: 881590501089 ns
[2023-10-24 11:21:37] [    0.215630] Calibrating delay loop (skipped), value calculated using timer frequency.. 3792.84 BogoMIPS (lpj=7585692)
[2023-10-24 11:21:37] [    0.215675] x86/cpu: User Mode Instruction Prevention (UMIP) activated
[2023-10-24 11:21:37] [    0.215698] Last level iTLB entries: 4KB 512, 2MB 512, 4MB 256
[2023-10-24 11:21:37] [    0.215706] Last level dTLB entries: 4KB 2048, 2MB 2048, 4MB 1024, 1GB 0
[2023-10-24 11:21:37] [    0.215715] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[2023-10-24 11:21:37] [    0.215727] Spectre V2 : Mitigation: Retpolines
[2023-10-24 11:21:37] [    0.215732] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[2023-10-24 11:21:37] [    0.215741] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[2023-10-24 11:21:37] [    0.215747] Spectre V2 : Enabling Restricted Speculation for firmware calls
[2023-10-24 11:21:37] [    0.215756] Spectre V2 : mitigation: Enabling always-on Indirect Branch Prediction Barrier
[2023-10-24 11:21:37] [    0.215767] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled
[2023-10-24 11:21:37] [    0.215778] Speculative Return Stack Overflow: IBPB-extending microcode not applied!
[2023-10-24 11:21:37] [    0.215786] Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
[2023-10-24 11:21:37] [    0.215787] Speculative Return Stack Overflow: Mitigation: safe RET, no microcode
[2023-10-24 11:21:37] [    0.215817] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[2023-10-24 11:21:37] [    0.215826] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[2023-10-24 11:21:37] [    0.215833] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[2023-10-24 11:21:37] [    0.215839] x86/fpu: Supporting XSAVE feature 0x200: 'Protection Keys User registers'
[2023-10-24 11:21:37] [    0.215848] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[2023-10-24 11:21:37] [    0.215855] x86/fpu: xstate_offset[9]:  832, xstate_sizes[9]:    8
[2023-10-24 11:21:37] [    0.215862] x86/fpu: Enabled xstate features 0x207, context size is 840 bytes, using 'compacted' format.
[2023-10-24 11:21:37] [    0.219626] Freeing SMP alternatives memory: 36K
[2023-10-24 11:21:37] [    0.219626] pid_max: default: 32768 minimum: 301
[2023-10-24 11:21:37] [    0.219626] LSM: Security Framework initializing
[2023-10-24 11:21:37] [    0.219626] landlock: Up and running.
[2023-10-24 11:21:37] [    0.219626] Yama: disabled by default; enable with sysctl kernel.yama.*
[2023-10-24 11:21:37] [    0.219626] AppArmor: AppArmor initialized
[2023-10-24 11:21:37] [    0.219626] TOMOYO Linux initialized
[2023-10-24 11:21:37] [    0.219626] LSM support for eBPF active
[2023-10-24 11:21:37] [    0.219626] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:37] [    0.219626] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:37] [    0.219626] clocksource: xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[2023-10-24 11:21:37] [    0.219626] Xen: using vcpuop timer interface
[2023-10-24 11:21:37] [    0.219626] installing Xen timer for CPU 0
[2023-10-24 11:21:37] [    0.219626] smpboot: CPU0: AMD Ryzen 7 5800U with Radeon Graphics (family: 0x19, model: 0x50, stepping: 0x0)
[2023-10-24 11:21:37] [    0.219626] cpu 0 spinlock event irq 4
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting adjustable number of callback queues.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting shift to 1 and lim to 1.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting adjustable number of callback queues.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting shift to 1 and lim to 1.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting adjustable number of callback queues.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting shift to 1 and lim to 1.
[2023-10-24 11:21:37] [    0.219626] Performance Events: PMU not available due to virtualization, using software events only.
[2023-10-24 11:21:37] [    0.219626] signal: max sigframe size: 3376
[2023-10-24 11:21:37] [    0.219626] rcu: Hierarchical SRCU implementation.
