adrelanos commented 10 months ago

The problem you're addressing (if any)

Qubes inside VM kernel booting is broken when using dracut.

https://www.qubes-os.org/doc/managing-vm-kernels/#distribution-kernel

The solution you'd like

Add dracut support.

The value to a user, and who that user might be

Better security, because then security-misc's dracut module for nosuid, nodev, noexec could be used. (https://github.com/QubesOS/qubes-issues/issues/5329) (https://github.com/QubesOS/qubes-issues/issues/1885)
Perhaps faster booting.
Other dracut functionality, advantages.
Towards https://github.com/QubesOS/qubes-issues/issues/1310

Additional information

This might actually be a bug report. Qubes VMs might already have dracut booting functionality. But I haven't found any documentation on this. This is implied because Qubes already has several dracut modules.

/usr/lib/dracut/modules.d/90qubes-vm
/usr/lib/dracut/modules.d/90qubes-vm-modules
/usr/lib/dracut/modules.d/90qubes-vm-simple

adrelanos commented 10 months ago

Qubes OS release

R4.2

Brief summary

VM using Qubes VM kernel fails to boot

Steps to reproduce

Create a Kicksecure for Qubes Template.
Set up Qubes VM kernel as per https://www.qubes-os.org/doc/managing-vm-kernels/#distribution-kernel
Make sure it's bootable and working normally.
Inside the Template: sudo apt install --no-install-recommends dracut

Expected behavior

Functional boot.

Actual behavior

Broken boot.

