github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/Doc/BuildingInitRamFs.txt

Instructions for preparing initramfs for FileClient and FileServer
==================================================================

Decompress and unpack the existing initramfs
    cd /tmp
    mkdir init
    cd init
    cp /boot/initramfs.img-`uname -r` initrd.gz
    gunzip -c -9 initrd.gz | cpio -i -d -H newc --no-absolute-filenames

Copy the dynamic link libraries for the executables into the filesystem
for i in `ldd /home/jlm/jlmcrypt/fileServer.exe | cut -d' ' -f3 | sed 's/^\s*//g' | egrep -v '^\s*$'`; do
    source=$i
    dir=`dirname $i`
    mkdir -p $dir
    dest=`echo $i | sed 's?^/??g'`
    echo "Copying $source to $dest"
    cp $source $dest
done

Copy the runtime directory into the filesystem, and get ifconfig, too
    mkdir -p home/jlm/jlmcrypt
    cp -r /home/jlm/jlmcrypt/* home/jlm/jlmcrypt/
    cp /sbin/ifconfig sbin/ifconfig

You might want to clean out some of the unnecessary files here.

Change the initscript (init) to run dmcrypt and change the way the 
system disk is mounted.
  vim init

Here is a simple script that works:

-- start simple script

#!/bin/sh

[ -d /dev ] || mkdir -m 0755 /dev
[ -d /root ] || mkdir -m 0700 /root
[ -d /sys ] || mkdir /sys
[ -d /proc ] || mkdir /proc
[ -d /tmp ] || mkdir /tmp
mkdir -p /var/lock
mount -t sysfs -o nodev,noexec,nosuid sysfs /sys
mount -t proc -o nodev,noexec,nosuid proc /proc
# Some things don't work properly without /etc/mtab.
ln -sf /proc/mounts /etc/mtab

grep -q '\<quiet\>' /proc/cmdline || echo "Loading, please wait..."

# Note that this only becomes /dev on the real filesystem if udev's scripts
# are used; which they will be, but it's worth pointing out
if ! mount -t devtmpfs -o mode=0755 udev /dev; then
	echo "W: devtmpfs not available, falling back to tmpfs for /dev"
	mount -t tmpfs -o mode=0755 udev /dev
	[ -e /dev/console ] || mknod -m 0600 /dev/console c 5 1
	[ -e /dev/null ] || mknod /dev/null c 1 3
fi
mkdir /dev/pts
mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true
mount -t tmpfs -o "nosuid,size=20%,mode=0755" tmpfs /run
mkdir /run/initramfs
# compatibility symlink for the pre-oneiric locations
ln -s /run/initramfs /dev/.initramfs

/sbin/ifconfig lo 127.0.0.1
# can set up other networks here as needed, e.g., on eth0

# mount /boot as a place to put keys between reboots (e.g., for tcService.exe)
mkdir /boot
mount /dev/sda1 /boot

/bin/busybox sh

-- end simple script

  - untested:
      swapoff -a
      cryptsetup [-c aes -h sha256] -s 128 -d /dev/urandom create swap /dev/sda1
      mkswap /dev/mapper/swap
      swapon /dev/mapper/swap

Put initramfs back together
        find . | cpio -H newc -o|gzip -9 > ../initrd.img-new

Copy it to the boot directory
  sudo cp initrd.gz /boot/initrd.img-staticLinux

Change /etc/grub.d to use this new initramfs.

Consult: http://manpages.ubuntu.com/manpages/karmic/man8/initramfs-tools.8.html

mkdir initramfs{,-old}
 cd initramfs
 gunzip -c -9 /boot/initrd.img-2.6.32-5-686 \
  | cpio -i -d -H newc --no-absolute-filenames
 find > ../initramfs.content
 cd ../initramfs-old
 gunzip -c -9 /boot/initrd.img-2.6.32-5-686.bak \
  | cpio -i -d -H newc --no-absolute-filenames
 find > ../initramfs-old.content
 cd ..
 diff -u initramfs-old.content initramfs.content

A sample init that dynamically loads the driver (don't do this) is:
 1 Decompress initrd into localdirectory
 2 Copy needed drivers in /drvs directory
 3 Copy fileProxy/fileClient/tcService binaries in /bin directory and required libraries in 
     lib and lib64 directories
 4 Copied keys to /bin/HWRoot directory
 5 Replaced init with my custom init
 6 Loaded tcioDD
 7 Configured Ethernet
 8 Script does not boot all services
 9 Package initramfs.igz
10 Copy to /boot
11 Modify entry for OS Tboot section in grub.cfg. replaced initrd by initramfs.igz
12 Reboot machine
13 From cmd line type : /bin/tcService.exe –directory /bin/ &
14 tcService connected to keynegoServer on different machine.