--- layout: default title: Custom Gentoo Linux kernel date: 2026-02-08 17:44 +0100 tags: kernel Gentoo --- h2. Upgrading kernel Fetch firmware distfiles to install missing firmware files after reboot (when network can be unavailable): {% highlight bash %} emerge -f linux-firmware intel-microcode {% endhighlight %} Install new kernel version and update config: {% highlight bash %} USE="symlink" emerge -av gentoo-sources cd /usr/src cp -a linux-OLD/.config linux/ make oldconfig {% endhighlight %} Configure setup options in _/etc/genkernel.conf_. Most important are: * @INSTALL@ - install kernel to _/boot_ directory, equivalent to: {% highlight bash %} genkernel --install kernel {% endhighlight %} * @SAVE_CONFIG@ - store kernel config in _/etc/kernels/_, * @LVM@, @MDADM@, @MDADM_CONFIG@ - add _initramfs_ support for booting from LVM/mdadm device , equivalent to one of: {% highlight bash %} genkernel --lvm initramfs genkernel --mdadm --mdadm-config=/etc/mdadm.conf initramfs {% endhighlight %} * @FIRMWARE@, @ALLFIRMWARE@, @FIRMWARE_DIR@ - include all firmware files from _/lib/firmware_ in _initramfs_. This assumes: ** _sys-kernel/linux-firmware_ is installed with @+savedconfig@ and _/etc/portage/savedconfig/sys-kernel/linux-firmware-_ contains list of selected firmware files, ** _sys-firmware/intel-microcode_ is installed with @+hostonly@. Equivalent to: {% highlight bash %} genkernel --all-firmware initramfs {% endhighlight %} * @MODULEREBUILD@ - re-emerge packages containing kernel modules after new kernel has been built, equivalent to: {% highlight bash %} emerge @module-rebuild {% endhighlight %} * @COMPRESS_INITRD_TYPE@ - compression algorithm has to be enabled in kernel, e.g. _xz_ setting requires @RD_XZ@ kernel option, * @TMPDIR@ - _/var/tmp/portage/genkernel_ then run: {% highlight bash %} genkernel all {% endhighlight %} Reboot. Check for missing firmware files and install as necessary: {% highlight bash %} dmesg | grep firmware | grep failure {% endhighlight %} h2. Noteworthy kernel options Option names and configuration symbols are based on Linux Kernel v6.12. h3. Bluetooth Sending files over interface using e.g. @blueman@: * RFCOMM protocol support (@BT_RFCOMM@) h3. Security hardening Control flow Enforcement Technology, used when @+cet@ USE flag is enabled for build toolchain: * Indirect Branch Tracking (@X86_KERNEL_IBT@) * X86 userspace shadow stack (@X86_USER_SHADOW_STACK@) h3. Wireguard * IP: policy routing (@IP_MULTIPLE_TABLES@) ###. TODO: merge wiki kernel install