From 8515bdbe383816d9ba2f427f946e501be117ba9c Mon Sep 17 00:00:00 2001
From: veilor-org <admin@veilor.org>
Date: Fri, 1 May 2026 23:23:35 +0100
Subject: [PATCH] ks: drop init_on_alloc/init_on_free from live cmdline (5x
 boot time on KVM)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Live ISO stalled at dracut for 5+min on KVM with init_on_alloc=1
init_on_free=1 — kernel zeroes every page on alloc/free, brutal in
virtualized memory. Keep slab_nomerge + lockdown=integrity +
randomize_kstack + vsyscall=none for live (cheap). Re-add memory
init flags on installed system via veilor-firstboot post-install
GRUB edit (planned v0.3).
---
 kickstart/veilor-os.ks | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kickstart/veilor-os.ks b/kickstart/veilor-os.ks
index 0a17c3e..58eec10 100644
--- a/kickstart/veilor-os.ks
+++ b/kickstart/veilor-os.ks
@@ -48,7 +48,10 @@ rootpw --lock
 user --name=admin --groups=wheel --gecos="veilor admin" --password="" --plaintext
 
 # ── Bootloader: kernel hardening flags ──
-bootloader --location=mbr --append="lockdown=integrity slab_nomerge init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on vsyscall=none"
+# Note: init_on_alloc/init_on_free removed from default live cmdline —
+# they zero every memory page at boot which 5x'd KVM live boot time.
+# Re-enable per-install via veilor-firstboot.service for production.
+bootloader --location=mbr --append="lockdown=integrity slab_nomerge randomize_kstack_offset=on vsyscall=none"
 
 # ── Live ISO partitioning (flat — for live rootfs build only) ──
 # NOTE: This is the *live* image kickstart. Final installed system uses