Below are the steps to include a binary to the kernel, which is not there by default. The binary used in this example is the openssl one.
Overview of steps to be done:
- backup kernel image
- create hook script with initramfs-tools
- rebuild kernel
Locate the latest initrd image inside the /boot/ folder and back it up via:
sudo cp -aRf /boot/initrd.img-5.10.0-23-amd64 /boot/initrd.img-5.10.0-23-amd64.bak
If something goes wrong in the steps later, this backup initramfs image can be used anytime. To specify this backup image to be loaded instead of any other, press e on the GRUB menu before boot and go to line starting with initrd and change the name of the image to the name of backup image and press Ctrl+x to boot.
Initramfs-tools allows creating custom hook scripts, which can execute custom scripts during build of the kernel image, more info here.
Create hook script:
sudo nano /etc/initramfs-tools/hooks/openssl
With the following content:
#!/bin/sh
PREREQ=""
prereqs()
{
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
# openssl
. /usr/share/initramfs-tools/hook-functions #provides copy_exec
rm -f ${DESTDIR}/bin/openssl #copy_exec won't overwrite an existing file
copy_exec /usr/bin/openssl /bin/openssl #Takes location in filesystem and location in initramfs as arguments
Add execution rights:
sudo chmod +x /etc/initramfs-tools/hooks/openssl
Via: sudo update-initramfs -u -k all