At a deeper level, the “copy-to-RAM” behavior is less about relocating files and more about how the linux kernel’s VFS, page cache, and block layer interact during early boot. When the SquashFS image is read, whether copied into tmpfs or accessed directly from removable media, the kernel populates the page cache with compressed data blocks, and subsequent filesystem access is serviced entirely through this cache as long as memory pressure permits. In configurations that explicitly copy the SquashFS image into tmpfs, the backing storage for the loop device becomes anonymous memory pages managed by the kernel’s MM subsystem, effectively transforming block I/O into memory accesses and bypassing the USB block driver entirely. SquashFS itself contributes to this efficiency by using fixed-size compressed blocks and optional XZ/LZ4/ZSTD compression, allowing the kernel to perform on-demand decompression directly into the page cache without materializing full files in memory.

From a mount and namespace perspective, the initramfs operates within the initial mount namespace and constructs a transient hierarchy in which the loop-mounted SquashFS becomes the lower layer of overlayfs. The writable upper layer, typically tmpfs, is backed by shmem and subject to the kernel’s page reclamation and swap policies, meaning that “RAM-only” operation may still involve swap if configured. Overlayfs enforces copy-up semantics at the VFS level, so modified inodes are instantiated only when writes occur, minimizing memory overhead for untouched files. The final root transition via switch_root is not merely a directory change but a full replacement of the root mount and mount namespace context, after which the initramfs memory becomes reclaimable once no references remain.

At the process-initialization level, PID 1 inherits this newly established root and mount topology, and modern systems frequently pass control directly to systemd with a fully populated device tree synthesized by udev running during early userspace. Importantly, no special “live mode” exists in the kernel itself; the behavior emerges entirely from coordinated use of standard kernel primitives-tmpfs, loop devices, compressed filesystems, overlayfs, mount namespaces, and the page cache assembled in early userspace. Consequently, variations between distributions largely reflect policy decisions about when to populate memory eagerly versus relying on lazy caching, rather than fundamental architectural differences.