[2023-10-24 11:21:37] [    0.219626] rcu: 	Max phase no-delay instances is 1000.
[2023-10-24 11:21:37] [    0.219626] NMI watchdog: Perf NMI watchdog permanently disabled
[2023-10-24 11:21:37] [    0.219626] smp: Bringing up secondary CPUs ...
[2023-10-24 11:21:37] [    0.219626] installing Xen timer for CPU 1
[2023-10-24 11:21:37] [    0.219626] x86: Booting SMP configuration:
[2023-10-24 11:21:37] [    0.219626] .... node  #0, CPUs:      #1
[2023-10-24 11:21:37] [    0.219626] cpu 1 spinlock event irq 9
[2023-10-24 11:21:37] [    0.219626] smp: Brought up 1 node, 2 CPUs
[2023-10-24 11:21:37] [    0.219626] smpboot: Max logical packages: 1
[2023-10-24 11:21:37] [    0.219626] smpboot: Total of 2 processors activated (7585.69 BogoMIPS)
[2023-10-24 11:21:39] [    2.618336] node 0 deferred pages initialised in 2400ms
[2023-10-24 11:21:39] [    2.624198] devtmpfs: initialized
[2023-10-24 11:21:39] [    2.624198] x86/mm: Memory block size: 128MB
[2023-10-24 11:21:39] [    2.624644] memmap_init_zone_device initialised 32768 pages in 0ms
[2023-10-24 11:21:39] [    2.624812] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[2023-10-24 11:21:39] [    2.624841] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
[2023-10-24 11:21:39] [    2.624943] pinctrl core: initialized pinctrl subsystem
[2023-10-24 11:21:39] [    2.624955] pinctrl core: failed to create debugfs directory
[2023-10-24 11:21:39] [    2.627909] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[2023-10-24 11:21:39] [    2.627947] xen:grant_table: Grant tables using version 1 layout
[2023-10-24 11:21:39] [    2.627970] Grant table initialized
[2023-10-24 11:21:39] [    2.628130] DMA: preallocated 512 KiB GFP_KERNEL pool for atomic allocations
[2023-10-24 11:21:39] [    2.628144] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[2023-10-24 11:21:39] [    2.628156] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[2023-10-24 11:21:39] [    2.628185] audit: initializing netlink subsys (disabled)
[2023-10-24 11:21:39] [    2.628199] audit: type=2000 audit(1698160899.873:1): state=initialized audit_enabled=0 res=1
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'fair_share'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'bang_bang'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'step_wise'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'user_space'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'power_allocator'
[2023-10-24 11:21:39] [    2.628199] cpuidle: using governor ladder
[2023-10-24 11:21:39] [    2.628199] cpuidle: using governor menu
[2023-10-24 11:21:39] [    2.628199] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[2023-10-24 11:21:39] [    2.628199] PCI: Fatal: No config space access function found
[2023-10-24 11:21:39] [    2.628867] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
[2023-10-24 11:21:39] [    2.631655] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
[2023-10-24 11:21:39] [    2.631671] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
[2023-10-24 11:21:39] [    2.631681] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
[2023-10-24 11:21:39] [    2.631691] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(Module Device)
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(Processor Device)
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(3.0 _SCP Extensions)
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(Processor Aggregator Device)
[2023-10-24 11:21:40] [    2.645885] ACPI: 1 ACPI AML tables successfully acquired and loaded
[2023-10-24 11:21:40] [    2.646050] ACPI: OSL: SCI (ACPI GSI 9) not registered
[2023-10-24 11:21:40] [    2.648896] ACPI: Interpreter enabled
[2023-10-24 11:21:40] [    2.648911] ACPI: PM: (supports S0)
[2023-10-24 11:21:40] [    2.648918] ACPI: Using platform specific model for interrupt routing
[2023-10-24 11:21:40] [    2.648948] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[2023-10-24 11:21:40] [    2.648960] PCI: Using E820 reservations for host bridge windows
