oracular (7) live-boot.7.gz

Provided by: live-boot-doc_20240525_all bug

NAME

       live-boot - System Boot Components

DESCRIPTION

       live-boot contains the components that configure a live system during the boot process (early userspace).

       live-boot  is  a hook for the initramfs-tools, used to generate a initramfs capable to boot live systems,
       such as those created by live-helper(7). This includes the Live systems ISOs, netboot tarballs,  and  usb
       stick images.

       At  boot  time  it  will  look  for  a  (read-only)  medium  containing  a "/live" directory where a root
       filesystems (often a compressed filesystem image like squashfs) is stored. If found,  it  will  create  a
       writable environment, using aufs, to boot the system from.

CONFIGURATION

       live-boot can be configured through a boot parameter or a configuration file.

       To  configure  the live-boot parameters used by default in a live image, see the --bootappend-live option
       in the lb_config(1) manual page.

   Kernel Parameters
       live-boot is only activated if 'boot=live' was used as a kernel parameter.

       In addition, there are some more boot parameters to influence the behaviour, see below.

   Configuration Files
       live-boot can be configured (but not activated) through configuration files. Those files  can  be  placed
       either  in  the  root  filesystem  itself  (/etc/live/boot.conf,  /etc/live/boot/*), or on the live media
       (live/boot.conf, live/boot/*).  These environment variables can only be set in the configuration files:

       DISABLE_CDROM=[true|false]
              Disable support for booting from CD-ROMs.  If set to 'true' mkinitramfs will  build  an  initramfs
              without the kernel modules for reading CD-ROMs.

       DISABLE_DM_VERITY=[true|false]
              Disable  support  for  dm-verity. If set to true true' mkinitramfs will build an initramfs without
              the kernel module dm-verity and some other dm modules. Also  the  default  mount  binary  is  used
              instead of the util-linux one.

       DISABLE_FAT=[true|false]
              Disable  support  for  booting  from FAT file systems.  If set to 'true' mkinitramfs will build an
              initramfs without the kernel module vfat and some nls_* modules.

       DISABLE_EXFAT=[true|false]
              Disable support for booting from exFAT file systems.  If set to 'true' mkinitramfs will  build  an
              initramfs without the kernel module exfat.

       DISABLE_FUSE=[true|false]
              Disable support for booting from FUSE-based file systems.  If set to 'true' mkinitramfs will build
              an initramfs without the kernel module fuse and file systems that depend on it (like curlftpfs and
              httpfs2).

       DISABLE_NTFS=[true|false]
              Disable  support  for  booting from NTFS file systems.  If set to 'true' mkinitramfs will build an
              initramfs without the kernel module ntfs.

       DISABLE_USB=[true|false]
              Disable support for booting from USB  devices.   If  set  to  'true'  mkinitramfs  will  build  an
              initramfs without the kernel module sd_mod.

       MINIMAL=[true|false]
              Build a minimal initramfs.  If set to 'true' mkinitramfs will build an initramfs without some udev
              scripts and without rsync.

       PERSISTENCE_FSCK=[true|false]
              Run fsck on persistence filesystem on boot. Will attempt to repair errors. The execution log  will
              be saved in /var/log/live/fsck.log.

       FSCKFIX=[true|false]
              If  PERSISTENCE_FSCK  or  forcefsck are set, will pass -y to fsck to stop it from asking questions
              interactively and assume yes to all queries.

OPTIONS

       live-boot currently features the following parameters.

       access=ACCESS
           Set the accessibility level for physically or visually impaired users. ACCESS must be one of v1,  v2,
           v3,  m1,  or  m2.  v1=lesser visual impairment, v2=moderate visual impairment, v3=blindness, m1=minor
           motor difficulties, m2=moderate motor difficulties.

       console=TTY,SPEED
           Set the default console to be used with the "live-getty" option. Example: "console=ttyS0,115200"

       debug
           Makes initramfs boot process more verbose.
           Use: debug=1
           Without setting debug to a value the messages may not be shown.

