Of course. The typical Linux initrd is also too complicated. It should be doing this, and nothing else:
- There's an executable called /init, link it statically with everything it needs to do.
- Load kernel modules from a list (hardcoded at build time; optional if you include common modules in the generic kernel).
- Mount the root filesystem (hardcoded at build time) and pivot.
- execve("/sbin/init", ...)
I've built a PoC in pure Go that does all of this, the resulting initrd was ~2.5MB plus kernel modules. I simply moved all the boot-time complexity to build-time. It doesn't do LUKS or TPM yet, but that's also further down the roadmap.
OpenBSD went a step further and crammed FDE decryption into the bootloader. It doesn't do TPM but simple is simple.
- There's an executable called /init, link it statically with everything it needs to do.
- Load kernel modules from a list (hardcoded at build time; optional if you include common modules in the generic kernel).
- Mount the root filesystem (hardcoded at build time) and pivot.
- execve("/sbin/init", ...)
I've built a PoC in pure Go that does all of this, the resulting initrd was ~2.5MB plus kernel modules. I simply moved all the boot-time complexity to build-time. It doesn't do LUKS or TPM yet, but that's also further down the roadmap.
OpenBSD went a step further and crammed FDE decryption into the bootloader. It doesn't do TPM but simple is simple.