Skip to content

Instantly share code, notes, and snippets.

@dm0-

dm0-/kernel-small.md

Last active July 30, 2019 19:53
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save dm0-/1f656b68491cd22e65ae0f33d4f1dd25 to your computer and use it in GitHub Desktop.
Save dm0-/1f656b68491cd22e65ae0f33d4f1dd25 to your computer and use it in GitHub Desktop.
Download ZIP
Build a modified CoreOS kernel (no initramfs modules; X260 driver notes)
Raw
kernel-small.md

Download and start the CoreOS development image in a container. Make sure to bind writable directories over the kernel's build and install paths.

wget 'http://alpha.release.core-os.net/amd64-usr/current/coreos_developer_container.bin.bz2'
bzcat coreos_developer_container.bin.bz2 > coreos_developer_container.bin
mkdir boot modules src
sudo systemd-nspawn \
    --bind="$PWD/boot:/boot" \
    --bind="$PWD/modules:/lib/modules" \
    --bind="$PWD/src:/usr/src" \
    --image=coreos_developer_container.bin

Using the shell inside the container, prepare and configure the Linux source.

emerge-gitclone
emerge -gKv bootengine coreos-sources dracut
update-bootengine -o /usr/src/linux/bootengine.cpio
echo 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' | cat \
    /var/lib/portage/coreos-overlay/sys-kernel/coreos-modules/files/{common,amd64_def}config-4.7 \
    - > /usr/src/linux/.config
make -C /usr/src/linux menuconfig

Change the following modules to builtins.

  • squashfs and loop to be able to switch to the real image
  • vfat, nls_cp437, and nls_ascii for configdrive support

For the ThinkPad X260, remember to enable the following drivers.

  • DRM and Intel graphics (under Graphics devices)
  • Wireless (under Networking) and Intel WiFi + MVM (under Network devices)
  • Realtek PCIe (under Multifunction devices) and Realtek MMC (under MMC)
  • Lenovo ACPI (under x86 platforms)

Set up keys for module signing. This creates a one-off pair; substitute your own if this build matters.

openssl req -batch -days 365 -newkey rsa:4096 -nodes -sha256 -x509 \
    -keyform PEM -keyout /usr/src/linux/certs/modules.key.pem \
    -outform PEM -out /usr/src/linux/certs/modules.pub.pem \
    -subj '/CN=Kernel module signing key'
cat /usr/src/linux/certs/modules.{pub,key}.pem > /usr/src/linux/certs/modules.pem
make -C /usr/src/linux -j$(( 2 * `getconf _NPROCESSORS_ONLN` )) certs V=1

Build and install everything.

make -C /usr/src/linux -j$(( 2 * `getconf _NPROCESSORS_ONLN` )) all V=1
make -C /usr/src/linux install modules_install

With everything installed successfully, exit the container. The final binaries are in the boot and modules directories.

@tairov
Copy link

tairov commented Apr 19, 2019

Hi @dm0- . I found your gist when I was googling information about coreos kernel modification. Could you please advice how to install or move result modules to /lib/modules directory after compilation?

@dm0-
Copy link
Author

dm0- commented Apr 19, 2019

@tairov mount --bind modules /lib/modules

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment