diff --git a/_posts/sysadm/2026-02-08-custom-gentoo-linux-kernel.tl b/_posts/sysadm/2026-02-08-custom-gentoo-linux-kernel.tl new file mode 100644 index 0000000..0cd6be4 --- /dev/null +++ b/_posts/sysadm/2026-02-08-custom-gentoo-linux-kernel.tl @@ -0,0 +1,90 @@ +--- +layout: default +title: Custom Gentoo Linux kernel +date: 2026-02-08 17:44 +0100 +tags: kernel Gentoo +--- + +h2. Upgrading kernel + +Fetch firmware distfiles to install missing firmware files after reboot (when +network can be unavailable): + +{% highlight bash %} +emerge -f linux-firmware intel-microcode +{% endhighlight %} + +Install new kernel version and update config: + +{% highlight bash %} +USE="symlink" emerge -av gentoo-sources +cd /usr/src +cp -a linux-OLD/.config linux/ +make oldconfig +{% endhighlight %} + +Configure setup options in _/etc/genkernel.conf_. Most important are: +* @INSTALL@ - install kernel to _/boot_ directory, equivalent to: +{% highlight bash %} +genkernel --install kernel +{% endhighlight %} +* @SAVE_CONFIG@ - store kernel config in _/etc/kernels/_, +* @LVM@, @MDADM@, @MDADM_CONFIG@ - add _initramfs_ support for booting from +LVM/mdadm device , equivalent to one of: +{% highlight bash %} +genkernel --lvm initramfs +genkernel --mdadm --mdadm-config=/etc/mdadm.conf initramfs +{% endhighlight %} +* @FIRMWARE@, @ALLFIRMWARE@, @FIRMWARE_DIR@ - include all firmware files from +_/lib/firmware_ in _initramfs_. This assumes: +** _sys-kernel/linux-firmware_ is installed with @+savedconfig@ and +_/etc/portage/savedconfig/sys-kernel/linux-firmware-_ contains list of selected +firmware files, +** _sys-firmware/intel-microcode_ is installed with @+hostonly@. +Equivalent to: +{% highlight bash %} +genkernel --all-firmware initramfs +{% endhighlight %} +* @MODULEREBUILD@ - re-emerge packages containing kernel modules after new kernel +has been built, equivalent to: +{% highlight bash %} +emerge @module-rebuild +{% endhighlight %} +* @COMPRESS_INITRD_TYPE@ - compression algorithm has to be enabled in kernel, +e.g. _xz_ setting requires @RD_XZ@ kernel option, +* @TMPDIR@ - _/var/tmp/portage/genkernel_ + +then run: +{% highlight bash %} +genkernel all +{% endhighlight %} + +Reboot. Check for missing firmware files and install as necessary: + +{% highlight bash %} +dmesg | grep firmware | grep failure +{% endhighlight %} + + +h2. Noteworthy kernel options + +Option names and configuration symbols are based on Linux Kernel v6.12. + +h3. Bluetooth + +Sending files over interface using e.g. @blueman@: + +* RFCOMM protocol support (@BT_RFCOMM@) + +h3. Security hardening + +Control flow Enforcement Technology, used when @+cet@ USE flag is enabled for +build toolchain: +* Indirect Branch Tracking (@X86_KERNEL_IBT@) +* X86 userspace shadow stack (@X86_USER_SHADOW_STACK@) + +h3. Wireguard + +* IP: policy routing (@IP_MULTIPLE_TABLES@) + +###. TODO: merge wiki kernel install diff --git a/_posts/sysadm/2026-02-08-kernel-non-obvious-options-for-custom-build.tl b/_posts/sysadm/2026-02-08-kernel-non-obvious-options-for-custom-build.tl deleted file mode 100644 index 8c14fa2..0000000 --- a/_posts/sysadm/2026-02-08-kernel-non-obvious-options-for-custom-build.tl +++ /dev/null @@ -1,31 +0,0 @@ ---- -layout: default -title: Kernel non-obvious options for custom build -date: 2026-02-08 17:44 +0100 -tags: kernel ---- -Compiling a custom kernel typically involves removing everything deemed -unnecessary. This ensures the fastest and most secure kernel, as there is no -faster and safer code than nonexistent code. Unfortunately, it's easy to remove -too much: non-obvious elements that are essential for everyday work. - -The option names and configuration symbols you might want to add are based on -kernel v6.12. - - -h2. Bluetooth - -Sending files over e.g. @blueman@: - -* RFCOMM protocol support (@BT_RFCOMM@) - -h2. Security hardening - -Control flow Enforcement Technology, used when @cet@ USE flag is enabled for -build toolchain: -* Indirect Branch Tracking (@X86_KERNEL_IBT@) -* X86 userspace shadow stack (@X86_USER_SHADOW_STACK@) - -h2. Wireguard - -* IP: policy routing (@IP_MULTIPLE_TABLES@)