source: chapter10/kernel.xml@ 95105f3

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../general.ent">
  %general-entities;
]>

<sect1 id="ch-bootable-kernel" role="wrap">
  <?dbhtml filename="kernel.html"?>

  <sect1info condition="script">
    <productname>kernel</productname>
    <productnumber>&linux-version;</productnumber>
    <address>&linux-url;</address>
  </sect1info>

  <title>Linux-&linux-version;</title>

  <indexterm zone="ch-bootable-kernel">
    <primary sortas="a-Linux">Linux</primary>
  </indexterm>

  <sect2 role="package">
    <title/>

    <para>The Linux package contains the Linux kernel.</para>

    <segmentedlist>
      <segtitle>&buildtime;</segtitle>
      <segtitle>&diskspace;</segtitle>

      <seglistitem>
        <seg>&linux-knl-sbu;</seg>
        <seg>&linux-knl-du;</seg>
      </seglistitem>
    </segmentedlist>

  </sect2>

  <sect2 role="installation">
    <title>Installation of the kernel</title>

    <para>Building the kernel involves a few steps&mdash;configuration,
    compilation, and installation. Read the <filename>README</filename> file
    in the kernel source tree for alternative methods to the way this book
    configures the kernel.</para>

    <para>Prepare for compilation by running the following command:</para>

<screen><userinput remap="pre">make mrproper</userinput></screen>

    <para>This ensures that the kernel tree is absolutely clean. The
    kernel team recommends that this command be issued prior to each
    kernel compilation. Do not rely on the source tree being clean after
    un-tarring.</para>

    <para>There are several ways to configure the kernel options. Usually,
    This is done through a menu-driven interface, for example:</para>

<screen role="nodump"><userinput>make menuconfig</userinput></screen>

    <variablelist>
      <title>The meaning of optional make environment variables:</title>

      <varlistentry>
        <term><parameter>LANG=&lt;host_LANG_value&gt; LC_ALL=</parameter></term>
        <listitem>
          <para>This establishes the locale setting to the one used on the
          host.  This may be needed for a proper menuconfig ncurses interface
          line drawing on a UTF-8 linux text console.</para>

          <para>If used, be sure to replace
          <replaceable>&lt;host_LANG_value&gt;</replaceable> by the value of
          the <envar>$LANG</envar> variable from your host.  You can
          alternatively use instead the host's value of <envar>$LC_ALL</envar>
          or <envar>$LC_CTYPE</envar>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><command>make menuconfig</command></term>
        <listitem>
          <para>This launches an ncurses menu-driven interface. For other
          (graphical) interfaces, type <command>make help</command>.</para>
        </listitem>
      </varlistentry>
    </variablelist>

    <!-- Support for compiling a keymap into the kernel is deliberately removed -->

    <para>For general information on kernel configuration see <ulink
    url="&hints-root;kernel-configuration.txt"/>.  BLFS has some information
    regarding particular kernel configuration requirements of packages outside
    of LFS at <ulink
    url="&blfs-book;longindex.html#kernel-config-index"/>.  Additional
    information about configuring and building the kernel can be found at
    <ulink url="http://www.kroah.com/lkn/"/> </para>

    <note>
      <para>A good starting place for setting up the kernel configuration is to
      run <command>make defconfig</command>. This will set the base
      configuration to a good state that takes your current system architecture
      into account.</para>

      <para>Be sure to enable/disable/set the following features or the system might
      not work correctly or boot at all:</para>

