Hi everyone,
I recently installed Aurora on my laptop to test it before deploying it to my parents’ PC. I’m running into a technical hurdle regarding initramfs and TPM unlocking.
Technical Context:
Hardware: Laptop with NVIDIA GPU, 16GB RAM.
Setup: Dual-booting with Windows (requires Secure Boot enabled), LUKS encryption with automatic TPM unlocking.
Storage: 2GB /boot partition and 600MB /boot/efi (so disk space itself is not the bottleneck).
The Problem:
The initramfs containing the NVIDIA drivers is approximately 250 MB. Due to OSTree’s rollback mechanism, GRUB has to manage two versions. This seems to exceed GRUB’s memory management capabilities at boot time.
Errors Encountered:
I consistently receive the mm.c out of memory error during boot. Here are my observations:
Disabling TPM: The system boots normally.
Cleaning OSTree: If I run rpm-ostree cleanup --rollback, the system boots successfully with TPM active, but I lose the safety net of having a rollback version in case of a bad update.
Kernel Parameter: I tried setting ramdisk_size=1024048, but it didn’t solve the issue.
My Assessment:
While Aurora provides tools via ujust to manage Secure Boot, technical limitations persist. The root cause appears to be GRUB itself, which has limited memory handling when loading large initrd files in Secure Boot/TPM mode.
My Questions:
Switching to systemd-boot: Would moving from GRUB to systemd-boot resolve this memory management issue?
Maintaining Functionality: Is there a way to keep NVIDIA drivers, TPM (for LUKS), and Secure Boot without sacrificing deployment history (rollbacks)?
Optimizing Initramfs: Is there a specific configuration in Universal Blue to “slim down” the initramfs without losing critical functionality?
My goal is to find a stable solution for “standard” users (my parents) to ensure a secure and robust system that doesn’t require complex manual intervention.
Thank you in advance for your help!