Przejdź do głównej zawartości

 

  • Docs »

    •  

  • Linux 5.19 Kernel Compilation on Ubuntu AMD64 EFI DEB Packaged

    Linux 5.19 Kernel Compilation on Ubuntu AMD64 EFI DEB Packaged

    Introduction

    This manual is made on top on publicly available documentation around Linux and Ubuntu. The goal of displaying this information is to show Linux adepts and Tech Startups the core of Linux configuration for advanced purposes, also to enable Tech Startups in preparation of criteria for hiring a person responsible for Linux management on the product devices.

    Necessary packages installation

    GNU PG

    GNU PG is a tool for assymetric and symmetric encryption. In context of kernel recompilation GNU PG is needed to check the authenthicity of downloaded kernel tarball. To do this it is needed to download the public key of the kernel integrator and compile apropriate tool: GNU PG from source. Public key of GNU PG integrator and GNU PG tarball authenticity can be checked after installing the tool. If it is all right then it is possible to check kernel tarball after.

    Installing GNU PG

    We need to install libraries for GNU-PG:

    sudo su -

    Give user password.

    Base packages for GNU PG Compilation

    apt-get install tree wget2 build-essential crossbuild-essential-i386 binutils-i686-gnu pinentry-curses libssl-dev libnpth0-dev clang libgpg-error-dev libgcrypt20-dev libassuan-dev libksba-dev libelf-dev dpkg-deb libupower-glib-dev libupower-glib3

    Base packages for Linux Kernel Compilation

    apt-get install libncurses-dev bison flex dwarves schroot pesign

    Optional packages, mandatory for RYO miners:

    apt-get install libuv1-dev libhwloc-dev libssl-dev

    Downloading the GNU PG tarball and its signature:

    Open site

    https://gnupg.org/download/index.html

    with your favorite browser.

    Save *.txt page with signature on local media. Download the GNU PG tarball.

    If having some GNU PG already:

    gpg --verify gnupg-2.3.7.tar.bz2.sig gnupg-2.3.7.tar.bz2

    Compilation of GNU PG:

    Copy both files e.g. to /root/footbar.

    tar -xvjf gnupg-*.tar.bz2
cd gnupg-2.3.7
ls .

    Expected printout:

    ABOUT-NLS     agent    autogen.rc  build-aux       common       config.log     configure.ac  COPYING.GPL2    COPYING.other  g10      kbx       Makefile.am  po          regexp  stamp-h1  TODO
acinclude.m4  am       autogen.sh  ChangeLog       config.h     config.status  COPYING       COPYING.LGPL21  dirmngr        g13      m4        Makefile.in  README      scd     tests     tools
aclocal.m4    AUTHORS  build       ChangeLog-2011  config.h.in  configure      COPYING.CC0   COPYING.LGPL3   doc            INSTALL  Makefile  NEWS         README.GIT  sm      THANKS    VERSION

    Run configure script with needed options.

    ./configure -with-pinentry-pgm=/usr/bin/pinentry-curses --enable-g13 --enable-build-timestamp 
make

    Printout:

    PATH: /usr/local/sbin
PATH: /usr/local/bin
PATH: /usr/sbin
PATH: /usr/bin
PATH: /sbin
PATH: /bin
PATH: /usr/games
PATH: /usr/local/games
PATH: /snap/bin
mkdir lib
mkdir etc
mkdir doc
mkdir common

    Preparation of gnupg Debian/Ubuntu *.deb package:

    Package directory and DEBIAN directory.

    cd ..
mkdir gnupg
mkdir gnupg/DEBIAN
mkdir gnupg/usr
mkdir gnupg/usr/local
cd gnupg-2.3.7
cd agent
cp gpg-agent ../../gnupg/usr/local/.
cd ..
cd common
cp t-* ../../gnupg/usr/local/.
cd ../dirmngr
cp dirmngr ../../gnupg/usr/local/.
cp dirmngr-client ../../gnupg/usr/local/.
cd ../doc
cp -Rf * ../../gnupg/usr/local/.
cd ../g10
cp gpg ../../gnupg/usr/local/.
cp gpgv ../../gnupg/usr/local/.
cd ../g13
cp g13 ../../gnupg/usr/local/.
cp g13-syshelp ../../gnupg/usr/local/.
cd ../kbx 
cp kbxutil ../../gnupg/usr/local/.
cd ../scd
cp scdaemon ../../gnupg/usr/local/.
cd ../sm
cp gpgsm ../../gnupg/usr/local/.