       fetch=URL

       httpfs=URL
           Another form of netboot by downloading a squashfs image from a given URL.  The  fetch  method  copies
           the  image to RAM and the httpfs method uses FUSE and httpfs2 to mount the image in place. Copying to
           RAM requires more memory and might take a long time for large images. However, it is more  likely  to
           work  correctly because it does not require networking afterwards and the system operates faster once
           booted because it does not require to contact the server anymore.
           Due to current limitations in busybox's wget and DNS resolution, an URL can not  contain  a  hostname
           but an IP address only.
           Not working: http://example.com/path/to/your_filesystem.squashfs
           Working: http://1.2.3.4/path/to/your_filesystem.squashfs
           Also  note that therefore it's currently not possible to fetch an image from a name-based virtualhost
           of an httpd if it is sharing the IP address with the main httpd instance.
           You may also use the live ISO image in place of the squashfs image.

       iscsi=server-ip[,server-port];target-name
           Boot from an iSCSI target that has an ISO or disk live image as one of its LUNs. The specified target
           is  searched  for  a  LUN  which  looks like a live medium. If you use the iscsitarget software iSCSI
           target solution your ietd.conf might look like this:
           # The target-name you specify in the iscsi= parameter
           Target <target-name>
             Lun 0 Path=<path-to-your-live-image.iso>,Type=fileio,IOMode=ro
             # If you want to boot multiple machines you might want to look at tuning some parameters like
             # Wthreads or MaxConnections

       findiso=/PATH/TO/IMAGE
           Look for the specified ISO file on all disks where it usually looks for the .squashfs  file  (so  you
           don't have to know the device name as in fromiso=....).

       forcefsck
           Run  fsck on persistence filesystem on boot. Will attempt to repair errors. The execution log will be
           saved in /var/log/live/fsck.log.

       fromiso=/PATH/TO/IMAGE
           Use a filesystem from within an ISO image that's available on  live-media.  The  first  part  of  the
           argument  should  be  the  block  device where the image is stored, followed by the path and filename
           (e.g. fromiso=/dev/sda1/live/image.iso).
           Alternatively,  it  can  be  used  to  boot   from   an   ISO   embedded   into   an   initrd   (e.g.
           fromiso=/live/image.iso).

       ignore_uuid
           Do  not check that any UUID embedded in the initramfs matches the discovered medium. live-boot may be
           told to generate a UUID by setting LIVE_GENERATE_UUID=1 when building the initramfs.

       verify-checksums
           If specified, an MD5 sum is calculated on the live media during boot and compared to the value  found
           in md5sum.txt found in the root directory of the live media.

       ip=[DEVICE]:[CLIENT_IP]:[NETMASK]:[GATEWAY_IP]:[NAMESERVER]
       [,[DEVICE]:[CLIENT_IP]:[NETMASK]:[GATEWAY_IP]:[NAMESERVER]]
           Let you specify the name(s) and the options of the interface(s) that should  be  configured  at  boot
           time.  Do  not specify this if you want to use dhcp (default). It will be changed in a future release
           to       mimic       official       kernel        boot        param        specification        (e.g.
           ip=10.0.0.1::10.0.0.254:255.255.255.0::eth0,:::::eth1:dhcp).

       ip=[frommedia]
           If  this  variable is set, dhcp and static configuration are just skipped and the system will use the
           (must be) media-preconfigured /etc/network/interfaces instead.

       {live-media|bootfrom}=DEVICE
           If you specify one of this two equivalent forms, live-boot will first try to find this device for the
           "/live"  directory  where  the  read-only root filesystem should reside. If it did not find something
           usable, the normal scan for block devices is performed.
           Instead of specifying an actual device name, the keyword 'removable' can be used to limit the  search
           of  acceptable live media to removable type only. Note that if you want to further restrict the media
           to usb mass storage only, you can use the 'removable-usb' keyword.

       live-media-offset=BYTES
           This way you could tell live-boot that your image starts at offset BYTES in the  above  specified  or
           autodiscovered  device,  this could be useful to hide the live system ISO or image inside another ISO
           or image, to create "clean" images.

       live-media-path=PATH
           Sets the path to the live filesystem on the medium. By default, it is set to '/live' and  you  should
           not change that unless you have customized your media accordingly.

