osresearch
commented
4 years ago Yow - I just built 5.6.13 with the config from Ubuntu and the initrd is 500 megs due to a bazllion modules.
Open osresearch opened 4 years ago
osresearch
commented
4 years ago Yow - I just built 5.6.13 with the config from Ubuntu and the initrd is 500 megs due to a bazllion modules.
vamposdecampos
commented
4 years ago The MODULES setting in initramfs.conf might help; the default of most adds... most modules.
osresearch
commented
4 years ago Setting MODULES=dep in /etc/initramfs/initramfs.conf and moving the unused firmware (amd, amdgpu, amd-ucode, nvidia, and radeon) out of /lib/firmware reduced the default ubuntu initrd from 84 MB to 28 MB. My X1 still boots fine.
This would be helpful to automate in the setup script, although it might be a "nice to have" rather than a "must have" since it doesn't change the security posture that much.
osresearch
commented
4 years ago Downside to MODULES=dep is that nls_iso8859-1.ko is not included, so the initramfs recovery shell is unable to mount /boot/efi. That is problematic for #56 since it needs access to the ESP for measurements and signing.
osresearch
commented
4 years ago nls kernel module is included in initrd build now: https://github.com/osresearch/safeboot/commit/c08a4cba0b537f5fadd9108d9019b48f82f70884
update-initramfs -u -vshows that literally the kitchen sink is included, with megabytes of firmware for obscure devices and drivers that are unneeded to boot the machine. Surely there is a way to reduce the amount that it includes.