    The control and postinst text files in DEBIAN directory and building the package.

    cd ../../gnupg/DEBIAN
touch control
echo "Package: gnupg
Version: 2.3.7
Maintainer: Wojciech Potentas
Architecture: amd64
Description: GNUPG
" > control
touch postinst
echo 'echo "Installation ended."' > postinst
chmod +x postinst
cd ..
cd ..
dpkg-deb --build gnupg

    Expected Printout:

    dpkg-deb: building package 'gnupg' in 'gnupg.deb'.

    Installing the package:

    dpkg -i gnupg.deb

    Expected Printout:

    (Reading database ... 193821 files and directories currently installed.)
Preparing to unpack gnupg.deb ...
Unpacking gnupg (2.3.7) over (2.3.7) ...
Setting up gnupg (2.3.7) ...
Installation ended.

    The GNU-PG is considered as installed.

    Generation of and use of RSA Key:

    touch ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent 
gpg --generate-key
gpg --verify gnupg-2.3.7.tar.bz2.sig

    gpg --import gpg.key

    Checking the GNU PG tarball's validity.

    gpg --verify gnupg-2.3.7.tar.bz2.sig gnupg-2.3.7.tar.bz2

    Expected Printout:

    gpg: assuming signed data in 'gnupg-2.3.7.tar.bz2'
gpg: Signature made pon, 7 lut 2022, 21:10:00 CET
gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
gpg: Good signature from "Werner Koch (dist signing 2020)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA

    Firmware

    When choosing a Linux Kernel version to customize and compile (here 5.19.11) check the date of the kernel. The example one here is from September 2022 so the nearest firmware after the kernel date is from October. Remove the classic distribution firmware package also.

    apt-get remove linux-modules-iwlwifi-5.17.0-1026-oem
cd /root
mkdir /root/linux5.19
cd linux5.19
wget https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/linux-firmware-20221012.tar.gz https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/linux-firmware-20221012.tar.sign
gunzip linux-firmware-20221012.tar.gz
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4CDE8575E547BF835FE15807A31B6BD72486CFD6
gpg --verify linux-firmware-20221012.tar.sign linux-firmware-20221012.tar
tar -xvf linux-firmware-20221012.tar

    Kernel tarball

    Enter https://www.kernel.org

    Click stable kernel. Enter git page, click commit, use download for the kernel and for the signature "sig" link.

    In Debian/Ubuntu You can do like this:

    apt-cache search kernel

    or

    apt-cache search linux

    and use the wanted patched sources:

    apt-get install linux-lowlatency

    Lowlatency is a profile for desktops, there are many others that can be found by: you should also fetch linux-headers of the wanted type and version.

    Saving old configuration

    mkdir /root/linux5.19
cp /usr/local/src/linux-<oldversion>/.config .

    or

    cp /usr/local/src/linux/.config .

    or

    cp /root/configLinux5.19.11_config_defconfig_hugetlsmadvise_configgz_vgavesaefi_fbconsolesupport_characterDevlegacyPTY_sndallHDausioall_VT_fuse_Bluetooth_Wi-Fi_squashfs_powerSave.txt .config

    Checking genuinity of downloaded tarball:

    gpg --locate-keys sashale@kernel.org gregkh@kernel.org

    Printout:
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <gregkh@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: error retrieving 'sashale@kernel.org' via WKD: No data
gpg: error reading key: No data
pub   rsa4096 2011-09-23 [SC]
      647F28654894E3BD457199BE38DBBDC86092693E
uid           [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
sub   rsa4096 2011-09-23 [E]

    cd /root/linux-5.19
cp linux-5.19.11* /usr/local/src
cd /usr/local/src/
unxz /root/linux-5.19/linux-5.19.11.xz

    Find the integrator's public key (page https://kernel.org/category/signatures.html) Copy a key from page https://gnupg.org/signature_key.html to gpg.key file.

    gpg --locate-keys torvalds@kernel.org &&
gpg --locate-keys gregkh@kernel.org &&
gpg --locate-keys sashal@kernel.org &&

    gpg --verify linux-5.19.11.tar.asc

    tar -xvf linux-5.19.11.tar
ln -s linux-5.19.11 linux

    Including old configuration if needed

    cp /root/linux-5.19/.config /usr/local/src/linux/.

    Printout:

    gpg: assuming signed data in 'linux-5.16.17.tar'
gpg: Signature made śro, 23 mar 2022, 09:19:48 CET
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

    The sources can be copie d from var/tmp/... to /usr/local/src/linux-<...>, untarred and for the sake of the instruction please do:

    Using the source:

    Check partitions

    cat /proc/fstab |less
cat /proc/mtab

    Check for "/" and "/boot/efi" and for mass storage device. Mine device is:

    /dev/nvme0n1

    Where:

    "/" is: /dev/nvme0n1p3
"/boot/efi" is: /dev/nvme0n1p2

    Configure the kernel:

    Manual Kernel Configuration

    Additional instruction for configure the kernel manually:

    cd /root/linux-5.19/linux-5.19.11/usr/local/src/linux

    And choose option for new configuration (deletes .config from linux directory):
    make mrproper

    cp /root/linux-5.19/.config /usr/local/src/linux/.

    make defconfig

    make menuconfig

    Kernel Option over Defconfig                           | Value
-------------------------------------------------------|------------------------------------
General                                                | config.gz
Memory config                                          |  
  HugeTLS=yes                                          | yes
  HugeTLS=optional                                     | optional
Device drivers/CharacterDevices//Legacy(BSD)PtySupport | yes
Device drivers/Graphics/Framebuffer                    | VGA16, VESA, EFI
Device drivers/Graphics/Framebuffer/FB Console Support | yes
Device drivers/Character device/Serial Device Bus      | yes
Sound Card Support:                                    | All, snd_hda_codec_realtec for GF75
Device Drivers/Block Devices:                          | NVME is a must plus others
Wi-Fi                                                  | Intel iwlwifi driver
File Systems                                           |  + FUSE
Boot but stop before X-Server                          | run .NVIDIA

    Proceed with compile:
    Clean the kernel tree from binaries:
    make clean

    Try to update the config for new options
    make oldconfig

    Possible printout:
    #
# No change to .config
#

    If not wanting to install the kernel by package prepared by yourself - building the kernel as is:
    make clean && make bzImage && make modules && make modules_install && make install && depmod && update-initramfs -c -k 5.19.11

    The rest of commands is build in upper text in package post-inst commands. If prefer to do automated build, as planned by the author execute below to prepare the package instead.
    After using 'make oldconfig' and optionally 'make menuconfig'you can save the config in packages directory.
    The config is:
    /usr/local/src/linux/.config

    Want to use your custom confing in the further process? Here you can overide the example, or just copy your config to the project directory.
    cp /usr/local/src/linux/.config /root/linux-5.19/.

    Preparing the package

    Copy the new config to package preparation directory. The configuration used here will be the one configred in /usr/local/src/linux saved as .config

    Remove the old package if needed:

    cd /root/linux-5.19
rm -Rf linux-5.19.11
rm -Rf linux-5.19.11.deb

    Prepare the kernel package:

    cd /root/linux-5.19
mkdir linux-5.19.11
mkdir linux-5.19.11/DEBIAN
mkdir linux-5.19.11/boot
mkdir linux-5.19.11/lib
mkdir linux-5.19.11/lib/firmware
tar -xvf linux-firmware-20221012.tar
cp -Rf linux-firmware-20221012 /usr/local/src/linux/.
mkdir linux-5.19.11/usr
mkdir linux-5.19.11/usr/local
mkdir linux-5.19.11/usr/local/src
mkdir linux-5.19.11/usr/local/src/linux
cp -Rf /usr/local/src/linux/* linux-5.19.11/usr/local/src/linux/.
cp -Rf /root/linux-5.19/.config linux-5.19.11/usr/local/src/linux/.
cd /root/linux-5.19/linux-5.19.11/DEBIAN

    touch control
echo "Package: linux
Version: 5.19.11
Maintainer: Wojciech Potentas
Architecture: amd64
Description: LinuxKernel
" > control

    touch postinst
echo "cd /usr/local/src/linux
cd linux-firmware-20221012
make install
cd ../.
echo "Compiling the kernel, modules and installing modules"
# This part can be done manually outside the package but it was automated in this instruction
make clean && make bzImage && make modules && make modules_install && make install && depmod && update-initramfs -c -k 5.19.11
echo "Installing the kernel image"
cd /usr/local/src/linux/arch/x86_64/boot
cp bzImage /boot/vmlinuz-5.19.11
echo "Signing the kernel"
echo "Please prepare tools to write down a password that you can now invent."
pesign -P -h -i /boot/vmlinuz-5.19.11  | cut -f 2 -d ' ' > /root/linux-5.19/boot_kernel_signature.sig
cd /boot
echo "Setting priviledges over kernel image"
chmod 600 vmlinuz-5.19.11
echo "Preparing initramfs"
mkinitramfs -o initrd.img-5.19.11 5.19.11
echo "Updating GRUB"
update-grub
echo "Installing GRUB"
grub-install --force /dev/sda1
echo 'Kernel installation ended.'" > postinst
chmod +x postinst
cd ..
cd ..

    Back the thread of package based kernel reconfiguration and recompilation

    Prepare the package which shall compile and install the kernel in command after this one:

    cd /root/linux-5.19
dpkg-deb --build linux-5.19.11

    Printout:

    dpkg-deb: building package 'linux' in 'linux-5.19.11.deb'.

    Compile and install the kernel by installing the package:

    dpkg -i linux-5.19.11.deb

    cat /root/linux-5.19/boot_kernel_signature.sig
mokutil --import-hash $(p) $(cat /root/linux-5.19/boot_kernel_signature.sig)

    When sure about well typed password and remembering it.

    rm /root/linux-5.19/boot_kernel_signature.sig

    Check the bootloader if new kernel is in menuentry 1.

    Check also if the bootloader needs the additional configuration, e.g. vgamode, screen resolution?

    vi /boot/grub/grub.cfg

    If needed: Usplash configuration file:

    Configure the framebuffer in kernel loader options see below: In line: linux /vmlinuz-5.19.11 root=UUID=744590ac-7c51-4f62-8b08-e76a9bfbc15d ro quiet splash $vt_handoff Add vga=791 So it is: linux /vmlinuz-5.19.11 root=UUID=744590ac-7c51-4f62-8b08-e76a9bfbc15d ro vga=791 quiet splash $vt_handoff

    vi /etc/usplash.conf

    xres=1024
yres=768

    update-initramfs -u

    REBOOT

    After reboot, it is possible to add additional drivers.

    NVIDIA on board?

    For NVIDIA users run NVIDIA binary that can be downloaded from NVIDIA page as root after reboot:

    ./NVIDIA-Linux-x86_64-515.76.run

    AMD Radeon on board?

    AMD Radeon needs drivers present in kernel, so include them in kernel configuration.

    Some sources for detailed instruction

    Sources:

    https://docs.oracle.com/en/learn/mokutil-uefi/#enrolling-hashes-with-the-uefi-secure-boot-key-database

    If you have multiple systems - Timezone

    timedatectl set-timezone UTC

    After build help commands - Quick change in the kernel recently built

    cd /root/linux-5.19/linux-5.19.11/usr/local/src/linux
make menuconfig

    Change options

    cp .config /config-date-n
make clean
cd /root/linux-5.19.11
dpkg-deb --build linux-5.19.11 && dpkg -i linux-5.19.11.deb

    Linux compiles and installs.

    cat /root/linux-5.19/boot_kernel_signature.sig
mokutil --import-hash $(p) $(cat /root/linux-5.19/boot_kernel_signature.sig)

    Give the password.

    Reboot and enroll the key if valid. Then reboot in enroll menu.

    New kernel hopefully booted. Any post-build compiled drivers on fresh kernel like NVIDIA?

    ./NVIDIA-Linux-x86_64-515.76.run

    Example Configuration

    .config example

    Popularne posty z tego bloga

    LLM Llama2 Llava AI-Messenger on WSL Links for Needed Info

     Hi I am happy to play with LLM distributions. Here you are whats needed to go with Llava and AI-Messenger How to build on windows? · Issue #103 · ggerganov/llama.cpp · GitHub GitHub - liltom-eth/llama2-webui: Run any Llama 2 locally with gradio UI on GPU or CPU from anywhere (Linux/Windows/Mac). Use `llama2-wrapper` as your local llama2 backend for Generative Agents/Apps. WSL/WSL/wsl-config.md at main · MicrosoftDocs/WSL · GitHub https://github.com/microsoft/WSL2-Linux-Kernel%20kernel=C://temp//myCustomKernel Answer on  Which LocalLlama enables to generate pictures? from: Copilot LocalLlama   is a fascinating project that combines language models with image generation capabilities. Let me provide you with some details: LLaVA (Language-Led Vision and Audio) : LLaVA   is an extension of   LocalLlama   that allows you to generate image descriptions using a language model. It processes your prompt through an   LLM (Local Language Model)   before pass...
    Read more »

    ScriptNConfThe/A

     Please find my filesystem cryptochecksum scrpits for bash and Korn shell. https://github.com/potentejda/scriptnconfa https://github.com/potentejda/scriptnconfthe Yours Wopoter aka Pothenthathorr
    Read more »

    Linux 5.19.11 AMD64 Deb Packaged in Ubuntu and now Firmware works! Wi-Fi!

     Dear Seven Miles Boots Sartupatupies and All Kernel Hardcrackers Here you are the new revision of Kernel Manual Page and the same .config example. Here you are the link to the manual and to the example .config . As told you can use it for education and inner business. Republishing publicly, outside of a class or the inner business is a subject of literacy copyrights. Your Sincerelly Innovalentine Pateentaas
    Read more »