Recent kernels have issues with loop-aes's build-initrd.sh in some configurations. USEPIVOT=2 does not work w/SW raid on 5.10+ kernels, and USEPIVOT=1 fails to build when booted in a standard Gentoo install ISO environment.

Details:

An initrd needs to mount /boot to access key material, and then losetup the device that will be mounted at /.

loop-aes's build-initrd.sh helper script builds a minimal initrd. It can handle simple single-disk / HW raid, and/or can auto-assemble-able software RAID using metadata 0.90 (more complex software RAID has always required a "fatter" initrd).

There are multiple methods/options for initrd kernel / bootloader configuration, controlled by build-initrd.sh config options. USEPIVOT=1 mounts a minix filesystem image and calls pivot_root, leaving behind an /initrd mount. USEPIVOT=2 uses a cpio archive as initramfs and leaves no lingering mount point.

USEPIVOT=2 continues to work fine when the devices are single-disk and/or HW raid.

When a system uses autodetect SW RAID for its boot and root devices, the initrd needs to be able to assemble them, mount /boot for key material, then losetup the device that will be mounted at /, etc.

However, kernel raid APIs changed somewhere around 5.10, making the minimal initrd made by build-initrd.sh in USEPIVOT=2 mode unable to assemble the RAID
prior to setting up loop device, so the system can no longer boot.

USEPIVOT=1 still works with 5.10+ kernels, but there is a Gentoo-specific catch. build-initrd.sh uses minix by default (for its low overhead), and it also assumes that the 'mount' command is loop-aes's patched one. When booted on a Gentoo install ISO, neither of these is true: the minix filesystem is not supported by the ISO's kernel, and the standard mount is present. So it has never(?) been possible to build a USEPIVOT=1 initrd when booted from a Gentoo install ISO.