Boot log

tail -f /var/log/xen/console/guest-kicksecure-bookworm.log

[user@dom0 ~]$ tail -n 0 -f /var/log/xen/console/guest-kicksecure-bookworm.log
[2023-10-24 11:21:33] Logfile Opened
[2023-10-24 11:21:33] .[30m.[47mWelcome to GRUB!
[2023-10-24 11:21:33] 
[2023-10-24 11:21:33] .[37m.[40m.[37m.[40m.[37m.[40m.[3;34H      [ grub-xen.cfg  424B  100%  18.82KiB/s ].[3;1Herror: no such device: /boot/xen/pvboot-x86_64.elf.
[2023-10-24 11:21:33] Reading (xen/xvda,gpt3/boot/grub/grub.cfg
[2023-10-24 11:21:33] .[H.[J.[1;1Herror: file `/boot/grub/fonts/unicode.pf2' not found.
[2023-10-24 11:21:33] error: no suitable video mode found.
[2023-10-24 11:21:33] error: no video mode activated.
[2023-10-24 11:21:33] .[4;34H      [ grub.cfg  24.01KiB  100%  61.26KiB/s ].[4;1H.[H.[J.[1;1H  Booting `Kicksecure GNU/Linux'
[2023-10-24 11:21:33] 
[2023-10-24 11:21:33] Loading Linux 6.1.0-13-amd64 ...
[2023-10-24 11:21:33] .[4;23H      [ vmlinuz-6.1.0-13-amd  7.76MiB  100%  10.24MiB/s ].[4;1HLoading initial ramdisk ...
[2023-10-24 11:21:35] .[5;23H      [ initrd.img-6.1.0-13-  68.97MiB  66%  29.33MiB/s ].[5;1H.[5;21H      [ initrd.img-6.1.0-13-  103.46MiB  100%  37.38MiB/s ].[5;1H[    0.000000] Linux version 6.1.0-13-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29)
[2023-10-24 11:21:37] [    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0
[2023-10-24 11:21:37] [    0.000000] BIOS-provided physical RAM map:
[2023-10-24 11:21:37] [    0.000000] BIOS-e820: [mem 0x0000000000000000-0x00000000f9ffffff] usable
[2023-10-24 11:21:37] [    0.000000] BIOS-e820: [mem 0x00000000fc000000-0x00000000fc008fff] ACPI data
[2023-10-24 11:21:37] [    0.000000] BIOS-e820: [mem 0x00000000feff8000-0x00000000feffffff] reserved
[2023-10-24 11:21:37] [    0.000000] SMT: Force disabled
[2023-10-24 11:21:37] [    0.000000] NX (Execute Disable) protection: active
[2023-10-24 11:21:37] [    0.000000] DMI not present or invalid.
[2023-10-24 11:21:37] [    0.000000] Hypervisor detected: Xen HVM
[2023-10-24 11:21:37] [    0.000000] Xen version 4.17.
[2023-10-24 11:21:37] [    0.000000] platform_pci_unplug: Xen Platform PCI: unrecognised magic value
[2023-10-24 11:21:37] [    0.000003] HVMOP_pagetable_dying not supported
[2023-10-24 11:21:37] [    0.046142] tsc: Fast TSC calibration failed
[2023-10-24 11:21:37] [    0.046146] tsc: Detected 1896.423 MHz processor
[2023-10-24 11:21:37] [    0.046301] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
[2023-10-24 11:21:37] [    0.046308] e820: remove [mem 0x000a0000-0x000fffff] usable
[2023-10-24 11:21:37] [    0.046313] last_pfn = 0xfa000 max_arch_pfn = 0x400000000
[2023-10-24 11:21:37] [    0.046419] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
[2023-10-24 11:21:37] [    0.049722] Kernel/User page tables isolation: force enabled on command line.
[2023-10-24 11:21:37] [    0.049728] Using GB pages for direct mapping
[2023-10-24 11:21:37] [    0.050882] printk: log_buf_len: 1048576 bytes
[2023-10-24 11:21:37] [    0.050885] printk: early log buf free: 129032(98%)
[2023-10-24 11:21:37] [    0.050886] RAMDISK: [mem 0x2b101000-0x31877fff]
[2023-10-24 11:21:37] [    0.050895] ACPI: Early table checksum verification disabled
[2023-10-24 11:21:37] [    0.050901] ACPI: RSDP 0x00000000FC008000 000024 (v02 Xen   )
[2023-10-24 11:21:37] [    0.050904] ACPI: XSDT 0x00000000FC007F60 000034 (v01 Xen    HVM      00000000 HVML 00000000)
[2023-10-24 11:21:37] [    0.050909] ACPI: FACP 0x00000000FC007D60 00010C (v05 Xen    HVM      00000000 HVML 00000000)
[2023-10-24 11:21:37] [    0.050912] ACPI: DSDT 0x00000000FC001040 006C9B (v05 Xen    HVM      00000000 INTL 20220331)
[2023-10-24 11:21:37] [    0.050914] ACPI: FACS 0x00000000FC001000 000040
[2023-10-24 11:21:37] [    0.050916] ACPI: FACS 0x00000000FC001000 000040
[2023-10-24 11:21:37] [    0.050917] ACPI: APIC 0x00000000FC007E70 00003C (v02 Xen    HVM      00000000 HVML 00000000)
[2023-10-24 11:21:37] [    0.050918] ACPI: Reserving FACP table memory at [mem 0xfc007d60-0xfc007e6b]
[2023-10-24 11:21:37] [    0.050919] ACPI: Reserving DSDT table memory at [mem 0xfc001040-0xfc007cda]
[2023-10-24 11:21:37] [    0.050920] ACPI: Reserving FACS table memory at [mem 0xfc001000-0xfc00103f]
[2023-10-24 11:21:37] [    0.050920] ACPI: Reserving FACS table memory at [mem 0xfc001000-0xfc00103f]
[2023-10-24 11:21:37] [    0.050921] ACPI: Reserving APIC table memory at [mem 0xfc007e70-0xfc007eab]
[2023-10-24 11:21:37] [    0.051010] No NUMA configuration found
[2023-10-24 11:21:37] [    0.051011] Faking a node at [mem 0x0000000000000000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051017] NODE_DATA(0) allocated [mem 0xf9b55000-0xf9b7ffff]
[2023-10-24 11:21:37] [    0.051188] Zone ranges:
[2023-10-24 11:21:37] [    0.051189]   DMA      [mem 0x0000000000001000-0x0000000000ffffff]
[2023-10-24 11:21:37] [    0.051190]   DMA32    [mem 0x0000000001000000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051191]   Normal   empty
[2023-10-24 11:21:37] [    0.051192]   Device   empty
[2023-10-24 11:21:37] [    0.051192] Movable zone start for each node
[2023-10-24 11:21:37] [    0.051194] Early memory node ranges
[2023-10-24 11:21:37] [    0.051194]   node   0: [mem 0x0000000000001000-0x000000000009ffff]
[2023-10-24 11:21:37] [    0.051195]   node   0: [mem 0x0000000000100000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051197] Initmem setup node 0 [mem 0x0000000000001000-0x00000000f9ffffff]
[2023-10-24 11:21:37] [    0.051226] On node 0, zone DMA: 1 pages in unavailable ranges
[2023-10-24 11:21:37] [    0.051338] On node 0, zone DMA: 96 pages in unavailable ranges
[2023-10-24 11:21:37] [    0.053038] On node 0, zone DMA32: 24576 pages in unavailable ranges
[2023-10-24 11:21:37] [    0.053097] ACPI: No IOAPIC entries present
[2023-10-24 11:21:37] [    0.053098] ACPI: Using ACPI for processor (LAPIC) configuration information
[2023-10-24 11:21:37] [    0.053105] smpboot: Allowing 2 CPUs, 0 hotplug CPUs
[2023-10-24 11:21:37] [    0.053115] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
[2023-10-24 11:21:37] [    0.053117] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000fffff]
[2023-10-24 11:21:37] [    0.053118] [mem 0xfc009000-0xfeff7fff] available for PCI devices
[2023-10-24 11:21:37] [    0.053121] Booting paravirtualized kernel on Xen PVH
[2023-10-24 11:21:37] [    0.053125] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[2023-10-24 11:21:37] [    0.056240] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1
[2023-10-24 11:21:37] [    0.057641] percpu: Embedded 61 pages/cpu s212992 r8192 d28672 u1048576
[2023-10-24 11:21:37] [    0.057647] pcpu-alloc: s212992 r8192 d28672 u1048576 alloc=1*2097152
[2023-10-24 11:21:37] [    0.057649] pcpu-alloc: [0] 0 1 
[2023-10-24 11:21:37] [    0.057667] xen: PV spinlocks enabled
[2023-10-24 11:21:37] [    0.057668] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
[2023-10-24 11:21:37] [    0.057679] Fallback order for Node 0: 0 
[2023-10-24 11:21:37] [    0.057681] Built 1 zonelists, mobility grouping on.  Total pages: 1007744
[2023-10-24 11:21:37] [    0.057682] Policy zone: DMA32
[2023-10-24 11:21:37] [    0.057683] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0
[2023-10-24 11:21:37] [    0.057837] DMAR: IOMMU enabled
[2023-10-24 11:21:37] [    0.057847] AMD-Vi: Unknown option - 'on'
[2023-10-24 11:21:37] [    0.057990] Unknown kernel command line parameters "extra_latent_entropy BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 spectre_v2=on spec_store_bypass_disable=on tsx=off pti=on", will be passed to user space.
[2023-10-24 11:21:37] [    0.060409] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[2023-10-24 11:21:37] [    0.061613] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[2023-10-24 11:21:37] [    0.061642] mem auto-init: stack:all(zero), heap alloc:on, heap free:on
[2023-10-24 11:21:37] [    0.061643] mem auto-init: clearing system memory may take some time...
[2023-10-24 11:21:37] [    0.202483] Memory: 260860K/4095612K available (14342K kernel code, 2329K rwdata, 9132K rodata, 2772K init, 17416K bss, 236916K reserved, 0K cma-reserved)
[2023-10-24 11:21:37] [    0.203175] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[2023-10-24 11:21:37] [    0.203203] Kernel/User page tables isolation: enabled
[2023-10-24 11:21:37] [    0.203237] ftrace: allocating 40153 entries in 157 pages
[2023-10-24 11:21:37] [    0.210546] ftrace: allocated 157 pages with 5 groups
[2023-10-24 11:21:37] [    0.211075] Dynamic Preempt: voluntary
[2023-10-24 11:21:37] [    0.211181] rcu: Preemptible hierarchical RCU implementation.
[2023-10-24 11:21:37] [    0.211196] rcu:   RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=2.
[2023-10-24 11:21:37] [    0.211201]    Trampoline variant of Tasks RCU enabled.
[2023-10-24 11:21:37] [    0.211202]    Rude variant of Tasks RCU enabled.
[2023-10-24 11:21:37] [    0.211202]    Tracing variant of Tasks RCU enabled.
[2023-10-24 11:21:37] [    0.211205] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[2023-10-24 11:21:37] [    0.211206] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[2023-10-24 11:21:37] [    0.214455] Using NULL legacy PIC
[2023-10-24 11:21:37] [    0.214456] NR_IRQS: 524544, nr_irqs: 48, preallocated irqs: 0
[2023-10-24 11:21:37] [    0.214472] xen:events: Using FIFO-based ABI
[2023-10-24 11:21:37] [    0.214485] xen:events: Xen HVM callback vector for event delivery is enabled
[2023-10-24 11:21:37] [    0.214507] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[2023-10-24 11:21:37] [    0.214556] Console: colour dummy device 80x25
[2023-10-24 11:21:37] [    0.214667] printk: console [tty0] enabled
[2023-10-24 11:21:37] [    0.215336] printk: console [hvc0] enabled
[2023-10-24 11:21:37] [    0.215405] ACPI: Core revision 20220331
[2023-10-24 11:21:37] [    0.215523] ACPI: setting ELCR to 0200 (from ffff)
[2023-10-24 11:21:37] [    0.215559] Failed to register legacy timer interrupt
[2023-10-24 11:21:37] [    0.215565] APIC: Switch to symmetric I/O mode setup
[2023-10-24 11:21:37] [    0.215579] x2apic enabled
[2023-10-24 11:21:37] [    0.215584] Switched APIC routing to physical x2apic.
[2023-10-24 11:21:37] [    0.215613] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x36abf20e532, max_idle_ns: 881590501089 ns
[2023-10-24 11:21:37] [    0.215630] Calibrating delay loop (skipped), value calculated using timer frequency.. 3792.84 BogoMIPS (lpj=7585692)
[2023-10-24 11:21:37] [    0.215675] x86/cpu: User Mode Instruction Prevention (UMIP) activated
[2023-10-24 11:21:37] [    0.215698] Last level iTLB entries: 4KB 512, 2MB 512, 4MB 256
[2023-10-24 11:21:37] [    0.215706] Last level dTLB entries: 4KB 2048, 2MB 2048, 4MB 1024, 1GB 0
[2023-10-24 11:21:37] [    0.215715] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[2023-10-24 11:21:37] [    0.215727] Spectre V2 : Mitigation: Retpolines
[2023-10-24 11:21:37] [    0.215732] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[2023-10-24 11:21:37] [    0.215741] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[2023-10-24 11:21:37] [    0.215747] Spectre V2 : Enabling Restricted Speculation for firmware calls
[2023-10-24 11:21:37] [    0.215756] Spectre V2 : mitigation: Enabling always-on Indirect Branch Prediction Barrier
[2023-10-24 11:21:37] [    0.215767] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled
[2023-10-24 11:21:37] [    0.215778] Speculative Return Stack Overflow: IBPB-extending microcode not applied!
[2023-10-24 11:21:37] [    0.215786] Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
[2023-10-24 11:21:37] [    0.215787] Speculative Return Stack Overflow: Mitigation: safe RET, no microcode
[2023-10-24 11:21:37] [    0.215817] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[2023-10-24 11:21:37] [    0.215826] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[2023-10-24 11:21:37] [    0.215833] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[2023-10-24 11:21:37] [    0.215839] x86/fpu: Supporting XSAVE feature 0x200: 'Protection Keys User registers'
[2023-10-24 11:21:37] [    0.215848] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[2023-10-24 11:21:37] [    0.215855] x86/fpu: xstate_offset[9]:  832, xstate_sizes[9]:    8
[2023-10-24 11:21:37] [    0.215862] x86/fpu: Enabled xstate features 0x207, context size is 840 bytes, using 'compacted' format.
[2023-10-24 11:21:37] [    0.219626] Freeing SMP alternatives memory: 36K
[2023-10-24 11:21:37] [    0.219626] pid_max: default: 32768 minimum: 301
[2023-10-24 11:21:37] [    0.219626] LSM: Security Framework initializing
[2023-10-24 11:21:37] [    0.219626] landlock: Up and running.
[2023-10-24 11:21:37] [    0.219626] Yama: disabled by default; enable with sysctl kernel.yama.*
[2023-10-24 11:21:37] [    0.219626] AppArmor: AppArmor initialized
[2023-10-24 11:21:37] [    0.219626] TOMOYO Linux initialized
[2023-10-24 11:21:37] [    0.219626] LSM support for eBPF active
[2023-10-24 11:21:37] [    0.219626] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:37] [    0.219626] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:37] [    0.219626] clocksource: xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[2023-10-24 11:21:37] [    0.219626] Xen: using vcpuop timer interface
[2023-10-24 11:21:37] [    0.219626] installing Xen timer for CPU 0
[2023-10-24 11:21:37] [    0.219626] smpboot: CPU0: AMD Ryzen 7 5800U with Radeon Graphics (family: 0x19, model: 0x50, stepping: 0x0)
[2023-10-24 11:21:37] [    0.219626] cpu 0 spinlock event irq 4
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting adjustable number of callback queues.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting shift to 1 and lim to 1.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting adjustable number of callback queues.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting shift to 1 and lim to 1.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting adjustable number of callback queues.
[2023-10-24 11:21:37] [    0.219626] cblist_init_generic: Setting shift to 1 and lim to 1.
[2023-10-24 11:21:37] [    0.219626] Performance Events: PMU not available due to virtualization, using software events only.
[2023-10-24 11:21:37] [    0.219626] signal: max sigframe size: 3376
[2023-10-24 11:21:37] [    0.219626] rcu: Hierarchical SRCU implementation.
[2023-10-24 11:21:37] [    0.219626] rcu:   Max phase no-delay instances is 1000.
[2023-10-24 11:21:37] [    0.219626] NMI watchdog: Perf NMI watchdog permanently disabled
[2023-10-24 11:21:37] [    0.219626] smp: Bringing up secondary CPUs ...
[2023-10-24 11:21:37] [    0.219626] installing Xen timer for CPU 1
[2023-10-24 11:21:37] [    0.219626] x86: Booting SMP configuration:
[2023-10-24 11:21:37] [    0.219626] .... node  #0, CPUs:      #1
[2023-10-24 11:21:37] [    0.219626] cpu 1 spinlock event irq 9
[2023-10-24 11:21:37] [    0.219626] smp: Brought up 1 node, 2 CPUs
[2023-10-24 11:21:37] [    0.219626] smpboot: Max logical packages: 1
[2023-10-24 11:21:37] [    0.219626] smpboot: Total of 2 processors activated (7585.69 BogoMIPS)
[2023-10-24 11:21:39] [    2.618336] node 0 deferred pages initialised in 2400ms
[2023-10-24 11:21:39] [    2.624198] devtmpfs: initialized
[2023-10-24 11:21:39] [    2.624198] x86/mm: Memory block size: 128MB
[2023-10-24 11:21:39] [    2.624644] memmap_init_zone_device initialised 32768 pages in 0ms
[2023-10-24 11:21:39] [    2.624812] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[2023-10-24 11:21:39] [    2.624841] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
[2023-10-24 11:21:39] [    2.624943] pinctrl core: initialized pinctrl subsystem
[2023-10-24 11:21:39] [    2.624955] pinctrl core: failed to create debugfs directory
[2023-10-24 11:21:39] [    2.627909] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[2023-10-24 11:21:39] [    2.627947] xen:grant_table: Grant tables using version 1 layout
[2023-10-24 11:21:39] [    2.627970] Grant table initialized
[2023-10-24 11:21:39] [    2.628130] DMA: preallocated 512 KiB GFP_KERNEL pool for atomic allocations
[2023-10-24 11:21:39] [    2.628144] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[2023-10-24 11:21:39] [    2.628156] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[2023-10-24 11:21:39] [    2.628185] audit: initializing netlink subsys (disabled)
[2023-10-24 11:21:39] [    2.628199] audit: type=2000 audit(1698160899.873:1): state=initialized audit_enabled=0 res=1
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'fair_share'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'bang_bang'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'step_wise'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'user_space'
[2023-10-24 11:21:39] [    2.628199] thermal_sys: Registered thermal governor 'power_allocator'
[2023-10-24 11:21:39] [    2.628199] cpuidle: using governor ladder
[2023-10-24 11:21:39] [    2.628199] cpuidle: using governor menu
[2023-10-24 11:21:39] [    2.628199] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[2023-10-24 11:21:39] [    2.628199] PCI: Fatal: No config space access function found
[2023-10-24 11:21:39] [    2.628867] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
[2023-10-24 11:21:39] [    2.631655] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
[2023-10-24 11:21:39] [    2.631671] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
[2023-10-24 11:21:39] [    2.631681] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
[2023-10-24 11:21:39] [    2.631691] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(Module Device)
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(Processor Device)
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(3.0 _SCP Extensions)
[2023-10-24 11:21:39] [    2.645358] ACPI: Added _OSI(Processor Aggregator Device)
[2023-10-24 11:21:40] [    2.645885] ACPI: 1 ACPI AML tables successfully acquired and loaded
[2023-10-24 11:21:40] [    2.646050] ACPI: OSL: SCI (ACPI GSI 9) not registered
[2023-10-24 11:21:40] [    2.648896] ACPI: Interpreter enabled
[2023-10-24 11:21:40] [    2.648911] ACPI: PM: (supports S0)
[2023-10-24 11:21:40] [    2.648918] ACPI: Using platform specific model for interrupt routing
[2023-10-24 11:21:40] [    2.648948] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[2023-10-24 11:21:40] [    2.648960] PCI: Using E820 reservations for host bridge windows
[2023-10-24 11:21:40] [    2.648960] ACPI: Enabled 1 GPEs in block 00 to 0F
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 00, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 01, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 03, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 04, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 05, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 06, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.648960] ACPI Error: No handler or method for GPE 07, disabling event (20220331/evgpe-839)
[2023-10-24 11:21:40] [    2.656717] xen:balloon: Initialising balloon driver
[2023-10-24 11:21:40] [    2.659734] iommu: Default domain type: Translated (set via kernel command line)
[2023-10-24 11:21:40] [    2.659734] iommu: DMA domain TLB invalidation policy: strict mode (set via kernel command line)
[2023-10-24 11:21:40] [    2.659798] pps_core: LinuxPPS API ver. 1 registered
[2023-10-24 11:21:40] [    2.659806] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[2023-10-24 11:21:40] [    2.659818] PTP clock support registered
[2023-10-24 11:21:40] [    2.659829] EDAC MC: Ver: 3.0.0
[2023-10-24 11:21:40] [    2.659914] NetLabel: Initializing
[2023-10-24 11:21:40] [    2.659914] NetLabel:  domain hash size = 128
[2023-10-24 11:21:40] [    2.659914] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[2023-10-24 11:21:40] [    2.659914] NetLabel:  unlabeled traffic allowed by default
[2023-10-24 11:21:40] [    2.659914] PCI: Using ACPI for IRQ routing
[2023-10-24 11:21:40] [    2.659914] PCI: System does not support PCI
[2023-10-24 11:21:40] [    2.659914] vgaarb: loaded
[2023-10-24 11:21:40] [    2.659914] clocksource: Switched to clocksource xen
[2023-10-24 11:21:40] [    2.837814] VFS: Disk quotas dquot_6.6.0
[2023-10-24 11:21:40] [    2.837857] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[2023-10-24 11:21:40] [    2.838182] AppArmor: AppArmor Filesystem Enabled
[2023-10-24 11:21:40] [    2.838210] pnp: PnP ACPI init
[2023-10-24 11:21:40] [    2.838278] pnp: PnP ACPI: found 0 devices
[2023-10-24 11:21:40] [    2.841887] NET: Registered PF_INET protocol family
[2023-10-24 11:21:40] [    2.841969] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear)
[2023-10-24 11:21:40] [    2.842925] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear)
[2023-10-24 11:21:40] [    2.842958] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[2023-10-24 11:21:40] [    2.843151] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear)
[2023-10-24 11:21:40] [    2.843380] TCP bind hash table entries: 32768 (order: 8, 1048576 bytes, linear)
[2023-10-24 11:21:40] [    2.844648] TCP: Hash tables configured (established 32768 bind 32768)
[2023-10-24 11:21:40] [    2.844768] MPTCP token hash table entries: 4096 (order: 4, 98304 bytes, linear)
[2023-10-24 11:21:40] [    2.844890] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:40] [    2.844963] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear)
[2023-10-24 11:21:40] [    2.845142] NET: Registered PF_UNIX/PF_LOCAL protocol family
[2023-10-24 11:21:40] [    2.845159] NET: Registered PF_XDP protocol family
[2023-10-24 11:21:40] [    2.845168] PCI: CLS 0 bytes, default 64
[2023-10-24 11:21:40] [    2.845240] Trying to unpack rootfs image as initramfs...
[2023-10-24 11:21:40] [    2.845315] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x36abf20e532, max_idle_ns: 881590501089 ns
[2023-10-24 11:21:40] [    2.845354] clocksource: Switched to clocksource tsc
[2023-10-24 11:21:40] [    2.845811] Initialise system trusted keyrings
[2023-10-24 11:21:40] [    2.845870] Key type blacklist registered
[2023-10-24 11:21:40] [    2.849186] workingset: timestamp_bits=36 max_order=20 bucket_order=0
[2023-10-24 11:21:40] [    2.852053] zbud: loaded
[2023-10-24 11:21:40] [    2.852730] integrity: Platform Keyring initialized
[2023-10-24 11:21:40] [    2.852750] integrity: Machine keyring initialized
[2023-10-24 11:21:40] [    2.852761] Key type asymmetric registered
[2023-10-24 11:21:40] [    2.852768] Asymmetric key parser 'x509' registered

That is a weird way for the log to end without an error message.

Additional information:

The kernel command line as seen from the log...

Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0

It's lengthy (because of security-misc and debug-misc being installed) but that shouldn't matter, because the boot process was successful with initramfs-tools.

Maybe the console setting console=tty0 console=hvc0 stops further output? Any idea what is adding the console=tty0? Trying to find out why the log ends presumably prematurely so we can at least read an error message.

adrelanos commented 10 months ago

That is by Qubes so probably not the issue.

grep -r -i console /etc/default/grub.d

/etc/default/grub.d/30-qubes.cfg:GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX root=/dev/mapper/dmroot console=tty0 console=hvc0"

marmarek commented 10 months ago

Generally, Debian is using initramfs-tools, while Fedora is using dracut, so respective modules are packaged only for distributions where they are relevant. Is dracut a supported way of generating initramfs in Debian? If so, we can package dracut module for Debian too. In the meantime, you can test this by copying them a Fedora qube.

adrelanos commented 10 months ago

Is dracut a supported way of generating initramfs in Debian?

dracut is in packages.debian.org for years. It's unfortunately not the default. Then it would be better supported. It has some bugs. But it works.

It's the default in Kicksecure and Non-Qubes-Whonix since version 17. (Because it's the only feasable path towards ram-wipe (dracut module) that I could find.)

In the meantime, you can test this by copying them a Fedora qube.

I wouldn't know what to copy. This Debian based VM already has these folders:

/usr/lib/dracut/modules.d/90qubes-vm
/usr/lib/dracut/modules.d/90qubes-vm-modules
/usr/lib/dracut/modules.d/90qubes-vm-simple

The same folders that Fedora has.

Am I missing any, which ones do I need to copy over?

adrelanos commented 10 months ago

I've cut the kernel parameters.

[2023-10-24 11:38:33] [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/dmroot ro xen_scrub_pages=0 root=/dev/mapper/dmroot console=tty0 console=hvc0 swiotlb=8192 noresume clocksource=tsc debug=vc rd.shell rd.debug log_buf_len=1M systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M printk.devkmsg=on enforcing=0

But still no more log output. Log still stops at the same message.

marmarek commented 10 months ago

That is a weird way for the log to end without an error message.

Maybe killed by Xen on "out of PoD memory"? Check xl dmesg If initramfs produced by dracut is significantly larger than the default one, the default 400MB may be not enough to boot.

adrelanos commented 10 months ago

Good to know to keep dracut modules small to avoid an unbootable initial ramdisk. In this case it seems in order though:

du -sh /boot/initrd.img-6.1.38-1.qubes.fc37.x86_64

97M /boot/initrd.img-6.1.38-1.qubes.fc37.x86_64

But perhaps the .qubes.fc37.x86_64 part is the issue?

