WiFi in initramfs on Debian

This is a short howto enable WiFi early in initramfs. There are several reasons why this can be helpful. One possible reason is to use Tang/Clevis for full disk encryption. This post should give a short walk through how to enable WiFi early in initramfs.

Special thanks goes to fangfufu who made the actual work. There is no relationship to fangfufu, I just found this repository and tried it out.

On a Debian / Ubuntu often initramfs is used. The setup will not work for dracut.

Ensure the WiFi kernel module is in initramfs

First, the kernel module used for the WiFi chip has to be known.

lspci -s "$(lspci | awk '/Wireless/ {print $1}')" -vvv
0c:00.0 Network controller: [...] Wireless Network Adapter
    [...]
    Kernel driver in use: iwlwifi
    Kernel modules: iwlwifi

Copy the value (in this case iwlwifi) to the /etc/initramfs-tools/modules file. This will copy the module to initramfs the next time it is built.

Ensure a WPA supplicant configuration

In this example a dedicated WPA supplicant configuration is copied to initramfs. It is also possible to copy the main configuration (/etc/wpa_supplicant/wpa_supplicant.conf) if it is in use. As often NetworkManager is used - and we are not going to install NetworkManager to initramfs - a dedicated configuration is used here. /etc/initramfs-tools/wpa_supplicant.conf:

# /etc/initramfs-tools/wpa_supplicant.conf
# note that this is independent of the system /etc/wpa_supplicant.conf (if any)
# only add the network you need at boot time. **And keep the ctrl_interface** !!
ctrl_interface=/tmp/wpa_supplicant

network={
    ssid="MySSID"
    key_mgmt=SAE
    sae_password="MyS3cr3tP4ssphr4s3!"
    ieee80211w=2
}

In this example, WPA supplicant is connecting to a WPA3-PSK network.

Scripts to copy tools and start WiFi in initramfs

Those three scripts will ensure that the required tools and files are copied to initramfs and will actually enable WiFi during boot.

• /etc/initramfs-tools/hooks/enable-wireless

#!/bin/bash -e

PREREQS=""

case $1 in
    prereqs)
    	echo "$PREREQS"
    	exit 0
    	;;
esac

. /usr/share/initramfs-tools/hook-functions

copy_exec /sbin/wpa_supplicant
copy_exec /sbin/wpa_cli
copy_file config /etc/initramfs-tools/wpa_supplicant.conf /etc/wpa_supplicant.conf

• /etc/initramfs-tools/scripts/init-premount/01-enable-wireless

#!/bin/sh

PREREQS=""

case $1 in
    prereqs)
    	echo "$PREREQS"
    	exit 0
    	;;
esac

. /scripts/functions

INTERFACE=$(/usr/bin/ip link | awk '{if(substr($2,1,1)=="w") {gsub(":","",$2); print($2); exit;}}')

if ! [ -z "$INTERFACE" ]; then
    echo
    echo Wifi interface  is $INTERFACE
    log_begin_msg "Starting Wifi connection"
    /sbin/wpa_supplicant  -i$INTERFACE -c/etc/wpa_supplicant.conf -P/run/initramfs-wpa_supplicant.pid -B -f /tmp/wpa_supplicant.log
else
    echo
    echo "No Wifi device found"
fi

configure_networking

• /etc/initramfs-tools/scripts/local-bottom/kill-wireless

#!/bin/sh

PREREQS=""

case $1 in
    prereqs)
    	echo "$PREREQS"
    	exit 0
    	;;
esac

echo "Killing wpa_supplicant so the system takes over later."
kill "$(cat /run/initramfs-wpa_supplicant.pid)"

Update initramfs

Finally, initramfs must be updated. This is an easy task:

update-initramfs -u

Summary

This is everything which is required in order to enable WiFi during initramfs. During a reboot, the system will search for the WiFi interface and will start WPA supplicant. Afterwards it will run DHCP on all interfaces. At the end of the initramfs phase it will kill WPA supplicant again, in order to let the actual operating system to take over the network connectivity.