       live-media-timeout=SECONDS
           Set  the  timeout  in seconds for the device specified by "live-media=" to become ready before giving
           up.

       module=NAME
           Instead of using the default optional file "filesystem.module" (see  below)  another  file  could  be
           specified  without  the  extension  ".module";  it  should be placed on "/live" directory of the live
           medium.

       netboot[=nfs|cifs]
           This tells live-boot to perform a network mount. The parameter "nfsroot=" (with optional "nfsopts="),
           should  specify where is the location of the root filesystem.  With no args, will try cifs first, and
           if it fails nfs.

       nfsopts=
           This lets you specify custom nfs options.

       nofastboot
           This parameter disables the default disabling of filesystem checks in /etc/fstab. If you have  static
           filesystems  on  your  harddisk  and  you  want  them to be checked at boot time, use this parameter,
           otherwise they are skipped.

       nopersistence
           disables the "persistence" feature, useful if the bootloader (like syslinux) has been installed  with
           persistence enabled.

       noeject
           Do not prompt to eject the live medium.

       ramdisk-size
           This  parameter defines a custom ramdisk size (it's the '-o size' option of tmpfs mount). By default,
           there is no ramdisk size set, so the default of mount applies (currently 50% of available RAM).  Note
           that this option has currently no effect when booting with toram.

       overlay-size=SIZE
           The  size  of  the  tmpfs  mount (used for the upperdir union root mount) in bytes, and rounded up to
           entire pages. This option accepts a suffix % to  limit  the  instance  to  that  percentage  of  your
           physical  RAM or a suffix k, m or g for Ki, Mi, Gi (binary kilo (kibi), binary mega (mebi) and binary
           giga (gibi)). By default, 50% of available RAM will be used.

       swap=true
           This parameter enables usage of local swap partitions.

       persistence
           live-boot will probe devices for persistence media. These can be partitions  (with  the  correct  GPT
           name), filesystems (with the correct label) or image files (with the correct file name). Overlays are
           labeled/named "persistence" (see persistence.conf(5)). Overlay image files are named "persistence".

       persistence-encryption=TYPE1,TYPE2 ... TYPEn
           This option determines which types of encryption that are allowed to be used when probing devices for
           persistence media. If "none" is in the list, we allow unencrypted media; if "luks" is in the list, we
           allow LUKS-encrypted media and if "lukslabel" is in the list we check if the container  contains  the
           label  "persistence" before trying to open it. Whenever a device containing encrypted media is probed
           the user will be prompted for the passphrase. The default value is "none".

       persistence-media={removable|removable-usb}
           If you specify the keyword  'removable',  live-boot  will  try  to  find  persistence  partitions  on
           removable  media  only. Note that if you want to further restrict the media to usb mass storage only,
           you can use the 'removable-usb' keyword.

       persistence-method=TYPE1,TYPE2 ... TYPEn
           This option determines which types of persistence media we allow. If "overlay" is  in  the  list,  we
           consider overlays (i.e. "live-rw" and "home-rw"). The default is "overlay".

       persistence-path=PATH
           live-boot  will look for persistency files in the root directory of a partition, with this parameter,
           the path can be configured so that you can have multiple directories on the same partition  to  store
           persistency files.

       persistence-read-only
           Filesystem  changes  are not saved back to persistence media. In particular, overlays and netboot NFS
           mounts are mounted read-only.

       persistence-storage=TYPE1,TYPE2 ... TYPEn
           This option determines which types of persistence storage to consider when  probing  for  persistence
           media. If "filesystem" is in the list, filesystems with matching labels will be used; if "file" is in
           the list, all filesystems will be probed for archives and image files with  matching  filenames.  The
           default is "file,filesystem".

       persistence-label=LABEL1,LABEL2 ... LABELn
           live-boot  will  use  the names in this list (instead of "persistence") when searching for persistent
           storage. Each LABEL can  be  a  valid  filename,  partition  label,  or  GPT  name.  The  default  is
           "persistence".

       noeject
           This  option  causes live-boot to reboot without attempting to eject the media and without asking the
           user to remove the boot media.

       showmounts
           This parameter will make live-boot  to  show  on  "/"  the  ro  filesystems  (mostly  compressed)  on
           "/lib/live".  This  is  not  enabled  by  default because could lead to problems by applications like
           "mono" which store binary paths on installation.

       silent
           If you boot with the normal quiet parameter, live-boot hides most messages of its  own.  When  adding
           silent, it hides all.

       todisk=DEVICE
           Adding  this parameter, live-boot will try to copy the entire read-only media to the specified device
           before mounting the root filesystem. It probably needs a lot of free space. Subsequent  boots  should
           then skip this step and just specify the "live-media=DEVICE" boot parameter with the same DEVICE used
           this time.

       toram
           Adding this parameter, live-boot will try to copy the whole read-only media  to  the  computer's  RAM
           before mounting the root filesystem. This could need a lot of ram, according to the space used by the
           read-only media.

       union=overlay|aufs
           By default, live-boot uses overlay. With this parameter, you can switch to aufs.

       dm-verity-root-hash=IMAGE:ROOTHASH,IMAGE2:ROOTHASH2 ... IMAGEn:ROOTHASHn
           Explicitly specify a dm-verity root hash for a IMAGE. Full path needs to  be  specified.  Hashes  for
           multiple images can be comma separated specified.

       dm-verity-enforce-roothash-signature
           Enforces that the root hash has to be checked against a signature.

       dm-verity-oncorruption=ignore|panic|restart
           Sets the regarding action for the kernel if corruption occurs on a dm-verity device.

dm-verity Support

       live-boot  has  support  for  dm-verity  backed  root file systems. Which allows for error detection (and
       correction) in the underlying image.
       If for an image a file ending with .verity in the same directory as the image is found live-boot attempts
       to  mount  that image with dm-vertiy support.  For a given device with dm-vertiy support a root hash must
       be  specified.  Either  in  a  file  ending  with  .roothash  or  with  the  kernel  command-line  option
       dm-verity-root-hash.   If  a file ending with .roothash.p7s is found it is used for signature checking in
       dm-verity.   If   signature   checking   should   be   enforced   the    kernel    command-line    option
       dm-verity-enforce-roothash-signature must be set.
       Forward  error  detection  gets enabled if a file ending with .fec and one with .fec.roots containing the
       number of roots are found.

       Example file structure:
           /live/filesystem.squashfs
           /live/filesystem.squashfs.verity
           /live/filesystem.squashfs.fec
           /live/filesystem.squashfs.fec.roots
           /live/filesystem.squashfs.roothash
           /live/filesystem.squashfs.roothash.p7s

FILES (old)

       /etc/live.conf
           Some variables can be configured via this config file (inside the live system).

       live/filesystem.module
           This   optional   file   (inside   the   live   media)   contains   a   list   of   white-space    or
           carriage-return-separated  file  names corresponding to disk images in the "/live" directory. If this
           file exists, only images listed here will be merged into the root aufs, and they will  be  loaded  in
           the  order  listed here. The first entry in this file will be the "lowest" point in the aufs, and the
           last file in this list will be on the "top" of the aufs, directly below /overlay.  Without this file,
           any images in the "/live" directory are loaded in alphanumeric order.

FILES

       /etc/live/boot.conf

       /etc/live/boot/*

       live/boot.conf

       live/boot/*

       persistence.conf

SEE ALSO

       persistence.conf(5)

       live-build(7)

       live-config(7)

       live-tools(7)

HOMEPAGE

       More  information  about  live-boot  and  the  Debian  Live  project  can  be  found  on  the homepage at
       <https://wiki.debian.org/DebianLive>  and  in  the  manual  at  <https://live-team.pages.debian.net/live-
       manual/>.

BUGS

       Bugs  can  be  reported by submitting a bugreport for the live-boot package in the Bug Tracking System at
       <http://bugs.debian.org/>  or  by  writing  a  mail  to  the  Debian  Live  mailing  list   at   <debian-
       live@lists.debian.org>.

AUTHOR

       live-boot  was  originally written by Daniel Baumann <mail@daniel-baumann.ch>. Since 2016 development has
       been continued by the Debian Live team.