So instead of running sudo dracut -f I tried:

sudo dracut --no-hostonly --fstab --add-fstab /etc/fstab --force --reproducible

Maybe some modules are missing? Log:

dracut: Executing: /usr/bin/dracut --no-hostonly --fstab --add-fstab /etc/fstab --force --reproducible
dracut: dracut module 'systemd-coredump' will not be installed, because command 'coredumpctl' could not be found!
dracut: dracut module 'systemd-coredump' will not be installed, because command '/lib/systemd/systemd-coredump' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command 'resolvectl' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command '/lib/systemd/systemd-resolved' could not be found!
dracut: dracut module 'systemd-timesyncd' will not be installed, because command '/lib/systemd/systemd-timesyncd' could not be found!
dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found!
dracut: dracut module 'dbus-broker' will not be installed, because command 'dbus-broker' could not be found!
dracut: dracut module 'rngd' will not be installed, because command 'rngd' could not be found!
dracut: dracut module 'i18n' will not be installed, because command 'setfont' could not be found!
dracut: dracut module 'i18n' will not be installed, because command 'loadkeys' could not be found!
dracut: dracut module 'i18n' will not be installed, because command 'kbd_mode' could not be found!
dracut: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found!
dracut: dracut module 'dmraid' will not be installed, because command 'dmraid' could not be found!
dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found!
dracut: dracut module 'multipath' will not be installed, because command 'multipath' could not be found!
dracut: dracut module 'pcsc' will not be installed, because command 'pcscd' could not be found!
dracut: dracut module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found!
dracut: dracut module 'nvmf' will not be installed, because command 'nvme' could not be found!
dracut: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found!
dracut: dracut module 'memstrack' will not be installed, because command 'memstrack' could not be found!
dracut: memstrack is not available
dracut: If you need to use rd.memdebug>=4, please install memstrack and procps-ng
dracut: dracut module 'systemd-coredump' will not be installed, because command 'coredumpctl' could not be found!
dracut: dracut module 'systemd-coredump' will not be installed, because command '/lib/systemd/systemd-coredump' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command 'resolvectl' could not be found!
dracut: dracut module 'systemd-resolved' will not be installed, because command '/lib/systemd/systemd-resolved' could not be found!
dracut: dracut module 'systemd-timesyncd' will not be installed, because command '/lib/systemd/systemd-timesyncd' could not be found!
dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found!
dracut: dracut module 'dbus-broker' will not be installed, because command 'dbus-broker' could not be found!
dracut: dracut module 'rngd' will not be installed, because command 'rngd' could not be found!
dracut: dracut module 'btrfs' will not be installed, because command 'btrfs' could not be found!
dracut: dracut module 'dmraid' will not be installed, because command 'dmraid' could not be found!
dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found!
dracut: dracut module 'pcsc' will not be installed, because command 'pcscd' could not be found!
dracut: dracut module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found!
dracut: dracut module 'nvmf' will not be installed, because command 'nvme' could not be found!
dracut: dracut module 'memstrack' will not be installed, because command 'memstrack' could not be found!
dracut: memstrack is not available
dracut: If you need to use rd.memdebug>=4, please install memstrack and procps-ng
dracut: *** Including module: systemd ***
dracut: *** Including module: systemd-initrd ***
dracut: *** Including module: remount-secure ***
dracut: *** Including module: drm ***
dracut: *** Including module: plymouth ***
dracut: *** Including module: xen-scrub-pages ***
dracut: *** Including module: crypt ***
dracut: *** Including module: dm ***
dracut: Skipping udev rule: 10-dm.rules
dracut: Skipping udev rule: 13-dm-disk.rules
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: *** Including module: kernel-modules ***
dracut: *** Including module: kernel-modules-extra ***
dracut: *** Including module: lvm ***
dracut: Skipping udev rule: 11-dm-lvm.rules
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: *** Including module: nvdimm ***
dracut: *** Including module: overlay-root ***
dracut: *** Including module: qemu ***
dracut: *** Including module: qubes-vm ***
dracut: *** Including module: debug ***
dracut: *** Including module: fstab-sys ***
dracut: *** Including module: lunmask ***
dracut: *** Including module: resume ***
dracut: *** Including module: rootfs-block ***
dracut: *** Including module: terminfo ***
dracut: *** Including module: udev-rules ***
dracut: Skipping udev rule: 40-redhat.rules
dracut: Skipping udev rule: 91-permissions.rules
dracut: Skipping udev rule: 80-drivers-modprobe.rules
dracut: *** Including module: virtiofs ***
dracut: *** Including module: dracut-systemd ***
dracut: *** Including module: usrmount ***
dracut: *** Including module: base ***
dracut: *** Including module: fs-lib ***
dracut: *** Including module: shutdown ***
dracut: *** Including modules done ***
dracut: *** Installing kernel module dependencies ***
dracut: *** Installing kernel module dependencies done ***
dracut: *** Resolving executable dependencies ***
dracut: *** Resolving executable dependencies done ***
dracut: *** Hardlinking files ***
dracut: Mode:                     real
dracut: Method:                   sha256
dracut: Files:                    2180
dracut: Linked:                   210 files
dracut: Compared:                 0 xattrs
dracut: Compared:                 3744 files
dracut: Saved:                    17.94 MiB
dracut: Duration:                 0.120243 seconds
dracut: *** Hardlinking files done ***
dracut: *** Generating early-microcode cpio image ***
dracut: *** Constructing AuthenticAMD.bin ***
dracut: *** Constructing GenuineIntel.bin ***
dracut: *** Store current command line parameters ***
dracut: *** Stripping files ***
dracut: *** Stripping files done ***
dracut: *** Creating image file '/boot/initrd.img-6.1.38-1.qubes.fc37.x86_64' ***
dracut: Using auto-determined compression method 'gzip'
dracut: *** Creating initramfs image file '/boot/initrd.img-6.1.38-1.qubes.fc37.x86_64' done ***

adrelanos commented 10 months ago

You guessed good.

xl dmesg

(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) Domain 17 (vcpu#0) crashed on cpu#8:
(XEN) ----[ Xen-4.17.1  x86_64  debug=n  Not tainted ]----
(XEN) CPU:    8
(XEN) RIP:    0010:[<ffffffff8722b8b6>]
(XEN) RFLAGS: 0000000000000206   CONTEXT: hvm guest (d17v0)
(XEN) rax: ffff90b18dc09000   rbx: 0000000000000000   rcx: 0000000000001000
(XEN) rdx: 0000000000001000   rsi: ffff90b1b19223b0   rdi: ffff90b18dc09000
(XEN) rbp: 0000000000001000   rsp: ffff9c4e800e3ab0   r8:  0000000000001000
(XEN) r9:  ffff90b18dc09000   r10: ffff90b180000000   r11: ffffd161c0000000
(XEN) r12: 0000000000001000   r13: 0000000000002000   r14: ffff90b18dc09000
(XEN) r15: ffff9c4e800e3c98   cr0: 0000000080050033   cr4: 0000000000750ef0
(XEN) cr3: 00000000e0e10000   cr2: 0000000000000000
(XEN) fsb: 0000000000000000   gsb: ffff90b275800000   gss: 0000000000000000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0018   cs: 0010
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300
(XEN) p2m_pod_demand_populate: Dom17 out of PoD memory! (tot=102416 ents=921600 dom17)
(XEN) domain_crash called from arch/x86/mm/p2m-pod.c:1300

marmarek commented 10 months ago

97M /boot/initrd.img-6.1.38-1.qubes.fc37.x86_64

That's a lot for a 400MB for booting. Note it is compressed, and kernel needs to uncompress it (which can easily eat twice its size), and still have space for kernel to run.

The minimal initramfs shipped via dom0 is about 7MB. The dracut-generated one in Fedora templates is about 30MB.

adrelanos commented 10 months ago

initial memory:

650 MB: boot too slow, unusable
700 MB: boot success

No special dracut command line parameters required. I regenerated to initial ramdisk using sudo dracut -f and the system was still bootable.

There are imo maybe two usability bugs here:

Qubes should make the out of PoD memory error more accessible.
Maybe Linux or the initial ramdisk should fail with a better error message?

Useful to create tickets for that?

marmarek commented 10 months ago

If you are on most recent R4.2, there is an opt-in feature that should make such issues much more evident by changing how boot memory is handled (instead of giving full "maxmem" at boot and using PoD + xen-balloon to limit that to "memory", it gives just "memory" amount and doesn't use PoD at all, and then uses memory hotplug to increase if necessary). You can enable it with:

qvm-features VMNAME memory-hotplug 1

At some point it will be default, but needs more testing first.

adrelanos commented 10 months ago

qvm-features VMNAME memory-hotplug 1

I will test this. VM booted so let's see how it works over the coming weeks. Is there a ticket?

adrelanos commented 10 months ago

Had to disable memory-hotplug 1 and increase to initial RAM to 800 MB for my work-gpg App Qube.

adrelanos commented 10 months ago

Qubes Debian 12 Template... (unmodified besides upgrades)

Default initramfs-tools:

du -sh /boot/initrd.img-...

21M

sudo apt install --no-install-recommends dracut

92M

sudo dracut -f --no-hostonly

86M

sudo dracut -f --hostonly

20M

QubesOS / qubes-issues

qubes-vm-kernel - dracut support inside App Qubes #8649

The problem you're addressing (if any)

The solution you'd like

The value to a user, and who that user might be

Related

Additional information

Qubes OS release

Brief summary

Steps to reproduce

Expected behavior

Actual behavior

Boot log

Additional information: