Provided by: live-boot-doc_20240525_all 
NAME
live-boot - System Boot Components
DESCRIPTION
live-boot contains the components that configure a live system during the boot process (early userspace).
live-boot is a hook for the initramfs-tools, used to generate a initramfs capable to boot live systems,
such as those created by live-helper(7). This includes the Live systems ISOs, netboot tarballs, and usb
stick images.
At boot time it will look for a (read-only) medium containing a "/live" directory where a root
filesystems (often a compressed filesystem image like squashfs) is stored. If found, it will create a
writable environment, using aufs, to boot the system from.
CONFIGURATION
live-boot can be configured through a boot parameter or a configuration file.
To configure the live-boot parameters used by default in a live image, see the --bootappend-live option
in the lb_config(1) manual page.
Kernel Parameters
live-boot is only activated if 'boot=live' was used as a kernel parameter.
In addition, there are some more boot parameters to influence the behaviour, see below.
Configuration Files
live-boot can be configured (but not activated) through configuration files. Those files can be placed
either in the root filesystem itself (/etc/live/boot.conf, /etc/live/boot/*), or on the live media
(live/boot.conf, live/boot/*). These environment variables can only be set in the configuration files:
DISABLE_CDROM=[true|false]
Disable support for booting from CD-ROMs. If set to 'true' mkinitramfs will build an initramfs
without the kernel modules for reading CD-ROMs.
DISABLE_DM_VERITY=[true|false]
Disable support for dm-verity. If set to true true' mkinitramfs will build an initramfs without
the kernel module dm-verity and some other dm modules. Also the default mount binary is used
instead of the util-linux one.
DISABLE_FAT=[true|false]
Disable support for booting from FAT file systems. If set to 'true' mkinitramfs will build an
initramfs without the kernel module vfat and some nls_* modules.
DISABLE_EXFAT=[true|false]
Disable support for booting from exFAT file systems. If set to 'true' mkinitramfs will build an
initramfs without the kernel module exfat.
DISABLE_FUSE=[true|false]
Disable support for booting from FUSE-based file systems. If set to 'true' mkinitramfs will build
an initramfs without the kernel module fuse and file systems that depend on it (like curlftpfs and
httpfs2).
DISABLE_NTFS=[true|false]
Disable support for booting from NTFS file systems. If set to 'true' mkinitramfs will build an
initramfs without the kernel module ntfs.
DISABLE_USB=[true|false]
Disable support for booting from USB devices. If set to 'true' mkinitramfs will build an
initramfs without the kernel module sd_mod.
MINIMAL=[true|false]
Build a minimal initramfs. If set to 'true' mkinitramfs will build an initramfs without some udev
scripts and without rsync.
PERSISTENCE_FSCK=[true|false]
Run fsck on persistence filesystem on boot. Will attempt to repair errors. The execution log will
be saved in /var/log/live/fsck.log.
FSCKFIX=[true|false]
If PERSISTENCE_FSCK or forcefsck are set, will pass -y to fsck to stop it from asking questions
interactively and assume yes to all queries.
OPTIONS
live-boot currently features the following parameters.
access=ACCESS
Set the accessibility level for physically or visually impaired users. ACCESS must be one of v1, v2,
v3, m1, or m2. v1=lesser visual impairment, v2=moderate visual impairment, v3=blindness, m1=minor
motor difficulties, m2=moderate motor difficulties.
console=TTY,SPEED
Set the default console to be used with the "live-getty" option. Example: "console=ttyS0,115200"
debug
Makes initramfs boot process more verbose.
Use: debug=1
Without setting debug to a value the messages may not be shown.
fetch=URL
httpfs=URL
Another form of netboot by downloading a squashfs image from a given URL. The fetch method copies
the image to RAM and the httpfs method uses FUSE and httpfs2 to mount the image in place. Copying to
RAM requires more memory and might take a long time for large images. However, it is more likely to
work correctly because it does not require networking afterwards and the system operates faster once
booted because it does not require to contact the server anymore.
Due to current limitations in busybox's wget and DNS resolution, an URL can not contain a hostname
but an IP address only.
Not working: http://example.com/path/to/your_filesystem.squashfs
Working: http://1.2.3.4/path/to/your_filesystem.squashfs
Also note that therefore it's currently not possible to fetch an image from a name-based virtualhost
of an httpd if it is sharing the IP address with the main httpd instance.
You may also use the live ISO image in place of the squashfs image.
iscsi=server-ip[,server-port];target-name
Boot from an iSCSI target that has an ISO or disk live image as one of its LUNs. The specified target
is searched for a LUN which looks like a live medium. If you use the iscsitarget software iSCSI
target solution your ietd.conf might look like this:
# The target-name you specify in the iscsi= parameter
Target <target-name>
Lun 0 Path=<path-to-your-live-image.iso>,Type=fileio,IOMode=ro
# If you want to boot multiple machines you might want to look at tuning some parameters like
# Wthreads or MaxConnections
findiso=/PATH/TO/IMAGE
Look for the specified ISO file on all disks where it usually looks for the .squashfs file (so you
don't have to know the device name as in fromiso=....).
forcefsck
Run fsck on persistence filesystem on boot. Will attempt to repair errors. The execution log will be
saved in /var/log/live/fsck.log.
fromiso=/PATH/TO/IMAGE
Use a filesystem from within an ISO image that's available on live-media. The first part of the
argument should be the block device where the image is stored, followed by the path and filename
(e.g. fromiso=/dev/sda1/live/image.iso).
Alternatively, it can be used to boot from an ISO embedded into an initrd (e.g.
fromiso=/live/image.iso).
ignore_uuid
Do not check that any UUID embedded in the initramfs matches the discovered medium. live-boot may be
told to generate a UUID by setting LIVE_GENERATE_UUID=1 when building the initramfs.
verify-checksums
If specified, an MD5 sum is calculated on the live media during boot and compared to the value found
in md5sum.txt found in the root directory of the live media.
ip=[DEVICE]:[CLIENT_IP]:[NETMASK]:[GATEWAY_IP]:[NAMESERVER]
[,[DEVICE]:[CLIENT_IP]:[NETMASK]:[GATEWAY_IP]:[NAMESERVER]]
Let you specify the name(s) and the options of the interface(s) that should be configured at boot
time. Do not specify this if you want to use dhcp (default). It will be changed in a future release
to mimic official kernel boot param specification (e.g.
ip=10.0.0.1::10.0.0.254:255.255.255.0::eth0,:::::eth1:dhcp).
ip=[frommedia]
If this variable is set, dhcp and static configuration are just skipped and the system will use the
(must be) media-preconfigured /etc/network/interfaces instead.
{live-media|bootfrom}=DEVICE
If you specify one of this two equivalent forms, live-boot will first try to find this device for the
"/live" directory where the read-only root filesystem should reside. If it did not find something
usable, the normal scan for block devices is performed.
Instead of specifying an actual device name, the keyword 'removable' can be used to limit the search
of acceptable live media to removable type only. Note that if you want to further restrict the media
to usb mass storage only, you can use the 'removable-usb' keyword.
live-media-offset=BYTES
This way you could tell live-boot that your image starts at offset BYTES in the above specified or
autodiscovered device, this could be useful to hide the live system ISO or image inside another ISO
or image, to create "clean" images.
live-media-path=PATH
Sets the path to the live filesystem on the medium. By default, it is set to '/live' and you should
not change that unless you have customized your media accordingly.
live-media-timeout=SECONDS
Set the timeout in seconds for the device specified by "live-media=" to become ready before giving
up.
module=NAME
Instead of using the default optional file "filesystem.module" (see below) another file could be
specified without the extension ".module"; it should be placed on "/live" directory of the live
medium.
netboot[=nfs|cifs]
This tells live-boot to perform a network mount. The parameter "nfsroot=" (with optional "nfsopts="),
should specify where is the location of the root filesystem. With no args, will try cifs first, and
if it fails nfs.
nfsopts=
This lets you specify custom nfs options.
nofastboot
This parameter disables the default disabling of filesystem checks in /etc/fstab. If you have static
filesystems on your harddisk and you want them to be checked at boot time, use this parameter,
otherwise they are skipped.
nopersistence
disables the "persistence" feature, useful if the bootloader (like syslinux) has been installed with
persistence enabled.
noeject
Do not prompt to eject the live medium.
ramdisk-size
This parameter defines a custom ramdisk size (it's the '-o size' option of tmpfs mount). By default,
there is no ramdisk size set, so the default of mount applies (currently 50% of available RAM). Note
that this option has currently no effect when booting with toram.
overlay-size=SIZE
The size of the tmpfs mount (used for the upperdir union root mount) in bytes, and rounded up to
entire pages. This option accepts a suffix % to limit the instance to that percentage of your
physical RAM or a suffix k, m or g for Ki, Mi, Gi (binary kilo (kibi), binary mega (mebi) and binary
giga (gibi)). By default, 50% of available RAM will be used.
swap=true
This parameter enables usage of local swap partitions.
persistence
live-boot will probe devices for persistence media. These can be partitions (with the correct GPT
name), filesystems (with the correct label) or image files (with the correct file name). Overlays are
labeled/named "persistence" (see persistence.conf(5)). Overlay image files are named "persistence".
persistence-encryption=TYPE1,TYPE2 ... TYPEn
This option determines which types of encryption that are allowed to be used when probing devices for
persistence media. If "none" is in the list, we allow unencrypted media; if "luks" is in the list, we
allow LUKS-encrypted media and if "lukslabel" is in the list we check if the container contains the
label "persistence" before trying to open it. Whenever a device containing encrypted media is probed
the user will be prompted for the passphrase. The default value is "none".
persistence-media={removable|removable-usb}
If you specify the keyword 'removable', live-boot will try to find persistence partitions on
removable media only. Note that if you want to further restrict the media to usb mass storage only,
you can use the 'removable-usb' keyword.
persistence-method=TYPE1,TYPE2 ... TYPEn
This option determines which types of persistence media we allow. If "overlay" is in the list, we
consider overlays (i.e. "live-rw" and "home-rw"). The default is "overlay".
persistence-path=PATH
live-boot will look for persistency files in the root directory of a partition, with this parameter,
the path can be configured so that you can have multiple directories on the same partition to store
persistency files.
persistence-read-only
Filesystem changes are not saved back to persistence media. In particular, overlays and netboot NFS
mounts are mounted read-only.
persistence-storage=TYPE1,TYPE2 ... TYPEn
This option determines which types of persistence storage to consider when probing for persistence
media. If "filesystem" is in the list, filesystems with matching labels will be used; if "file" is in
the list, all filesystems will be probed for archives and image files with matching filenames. The
default is "file,filesystem".
persistence-label=LABEL1,LABEL2 ... LABELn
live-boot will use the names in this list (instead of "persistence") when searching for persistent
storage. Each LABEL can be a valid filename, partition label, or GPT name. The default is
"persistence".
noeject
This option causes live-boot to reboot without attempting to eject the media and without asking the
user to remove the boot media.
showmounts
This parameter will make live-boot to show on "/" the ro filesystems (mostly compressed) on
"/lib/live". This is not enabled by default because could lead to problems by applications like
"mono" which store binary paths on installation.
silent
If you boot with the normal quiet parameter, live-boot hides most messages of its own. When adding
silent, it hides all.
todisk=DEVICE
Adding this parameter, live-boot will try to copy the entire read-only media to the specified device
before mounting the root filesystem. It probably needs a lot of free space. Subsequent boots should
then skip this step and just specify the "live-media=DEVICE" boot parameter with the same DEVICE used
this time.
toram
Adding this parameter, live-boot will try to copy the whole read-only media to the computer's RAM
before mounting the root filesystem. This could need a lot of ram, according to the space used by the
read-only media.
union=overlay|aufs
By default, live-boot uses overlay. With this parameter, you can switch to aufs.
dm-verity-root-hash=IMAGE:ROOTHASH,IMAGE2:ROOTHASH2 ... IMAGEn:ROOTHASHn
Explicitly specify a dm-verity root hash for a IMAGE. Full path needs to be specified. Hashes for
multiple images can be comma separated specified.
dm-verity-enforce-roothash-signature
Enforces that the root hash has to be checked against a signature.
dm-verity-oncorruption=ignore|panic|restart
Sets the regarding action for the kernel if corruption occurs on a dm-verity device.
dm-verity Support
live-boot has support for dm-verity backed root file systems. Which allows for error detection (and
correction) in the underlying image.
If for an image a file ending with .verity in the same directory as the image is found live-boot attempts
to mount that image with dm-vertiy support. For a given device with dm-vertiy support a root hash must
be specified. Either in a file ending with .roothash or with the kernel command-line option
dm-verity-root-hash. If a file ending with .roothash.p7s is found it is used for signature checking in
dm-verity. If signature checking should be enforced the kernel command-line option
dm-verity-enforce-roothash-signature must be set.
Forward error detection gets enabled if a file ending with .fec and one with .fec.roots containing the
number of roots are found.
Example file structure:
/live/filesystem.squashfs
/live/filesystem.squashfs.verity
/live/filesystem.squashfs.fec
/live/filesystem.squashfs.fec.roots
/live/filesystem.squashfs.roothash
/live/filesystem.squashfs.roothash.p7s
FILES (old)
/etc/live.conf
Some variables can be configured via this config file (inside the live system).
live/filesystem.module
This optional file (inside the live media) contains a list of white-space or
carriage-return-separated file names corresponding to disk images in the "/live" directory. If this
file exists, only images listed here will be merged into the root aufs, and they will be loaded in
the order listed here. The first entry in this file will be the "lowest" point in the aufs, and the
last file in this list will be on the "top" of the aufs, directly below /overlay. Without this file,
any images in the "/live" directory are loaded in alphanumeric order.
FILES
/etc/live/boot.conf
/etc/live/boot/*
live/boot.conf
live/boot/*
persistence.conf
SEE ALSO
persistence.conf(5)
live-build(7)
live-config(7)
live-tools(7)
HOMEPAGE
More information about live-boot and the Debian Live project can be found on the homepage at
<https://wiki.debian.org/DebianLive> and in the manual at <https://live-team.pages.debian.net/live-
manual/>.
BUGS
Bugs can be reported by submitting a bugreport for the live-boot package in the Bug Tracking System at
<http://bugs.debian.org/> or by writing a mail to the Debian Live mailing list at <debian-
live@lists.debian.org>.
AUTHOR
live-boot was originally written by Daniel Baumann <mail@daniel-baumann.ch>. Since 2016 development has
been continued by the Debian Live team.