Skip to content

Instantly share code, notes, and snippets.

@cawa0505

cawa0505/kernel-small.md

Forked from dm0-/kernel-small.md
Created November 18, 2018 07:30
Show Gist options
  • Save cawa0505/ea11cdf7d2e02912b4af60d7fcde01e8 to your computer and use it in GitHub Desktop.
Save cawa0505/ea11cdf7d2e02912b4af60d7fcde01e8 to your computer and use it in GitHub Desktop.
Download ZIP
Build a modified CoreOS kernel (no initramfs modules; X260 driver notes)
Raw
kernel-small.md

Download and start the CoreOS development image in a container. Make sure to bind writable directories over the kernel's build and install paths.

wget 'http://alpha.release.core-os.net/amd64-usr/current/coreos_developer_container.bin.bz2'
bzcat coreos_developer_container.bin.bz2 > coreos_developer_container.bin
mkdir boot modules src
sudo systemd-nspawn \
    --bind="$PWD/boot:/boot" \
    --bind="$PWD/modules:/lib/modules" \
    --bind="$PWD/src:/usr/src" \
    --image=coreos_developer_container.bin

Using the shell inside the container, prepare and configure the Linux source.

emerge-gitclone
emerge -gKv bootengine coreos-sources dracut
update-bootengine -o /usr/src/linux/bootengine.cpio
echo 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' | cat \
    /var/lib/portage/coreos-overlay/sys-kernel/coreos-modules/files/{common,amd64_def}config-4.7 \
    - > /usr/src/linux/.config
make -C /usr/src/linux menuconfig

Change the following modules to builtins.

  • squashfs and loop to be able to switch to the real image
  • vfat, nls_cp437, and nls_ascii for configdrive support

For the ThinkPad X260, remember to enable the following drivers.

  • DRM and Intel graphics (under Graphics devices)
  • Wireless (under Networking) and Intel WiFi + MVM (under Network devices)
  • Realtek PCIe (under Multifunction devices) and Realtek MMC (under MMC)
  • Lenovo ACPI (under x86 platforms)

Set up keys for module signing. This creates a one-off pair; substitute your own if this build matters.

openssl req -batch -days 365 -newkey rsa:4096 -nodes -sha256 -x509 \
    -keyform PEM -keyout /usr/src/linux/certs/modules.key.pem \
    -outform PEM -out /usr/src/linux/certs/modules.pub.pem \
    -subj '/CN=Kernel module signing key'
cat /usr/src/linux/certs/modules.{pub,key}.pem > /usr/src/linux/certs/modules.pem
make -C /usr/src/linux -j$(( 2 * `getconf _NPROCESSORS_ONLN` )) certs V=1

Build and install everything.

make -C /usr/src/linux -j$(( 2 * `getconf _NPROCESSORS_ONLN` )) all V=1
make -C /usr/src/linux install modules_install

With everything installed successfully, exit the container. The final binaries are in the boot and modules directories.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment