How to unpack initrd/initramfs to view content in Linux

There may be a couple of reasons why you need to extract initramfs or initrd images. As of now, I want to fix my computer, which was not allowing me to use my laptop with the following error: “Failed to start VirtualBox Linux kernel module”.

After diagnosing, it’s a clear error that it’s missing the Linux header. Although you know, we can install Linux headers using uname-r. However, the installer failed to install and threw the error message “Unable to locate.”

Later on, I found that there was some issue with the kernel image. I moved the default initramfs and vmlinuz to another location and restarted the system.

Hopefully, the system restarted successfully.

And from here, I thought to do an autopsy with initramfs and a vmlinuz file. In this guided article, you will see the steps to extract initrd/initramfs.

Before moving ahead, you should know what initramfs are and why the system requires this.

What is initramfs?

To put it simply, initramfs is a small RAM disk that contains the files required to load the system before the real root file system is mounted. They provide the basic necessities for the system to startup and mount the real root file system (/) when booting is successful.

The short answer is that it loads kernel modules and mounts filesystems as RAM.

Moreover, it is compressed with cpio format archives along with several other compression algorithms, which we will see later.

How to know which Linux Kernel Version is installed in my System

Method to Inspect or view initramfs content

You will see two methods to inspect initramfs content, such as

  • [Conventional way] Extract and view initramfs/initrd content
  • [Simple & Convenient way] Extract and view initramfs/initrd content
  • Inspect initramfs

How to extract and view initramfs file in Linux

Although you know that initramfs or initrd stores in the /boot directory, which is protected with write permission, and basically it’s not an absolute way to work here. So first and foremost, create a temporary directory in /tmp with the init directory.

To make a temporary directory like mine, do copy-paste the following command.

$ mkdir /tmp/init
$ cd /tmp/init

Once it is done, copy the respective initramfs file to the current directory and make sure to replace the initrd file name with the available one.

$ ls /boot
$ cp -v /boot/initrd.img-5.10.0-9-amd64 .

After that check, the file type, usually initrd or initramfs is compressed with multiple algorithms. To check the file type, use file command.

$ file initrd.img-5.10.0-9-amd64 

initrd.img-5.10.0-9-amd64: gzip compressed data, was "mkinitramfs-MAIN_EYPHFu", last modified: Sat Oct 16 04:14:42 2021, from Unix, original size modulo 2^32 145369088

The output says it is a gzipped file, but if you try to unzip it with the gunzip command, you will not be able to do so because gunzip requires a.gz extension, which is not present. So you will rename the initramfs with the .gz extension.

$ mv initrd.img-5.10.0-9-amd64 initrd.img-5.10.0-9-amd64.gz

Once it’s done, pass the subsequent command and check the file type.

$ gunzip initrd.img-5.10.0-9-amd64.gz
$ file initrd.img-5.10.0-9-amd64

initrd.img-5.10.0-9-amd64: ASCII cpio archive (SVR4 with no CRC)

We are almost done here. After getting the “CPIO archive,” type the below command to extract the file in the current directory.

$ cpio -idv < initrd.img-5.10.0-9-amd64

cpio: usr/sbin/watchdog linked to usr/bin/[

*****[TRIMMED OUTPUT]******

283924 blocks

The extraction part is over here, and you can do what you want with an extracted initramfs image file.

[Simple Method] Extract initramfs/initrd using lsinitrd

The above method is slightly tricky. You can achieve the same result with a single command, which can be convenient and easy to use without memorizing the steps.

You can use the lsinitrd command to perform all the steps in one. Open your terminal window, type the following command, and replace the file name.

$ mkdir init && cd init
$ lsinitrd --unpack /boot/initrd.img-5.10.0-9-amd64

Check whether the file was extracted successfully.

$ ls 

bin@  conf/  etc/  init*  lib@  lib32@  lib64@  libx32@  run/  sbin@  scripts/  usr/  var/

How to Inspect or view initramfs

All the above was to extract the image and then inspect the file content, but if you are not interested in the extraction part and just want to inspect the initrd/initramfs content, then what to do?

Simple again, you can use the lsinitrd command to view the content of an individual image file, and the output is similar to the ls -l command.

$ lsinitrd initrd.img-5.10.0-9-amd64

Image: initrd.img-5.10.0-9-amd64: 40M
-rwxr-xr-x 247 root     root            0 Jul 26  2021 usr/sbin/syslogd
-rwxr-xr-x 247 root     root            0 Jul 26  2021 usr/sbin/ubirename
-rwxr-xr-x 247 root     root            0 Jul 26  2021 usr/sbin/udhcpc
-rwxr-xr-x 247 root     root            0 Jul 26  2021 usr/sbin/udhcpd
-rwxr-xr-x 247 root     root            0 Jul 26  2021 usr/sbin/uevent

******(TRIMMED OUTPUT******

-rw-r--r--   1 root     root          200 Oct 16 09:44 var/cache/fontconfig/CACHEDIR.TAG

I’m not sure whether we can make any changes here. If you know, please let us know.

Wrap up

That’s all to unpack initrd/initramfs to view content in Linux. We have covered conventional and simple ways to extract initrd/initramfs files. Along with that, you have learned to inspect content without extracting files.

If you face any difficulty while following our article, please let us know in the comment section.

Till then, enjoy it!

This Post Has 3 Comments

  1. Barry

    EasyOS takes this to the logical conclusion, just single click on initrd to open it up in a file manager. Edit as required, then click on initrd to update. Completely graphical, super easy

    1. Gagan Mishra

      This feature can be available in all Linux Distributions?

      1. Barry

        Yes, it could be very easily implemented on any Linux distro. It i just a matter of writing a handler script for the initrd mime-type. The script in EasyOS can be used as the basis.
        EasyOS uses the ROX-Filer filemanager, and if you right-click on the initrd it will show the handler script assigned to that mime-type.

Leave a Reply

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.