[2023-10-24 11:21:40] [    2.648960] ACPI: Enabled 1 GPEs in block 00 to 0F
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 00, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 01, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 03, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 04, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 05, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 06, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 07, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.656717] xen:balloon: Initialising balloon driver
[2023-10-24 11:21:40] [    2.659734] iommu: Default domain type: Translated (set via kernel command line)
[2023-10-24 11:21:40] [    2.659734] iommu: DMA domain TLB invalidation policy: strict mode (set via kernel command line)
[2023-10-24 11:21:40] [    2.659798] pps_core: LinuxPPS API ver. 1 registered
[2023-10-24 11:21:40] [    2.659806] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <[email protected]>
[2023-10-24 11:21:40] [    2.659818] PTP clock support registered
[2023-10-24 11:21:40] [    2.659829] EDAC MC: Ver: 3.0.0
[2023-10-24 11:21:40] [    2.659914] NetLabel: Initializing
[2023-10-24 11:21:40] [    2.659914] NetLabel:  domain hash size = 128
[2023-10-24 11:21:40] [    2.659914] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[2023-10-24 11:21:40] [    2.659914] NetLabel:  unlabeled traffic allowed by default
[2023-10-24 11:21:40] [    2.659914] PCI: Using ACPI for IRQ routing
[2023-10-24 11:21:40] [    2.659914] PCI: System does not support PCI
[2023-10-24 11:21:40] [    2.659914] vgaarb: loaded
[2023-10-24 11:21:40] [    2.659914] clocksource: Switched to clocksource xen
[2023-10-24 11:21:40] [    2.837814] VFS: Disk quotas dquot_6.6.0
[2023-10-24 11:21:40] [    2.837857] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[2023-10-24 11:21:40] [    2.838182] AppArmor: AppArmor Filesystem Enabled
[2023-10-24 11:21:40] [    2.838210] pnp: PnP ACPI init
[2023-10-24 11:21:40] [    2.838278] pnp: PnP ACPI: found 0 devices
[2023-10-24 11:21:40] [    2.841887] NET: Registered PF_INET protocol family
[2023-10-24 11:21:40] [    2.841969] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear)
[2023-10-24 11:21:40] [    2.842925] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear)
[2023-10-24 11:21:40] [    2.842958] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[2023-10-24 11:21:40] [    2.843151] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear)
[2023-10-24 11:21:40] [    2.843380] TCP bind hash table entries: 32768 (order: 8, 1048576 bytes, linear)
[2023-10-24 11:21:40] [    2.844648] TCP: Hash tables configured (established 32768 bind 32768)
[2023-10-24 11:21:40] [    2.844768] MPTCP token hash table entries: 4096 (order: 4, 98304 bytes, linear)
[2023-10-24 11:21:40] [    2.844890] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:40] [    2.844963] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:40] [    2.845142] NET: Registered PF_UNIX/PF_LOCAL protocol family
[2023-10-24 11:21:40] [    2.845159] NET: Registered PF_XDP protocol family
[2023-10-24 11:21:40] [    2.845168] PCI: CLS 0 bytes, default 64
[2023-10-24 11:21:40] [    2.845240] Trying to unpack rootfs image as initramfs...
[2023-10-24 11:21:40] [    2.845315] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x36abf20e532, max_idle_ns: 881590501089 ns
[2023-10-24 11:21:40] [    2.845354] clocksource: Switched to clocksource tsc
[2023-10-24 11:21:40] [    2.845811] Initialise system trusted keyrings
[2023-10-24 11:21:40] [    2.845870] Key type blacklist registered
[2023-10-24 11:21:40] [    2.849186] workingset: timestamp_bits=36 max_order=20 bucket_order=0
[2023-10-24 11:21:40] [    2.852053] zbud: loaded
[2023-10-24 11:21:40] [    2.852730] integrity: Platform Keyring initialized
[2023-10-24 11:21:40] [    2.852750] integrity: Machine keyring initialized
[2023-10-24 11:21:40] [    2.852761] Key type asymmetric registered
[2023-10-24 11:21:40] [    2.852768] Asymmetric key parser 'x509' registered

That is a weird way for the log to end without an error message.

Additional information:

The kernel command line as seen from the log...

Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0

It's lengthy (because of security-misc and debug-misc being installed) but that shouldn't matter, because the boot process was successful with initramfs-tools.

Maybe the console setting console=tty0 console=hvc0 stops further output? Any idea what is adding the console=tty0? Trying to find out why the log ends presumably prematurely so we can at least read an error message.

adrelanos · 2023-10-24T15:30:04Z

That is by Qubes so probably not the issue.

grep -r -i console /etc/default/grub.d

/etc/default/grub.d/30-qubes.cfg:GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX root=/dev/mapper/dmroot console=tty0 console=hvc0"

marmarek · 2023-10-24T15:30:41Z

Generally, Debian is using initramfs-tools, while Fedora is using dracut, so respective modules are packaged only for distributions where they are relevant. Is dracut a supported way of generating initramfs in Debian? If so, we can package dracut module for Debian too. In the meantime, you can test this by copying them a Fedora qube.

adrelanos · 2023-10-24T15:37:50Z

Is dracut a supported way of generating initramfs in Debian?

dracut is in packages.debian.org for years. It's unfortunately not the default. Then it would be better supported. It has some bugs. But it works.

It's the default in Kicksecure and Non-Qubes-Whonix since version 17. (Because it's the only feasable path towards ram-wipe (dracut module) that I could find.)

In the meantime, you can test this by copying them a Fedora qube.

I wouldn't know what to copy. This Debian based VM already has these folders:

/usr/lib/dracut/modules.d/90qubes-vm
/usr/lib/dracut/modules.d/90qubes-vm-modules
/usr/lib/dracut/modules.d/90qubes-vm-simple

The same folders that Fedora has.

Am I missing any, which ones do I need to copy over?

adrelanos · 2023-10-24T15:39:37Z

I've cut the kernel parameters.

[2023-10-24 11:38:33] [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0

But still no more log output. Log still stops at the same message.

marmarek · 2023-10-24T16:49:21Z

That is a weird way for the log to end without an error message.

Maybe killed by Xen on "out of PoD memory"? Check xl dmesg
If initramfs produced by dracut is significantly larger than the default one, the default 400MB may be not enough to boot.

adrelanos · 2023-10-26T15:05:27Z

Good to know to keep dracut modules small to avoid an unbootable initial ramdisk. In this case it seems in order though:

du -sh /boot/initrd.img-6.1.38-1.qubes.fc37.x86_64

97M /boot/initrd.img-6.1.38-1.qubes.fc37.x86_64

But perhaps the .qubes.fc37.x86_64 part is the issue?

So instead of running sudo dracut -f I tried:

sudo dracut --no-hostonly --fstab --add-fstab /etc/fstab --force --reproducible

Maybe some modules are missing? Log:

dracut: Executing: /usr/bin/dracut --no-hostonly --fstab --add-fstab /etc/fstab --force --reproducible
dracut: dracut module 'systemd-coredump' will not be installed, because command 'coredumpctl' could not be found!
dracut: dracut module 'systemd-coredump' will not be installed, because command '/lib/systemd/systemd-coredump' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command 'resolvectl' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command '/lib/systemd/systemd-resolved' could not be found!
dracut: dracut module 'systemd-timesyncd' will not be installed, because command '/lib/systemd/systemd-timesyncd' could not be found!
dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found!
dracut: dracut module 'dbus-broker' will not be installed, because command 'dbus-broker' could not be found!
dracut: dracut module 'rngd' will not be installed, because command 'rngd' could not be found!
dracut: dracut module 'i18n' will not be installed, because command 'setfont' could not be found!
dracut: dracut module 'i18n' will not be installed, because command 'loadkeys' could not be found!
dracut: dracut module 'i18n' will not be installed, because command 'kbd_mode' could not be found!
dracut: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found!
dracut: dracut module 'dmraid' will not be installed, because command 'dmraid' could not be found!
dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found!
dracut: dracut module 'multipath' will not be installed, because command 'multipath' could not be found!
dracut: dracut module 'pcsc' will not be installed, because command 'pcscd' could not be found!
dracut: dracut module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found!
dracut: dracut module 'nvmf' will not be installed, because command 'nvme' could not be found!
dracut: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found!
dracut: dracut module 'memstrack' will not be installed, because command 'memstrack' could not be found!
dracut: memstrack is not available
dracut: If you need to use rd.memdebug>=4, please install memstrack and procps-ng
dracut: dracut module 'systemd-coredump' will not be installed, because command 'coredumpctl' could not be found!
dracut: dracut module 'systemd-coredump' will not be installed, because command '/lib/systemd/systemd-coredump' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command 'resolvectl' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command '/lib/systemd/systemd-resolved' could not be found!
dracut: dracut module 'systemd-timesyncd' will not be installed, because command '/lib/systemd/systemd-timesyncd' could not be found!
dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found!
dracut: dracut module 'dbus-broker' will not be installed, because command 'dbus-broker' could not be found!
dracut: dracut module 'rngd' will not be installed, because command 'rngd' could not be found!
dracut: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found!
dracut: dracut module 'dmraid' will not be installed, because command 'dmraid' could not be found!
dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found!
dracut: dracut module 'pcsc' will not be installed, because command 'pcscd' could not be found!
dracut: dracut module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found!
dracut: dracut module 'nvmf' will not be installed, because command 'nvme' could not be found!
dracut: dracut module 'memstrack' will not be installed, because command 'memstrack' could not be found!
dracut: memstrack is not available
dracut: If you need to use rd.memdebug>=4, please install memstrack and procps-ng
dracut: *** Including module: systemd ***
dracut: *** Including module: systemd-initrd ***
dracut: *** Including module: remount-secure ***
dracut: *** Including module: drm ***
dracut: *** Including module: plymouth ***
dracut: *** Including module: xen-scrub-pages ***
dracut: *** Including module: crypt ***
dracut: *** Including module: dm ***
dracut: Skipping udev rule: 10-dm.rules
dracut: Skipping udev rule: 13-dm-disk.rules
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: *** Including module: kernel-modules ***
dracut: *** Including module: kernel-modules-extra ***
dracut: *** Including module: lvm ***
dracut: Skipping udev rule: 11-dm-lvm.rules
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: *** Including module: nvdimm ***
dracut: *** Including module: overlay-root ***
dracut: *** Including module: qemu ***
dracut: *** Including module: qubes-vm ***
dracut: *** Including module: debug ***
dracut: *** Including module: fstab-sys ***
dracut: *** Including module: lunmask ***
dracut: *** Including module: resume ***
dracut: *** Including module: rootfs-block ***
dracut: *** Including module: terminfo ***
dracut: *** Including module: udev-rules ***
dracut: Skipping udev rule: 40-redhat.rules
dracut: Skipping udev rule: 91-permissions.rules
dracut: Skipping udev rule: 80-drivers-modprobe.rules
dracut: *** Including module: virtiofs ***
dracut: *** Including module: dracut-systemd ***
dracut: *** Including module: usrmount ***
dracut: *** Including module: base ***
dracut: *** Including module: fs-lib ***
dracut: *** Including module: shutdown ***
dracut: *** Including modules done ***
dracut: *** Installing kernel module dependencies ***
dracut: *** Installing kernel module dependencies done ***
dracut: *** Resolving executable dependencies ***
dracut: *** Resolving executable dependencies done ***
dracut: *** Hardlinking files ***
dracut: Mode:                     real
dracut: Method:                   sha256
dracut: Files:                    2180
dracut: Linked:                   210 files
dracut: Compared:                 0 xattrs
dracut: Compared:                 3744 files
dracut: Saved:                    17.94 MiB
dracut: Duration:                 0.120243 seconds
dracut: *** Hardlinking files done ***
dracut: *** Generating early-microcode cpio image ***
dracut: *** Constructing AuthenticAMD.bin ***
dracut: *** Constructing GenuineIntel.bin ***
dracut: *** Store current command line parameters ***
dracut: *** Stripping files ***
dracut: *** Stripping files done ***
dracut: *** Creating image file '/boot/initrd.img-6.1.38-1.qubes.fc37.x86_64' ***
dracut: Using auto-determined compression method 'gzip'
dracut: *** Creating initramfs image file '/boot/initrd.img-6.1.38-1.qubes.fc37.x86_64' done ***

adrelanos · 2023-10-26T15:12:20Z

You guessed good.

xl dmesg

(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) Domain 17 (vcpu#0) crashed on cpu#8:
(XEN) ----[ Xen-4.17.1  x86_64  debug=n  Not tainted ]----
(XEN) CPU:    8
(XEN) RIP:    0010:[<ffffffff8722b8b6>]
(XEN) RFLAGS: 0000000000000206   CONTEXT: hvm guest (d17v0)
(XEN) rax: ffff90b18dc09000   rbx: 0000000000000000   rcx: 0000000000001000
(XEN) rdx: 0000000000001000   rsi: ffff90b1b19223b0   rdi: ffff90b18dc09000
(XEN) rbp: 0000000000001000   rsp: ffff9c4e800e3ab0   r8:  0000000000001000
(XEN) r9:  ffff90b18dc09000   r10: ffff90b180000000   r11: ffffd161c0000000
(XEN) r12: 0000000000001000   r13: 0000000000002000   r14: ffff90b18dc09000
(XEN) r15: ffff9c4e800e3c98   cr0: 0000000080050033   cr4: 0000000000750ef0
(XEN) cr3: 00000000e0e10000   cr2: 0000000000000000
(XEN) fsb: 0000000000000000   gsb: ffff90b275800000   gss: 0000000000000000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0018   cs: 0010
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300

marmarek · 2023-10-26T15:13:24Z

97M /boot/initrd.img-6.1.38-1.qubes.fc37.x86_64

That's a lot for a 400MB for booting. Note it is compressed, and kernel needs to uncompress it (which can easily eat twice its size), and still have space for kernel to run.

The minimal initramfs shipped via dom0 is about 7MB. The dracut-generated one in Fedora templates is about 30MB.

adrelanos · 2023-10-26T15:21:00Z

initial memory:

650 MB: boot too slow, unusable
700 MB: boot success

No special dracut command line parameters required. I regenerated to initial ramdisk using sudo dracut -f and the system was still bootable.

There are imo maybe two usability bugs here:

Qubes should make the out of PoD memory error more accessible.
Maybe Linux or the initial ramdisk should fail with a better error message?

Useful to create tickets for that?

marmarek · 2023-10-26T15:28:28Z

If you are on most recent R4.2, there is an opt-in feature that should make such issues much more evident by changing how boot memory is handled (instead of giving full "maxmem" at boot and using PoD + xen-balloon to limit that to "memory", it gives just "memory" amount and doesn't use PoD at all, and then uses memory hotplug to increase if necessary). You can enable it with:

qvm-features VMNAME memory-hotplug 1

At some point it will be default, but needs more testing first.

adrelanos · 2023-10-26T16:28:26Z

qvm-features VMNAME memory-hotplug 1

I will test this. VM booted so let's see how it works over the coming weeks. Is there a ticket?

adrelanos · 2023-10-26T22:49:17Z

Had to disable memory-hotplug 1 and increase to initial RAM to 800 MB for my work-gpg App Qube.

adrelanos · 2023-10-26T23:11:44Z

Qubes Debian 12 Template...
(unmodified besides upgrades)

Default initramfs-tools:

du -sh /boot/initrd.img-...

21M

sudo apt install --no-install-recommends dracut

92M

sudo dracut -f --no-hostonly

86M

sudo dracut -f --hostonly

20M

Nurmagoz · 2024-11-25T04:48:06Z

ping, is this still the case? related #9573 #9570

adrelanos · 2024-11-25T12:19:59Z

No related commits have been attached. Nothing has changed.

dracut support would be good to have as it gives value as described in my original post. But...

Not a blocker for:

marmarek · 2024-11-25T12:46:14Z

sudo dracut -f --hostonly

20M

So, this looks to be the way to go then. I guess we can include hostonly=yes in a config snippet.

marmarek · 2024-11-25T13:05:14Z

In fact, we do have dracut config already installed in Fedora, it has hostonly=no, but it excludes a bunch of modules to limit the size. I'll add it to Debian too and see what happens.

