How to modify initrd?

Hi,

I’m trying to modify initrd by customising bootloader/l4t_initrd.img and re-flashing the jetson, I’ve tried various flash commands:

./flash.sh -r -I bootloader/l4t_initrd.img jetson-xavier mmcblk0p1
./flash.sh -k kernel jetson-xavier mmcblk0p1
./flash.sh -k kernel -k kernel-dtb jetson-xavier mmcblk0p1
./flash.sh jetson-xavier mmcblk0p1

The modification so far is just to echo into /dev/kmsg like the other commands to prove the modification worked.

General steps for unpacking and creating the initrd

# unpack and edit `init`
mkdir -p init
cd init
gzip -cd ../l4t_initrd.img | cpio -imd --quiet

# repacking
find . -print0 | cpio --null --quiet -H newc -o | gzip -9 -n > ../l4t_initrd.img

When I grep the logs, e.g. grep <customWord> /var/logs -R there’s nothing in there.
(this is after booting up and going through the oem config)

Any idea what I’m missing, my goal is drop into a shell but for now just an echo into the logs would prove customisations work.

Note, everything else is default, sources are 32.3.1 with sample root fs and ./apply_binaries.sh ran.

Any help would be greatly appreciated :)

ok, I see my custom message on bootup on connected monitor, does anybody know how I can drop into a shell?

I tried exec /bin/bash; but I don’t get a shell, default confs haven’t changed, would like to get this working so I can debug / iterate faster, as a full flash seems to be the only way for new initrd changes to take affect.

Any help appreciated.

managed to get a shell, incase it helps anyone,
install busybox, symlink /bin/{sh,cttyhack,setsid} to /bin/busybox and in init script ran exec setsid cttyhack sh

Though I still seem to have to flash the entire system, which makes debugging very slow, does anyone know how I can just flash the initrd and for it to take affect without writing out the whole APP partition?

Thanks

Hi,

Could you try to use “-l” to flash initrd?

https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide%2Fflashing.html

or directly replace the initrd file under /boot/.

it says ‘-l’ is an illegal option (small L)
I tried with ‘-I’ (capital i) but that also flashes the whole system (APP)

I believe the kernel and initrd are combined into boot.img and flashed, so modifying contents of /boot won’t have any affect, but will test…

replacing /boot/initrd works :)

thank you.

Another question if you don’t mind, so after it unpacks the kernel and initrd from boot.img, I’m guessing copies it to the /boot directory of the mmc, if I have logic in the initrd to mount a different root partition, e.g. of an nvme drive, is there some logic somewhere (e.g. systemd service) that copies the initrd to /boot?

Does the same logic apply if secure boot is configured / enabled?
Hopefully the initrd is encrypted and unavailable after secure boot is enabled, can you confirm this?

Hi yusufftran,

The backstory here is

First, xavier is unlike other platforms TX2/Naoo which use uboot to load up extlinux to boot kernel and initrd from rootfs
so that if you see any methods to use uboot directly, they are not valid for xavier.

Second, to enhance xavier, we enable cboot to support exlinux after jetpack4.3 too. That means now you are able to load initrd and kernel from rootfs now.

Third, to enable boot from external storage, you need to setup the cbo (only applicable for xavier).
https://docs.nvidia.com/jetson/l4t/index.html#page/Tegra%20Linux%20Driver%20Package%20Development%20Guide%2Fgetting_started.html

Does the same logic apply if secure boot is configured / enabled?
Hopefully the initrd is encrypted and unavailable after secure boot is enabled, can you confirm this?

Currently the kernel is only signed but not encrypted so I think initrd is same. Need to consult with our internal team.

Thanks, from what I gather, for secure boot and encryption of boot image (kernel + initrd) cboot must be used.

Any clarification / confirmation on how the initrd is handled would be greatly appreciated, I just want to make sure it can’t be tampered with.