This especially adds dracut config (that was previously installed in Fedora only). While dracut is not the default on Debian, it is possible to use it, so add the config to the package too. QubesOS/qubes-issues#8649

Review content of initramfs on Debian, and remove biggest yet unused parts. QubesOS/qubes-issues#8649

It isn't default there, but it is available, so test it too. QubesOS/qubes-issues#8649

This especially adds dracut config (that was previously installed in Fedora only). While dracut is not the default on Debian, it is possible to use it, so add the config to the package too. QubesOS/qubes-issues#8649 (cherry picked from commit 8796b2b)

Review content of initramfs on Debian, and remove biggest yet unused parts. QubesOS/qubes-issues#8649 (cherry picked from commit e9e5b81)

adrelanos added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement labels Oct 24, 2023

adrelanos mentioned this issue Oct 24, 2023

test Remount Secure in Qubes Kicksecure/security-misc#137

Closed

adrelanos changed the title ~~qubes-vm-kernel - dracut support~~ qubes-vm-kernel - dracut support inside App Qubes Oct 24, 2023

andrewdavidwong added the C: kernel label Oct 25, 2023

adrelanos mentioned this issue Oct 26, 2023

debian-12 fails to start with in-VM kernel #8505

Closed

adrelanos mentioned this issue Sep 15, 2024

move bind-dirs to its own systemd unit file #5256

Open

marmarek mentioned this issue Nov 25, 2024

Add dracut config to the Debian package too QubesOS/qubes-core-agent-linux#536

Merged

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Nov 25, 2024

dracut: add few more setting to reduce initramfs size on Debian

e9e5b81

Review content of initramfs on Debian, and remove biggest yet unused parts. QubesOS/qubes-issues#8649

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Nov 25, 2024

tests: try dracut on Debian too

d23f7e1

It isn't default there, but it is available, so test it too. QubesOS/qubes-issues#8649

marmarek mentioned this issue Nov 25, 2024

tests: try dracut on Debian too QubesOS/qubes-core-admin#638

Merged

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Nov 29, 2024

tests: try dracut on Debian too

5b7e57b

It isn't default there, but it is available, so test it too. QubesOS/qubes-issues#8649

andrewdavidwong added the C: core label Nov 29, 2024

This was referenced Dec 10, 2024

core-agent-linux v4.3.13 (r4.3) QubesOS/updates-status#5311

Closed

core-admin v4.3.13 (r4.3) QubesOS/updates-status#5314

Closed

qubesos-bot mentioned this issue Dec 27, 2024

core-agent-linux v4.2.40 (r4.2) QubesOS/updates-status#5357

Closed

andrewdavidwong removed the T: enhancement label Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

qubes-vm-kernel - dracut support inside App Qubes #8649

qubes-vm-kernel - dracut support inside App Qubes #8649

adrelanos commented Oct 24, 2023

adrelanos commented Oct 24, 2023

adrelanos commented Oct 24, 2023

marmarek commented Oct 24, 2023

adrelanos commented Oct 24, 2023

adrelanos commented Oct 24, 2023

marmarek commented Oct 24, 2023

adrelanos commented Oct 26, 2023

adrelanos commented Oct 26, 2023

marmarek commented Oct 26, 2023

adrelanos commented Oct 26, 2023

marmarek commented Oct 26, 2023

adrelanos commented Oct 26, 2023

adrelanos commented Oct 26, 2023

adrelanos commented Oct 26, 2023

Nurmagoz commented Nov 25, 2024

adrelanos commented Nov 25, 2024

marmarek commented Nov 25, 2024

marmarek commented Nov 25, 2024

qubes-vm-kernel - dracut support inside App Qubes #8649

qubes-vm-kernel - dracut support inside App Qubes #8649

Comments

adrelanos commented Oct 24, 2023

The problem you're addressing (if any)

The solution you'd like

The value to a user, and who that user might be

Related

Additional information

adrelanos commented Oct 24, 2023

Qubes OS release

Brief summary

Steps to reproduce

Expected behavior

Actual behavior

Boot log

Additional information:

adrelanos commented Oct 24, 2023

marmarek commented Oct 24, 2023

adrelanos commented Oct 24, 2023

adrelanos commented Oct 24, 2023

marmarek commented Oct 24, 2023

adrelanos commented Oct 26, 2023

adrelanos commented Oct 26, 2023

marmarek commented Oct 26, 2023

adrelanos commented Oct 26, 2023

marmarek commented Oct 26, 2023

adrelanos commented Oct 26, 2023

adrelanos commented Oct 26, 2023

adrelanos commented Oct 26, 2023

Nurmagoz commented Nov 25, 2024

adrelanos commented Nov 25, 2024

marmarek commented Nov 25, 2024

marmarek commented Nov 25, 2024