      <screen role="nodump" revision="sysv">Processor type and features ---&gt;
   [*] Build a relocatable kernel [CONFIG_RELOCATABLE]
   [*]   Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE]
General setup ---&gt;
   [ ] Compile the kernel with warnings as errors [CONFIG_WERROR]
   &lt; &gt; Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS]
General architecture-dependent options  ---&gt;
   [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR]
   [*]   Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG]
Device Drivers  ---&gt;
  Firmware Drivers   ---&gt;
   EFI (Extensible Firmware Interface) Support  ---&gt;
     [*] Enable the generic EFI decompressor [CONFIG_EFI_ZBOOT]
  Graphics support ---&gt;
   Frame buffer Devices ---&gt;
      &lt;*&gt; Support for frame buffer devices ---&gt;
   Console display driver support ---&gt;
      [*] Framebuffer Console support [CONFIG_FRAMEBUFFER_CONSOLE]
  Generic Driver Options  ---&gt;
   [ ] Support for uevent helper [CONFIG_UEVENT_HELPER]
   [*] Maintain a devtmpfs filesystem to mount at /dev [CONFIG_DEVTMPFS]
   [*]   Automount devtmpfs at /dev, after the kernel mounted the rootfs [CONFIG_DEVTMPFS_MOUNT]</screen>

      <screen role="nodump" revision="systemd">Processor type and features ---&gt;
   [*] Build a relocatable kernel [CONFIG_RELOCATABLE]
   [*]   Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE]
General setup ---&gt;
   [ ] Compile the kernel with warnings as errors [CONFIG_WERROR]
   [ ] Auditing Support [CONFIG_AUDIT]
   CPU/Task time and stats accounting ---&gt;
      [*] Pressure stall information tracking [CONFIG_PSI]
   &lt; &gt; Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS]
   [*] Control Group support [CONFIG_CGROUPS]   ---&gt;
      [*] Memory controller [CONFIG_MEMCG]
   [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED]
   [*] Configure standard kernel features (expert users) [CONFIG_EXPERT] ---&gt;
      [*] open by fhandle syscalls [CONFIG_FHANDLE]
General architecture-dependent options  ---&gt;
   [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP]
   [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR]
   [*]   Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG]
Networking support  ---&gt;
  Networking options  ---&gt;
   &lt;*&gt; The IPv6 protocol [CONFIG_IPV6]
Device Drivers  ---&gt;
  Generic Driver Options  ---&gt;
   [ ] Support for uevent helper [CONFIG_UEVENT_HELPER]
   [*] Maintain a devtmpfs filesystem to mount at /dev [CONFIG_DEVTMPFS]
   [*]   Automount devtmpfs at /dev, after the kernel mounted the rootfs [CONFIG_DEVTMPFS_MOUNT]
   Firmware Loader ---&gt;
      [ ] Enable the firmware sysfs fallback mechanism [CONFIG_FW_LOADER_USER_HELPER]
  Firmware Drivers   ---&gt;
   [*] Export DMI identification via sysfs to userspace [CONFIG_DMIID]
   EFI (Extensible Firmware Interface) Support  ---&gt;
     [*] Enable the generic EFI decompressor [CONFIG_EFI_ZBOOT]
  Graphics support ---&gt;
   Frame buffer Devices ---&gt;
      &lt;*&gt; Support for frame buffer devices ---&gt;
   Console display driver support ---&gt;
      [*] Framebuffer Console support [CONFIG_FRAMEBUFFER_CONSOLE]
File systems  ---&gt;
   [*] Inotify support for userspace [CONFIG_INOTIFY_USER]
       Pseudo filesystems  ---&gt;
        [*] Tmpfs POSIX Access Control Lists [CONFIG_TMPFS_POSIX_ACL]</screen>
    </note>

    <note revision="systemd">
      <para>While "The IPv6 Protocol" is not strictly
      required, it is highly recommended by the systemd developers.</para>
    </note>

    <para revision="sysv">There are several other options that may be desired
    depending on the requirements for the system. For a list of options needed
    for BLFS packages, see the <ulink
    url="&lfs-root;blfs/view/&short-version;/longindex.html#kernel-config-index">BLFS
    Index of Kernel Settings</ulink>
    (&lfs-root;blfs/view/&short-version;/longindex.html#kernel-config-index).</para>

    <note>
      <para>If your host hardware is using UEFI and you wish to boot the
      LFS system with it, you should adjust some kernel configuration
      following <ulink url="&blfs-book;postlfs/grub-setup.html#uefi-kernel">
      the BLFS page</ulink>.</para>
    </note>

    <variablelist>
      <title>The rationale for the above configuration items:</title>

      <varlistentry>
        <term><parameter>Randomize the address of the kernel image (KASLR)</parameter></term>
        <listitem>
          <para>Enable ASLR for kernel image, to mitigate some attacks based
          on fixed addresses of sensitive data or code in the kernel.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>
          <parameter>
            Compile the kernel with warnings as errors
          </parameter>
        </term>
        <listitem>
          <para>This may cause building failure if the compiler and/or
          configuration are different from those of the kernel
          developers.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>
          <parameter>
            Enable kernel headers through /sys/kernel/kheaders.tar.xz
          </parameter>
        </term>
        <listitem>
          <para>This will require <command>cpio</command> building the kernel.
          <command>cpio</command> is not installed by LFS.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>Strong Stack Protector</parameter></term>
        <listitem>
          <para>Enable SSP for the kernel.  We've enabled it for the entire
          userspace with <parameter>--enable-default-ssp</parameter>
          configuring GCC, but the kernel does not use GCC default setting
          for SSP.  We enable it explicitly here.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>Support for uevent helper</parameter></term>
        <listitem>
          <para>Having this option set may interfere with device
          management when using Udev/Eudev. </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>Maintain a devtmpfs</parameter></term>
        <listitem>
          <para>This will create automated device nodes which are populated by the
          kernel, even without Udev running.  Udev then runs on top of this,
          managing permissions and adding symlinks.  This configuration
          item is required for all users of Udev/Eudev.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>Automount devtmpfs at /dev</parameter></term>
        <listitem>
          <para>This will mount the kernel view of the devices on /dev
          upon switching to root filesystem just before starting
          init.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>Enable the generic EFI decompressor</parameter></term>
        <listitem>
          <para>Create the bootable image as an EFI application that carries
          the actual kernel image in compressed form.  It can make the
          bootable image 50% smaller.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>Framebuffer Console support</parameter></term>
        <listitem>
          <para>This is needed to display the Linux console on a frame
          buffer device.  To allow the kernel to print debug messages at an
          early boot stage, it shouldn't be built as a kernel module
          unless an initramfs will be used. And, if
          <option>CONFIG_DRM</option> (Direct Rendering Manager) is enabled,
          it's likely <option>CONFIG_DRM_FBDEV_EMULATION</option> (Enable
          legacy fbdev support for your modesetting driver) should be
          enabled as well.</para>
        </listitem>
      </varlistentry>

    </variablelist>

    <para>Alternatively, <command>make oldconfig</command> may be more
    appropriate in some situations. See the <filename>README</filename>
    file for more information.</para>

    <para>If desired, skip kernel configuration by copying the kernel
    config file, <filename>.config</filename>, from the host system
    (assuming it is available) to the unpacked <filename
    class="directory">linux-&linux-version;</filename> directory. However,
    we do not recommend this option. It is often better to explore all the
    configuration menus and create the kernel configuration from
    scratch.</para>

    <para>Compile the kernel image and modules:</para>

<screen><userinput remap="make">make</userinput></screen>

    <para>If using kernel modules, module configuration in <filename
    class="directory">/etc/modprobe.d</filename> may be required.
    Information pertaining to modules and kernel configuration is
    located in <xref linkend="ch-config-udev"/> and in the kernel
    documentation in the <filename
    class="directory">linux-&linux-version;/Documentation</filename> directory.
    Also, <filename>modprobe.d(5)</filename> may be of interest.</para>

    <para>Unless module support has been disabled in the kernel configuration,
    install the modules with:</para>

<screen><userinput remap="install">make modules_install</userinput></screen>

    <para>After kernel compilation is complete, additional steps are
    required to complete the installation. Some files need to be copied to
    the <filename class="directory">/boot</filename> directory.</para>

    <caution>
      <para>If you've decided to use a separate &boot-dir; partition for the
      LFS system (maybe sharing a &boot-dir; partition with the host
      distro) , the files copied below should go there. The easiest way to
      do that is to create the entry for &boot-dir; in &fstab; first (read
      the previous section for details), then issue the following command
      as the &root; user in the
      <emphasis>chroot environment</emphasis>:</para>

<screen role="nodump"><userinput>mount /boot</userinput></screen>

      <para>The path to the device node is omitted in the command because
      <command>mount</command> can read it from &fstab;.</para>
    </caution>

    <para>The path to the kernel image may vary depending on the platform being
    used. The filename below can be changed to suit your taste, but the stem of
    the filename should be <emphasis>vmlinuz</emphasis> to be compatible with
    the automatic setup of the boot process described in the next section.  The
    following command assumes an ARM64 architecture with an EFI boot loader
    (for example, GRUB built in &ch-final;):</para>

<screen><userinput remap="install">cp -iv arch/arm64/boot/vmlinuz.efi /boot/vmlinuz-&linux-version;-lfs-&version;</userinput></screen>

    <para><filename>System.map</filename> is a symbol file for the kernel.
    It maps the function entry points of every function in the kernel API,
    as well as the addresses of the kernel data structures for the running
    kernel.  It is used as a resource when investigating kernel problems.
    Issue the following command to install the map file:</para>

<screen><userinput remap="install">cp -iv System.map /boot/System.map-&linux-version;</userinput></screen>

    <para>The kernel configuration file <filename>.config</filename>
    produced by the <command>make menuconfig</command> step
    above contains all the configuration selections for the kernel
    that was just compiled. It is a good idea to keep this file for future
    reference:</para>

<screen><userinput remap="install">cp -iv .config /boot/config-&linux-version;</userinput></screen>

    <para>Install the documentation for the Linux kernel:</para>

<screen><userinput remap="install">install -d /usr/share/doc/linux-&linux-version;
cp -r Documentation/* /usr/share/doc/linux-&linux-version;</userinput></screen>

    <para>It is important to note that the files in the kernel source
    directory are not owned by <emphasis>root</emphasis>. Whenever a
    package is unpacked as user <emphasis>root</emphasis> (like we did
    inside chroot), the files have the user and group IDs of whatever
    they were on the packager's computer. This is usually not a problem
    for any other package to be installed because the source tree is
    removed after the installation. However, the Linux source tree is
    often retained for a long time.  Because of this, there is a chance
    that whatever user ID the packager used will be assigned to somebody
    on the machine. That person would then have write access to the kernel
    source.</para>

    <note>
      <para>In many cases, the configuration of the kernel will need to be
      updated for packages that will be installed later in BLFS.  Unlike
      other packages, it is not necessary to remove the kernel source tree
      after the newly built kernel is installed.</para>

      <para>If the kernel source tree is going to be retained, run
      <command>chown -R 0:0</command> on the <filename
      class="directory">linux-&linux-version;</filename> directory to ensure
      all files are owned by user <emphasis>root</emphasis>.</para>
    </note>

    <warning>
      <para>Some kernel documentation recommends creating a symlink from
      <filename class="symlink">/usr/src/linux</filename> pointing to the kernel
      source directory.  This is specific to kernels prior to the 2.6 series and
      <emphasis>must not</emphasis> be created on an LFS system as it can cause
      problems for packages you may wish to build once your base LFS system is
      complete.</para>
    </warning>

    <warning>
      <para>The headers in the system's <filename
      class="directory">include</filename> directory (<filename
      class="directory">/usr/include</filename>) should
      <emphasis>always</emphasis> be the ones against which Glibc was compiled,
      that is, the sanitised headers installed in <xref
      linkend="ch-tools-linux-headers"/>.  Therefore, they should
      <emphasis>never</emphasis> be replaced by either the raw kernel headers
      or any other kernel sanitized headers.</para>
    </warning>

  </sect2>

  <sect2 id="conf-modprobe" role="configuration">
    <title>Configuring Linux Module Load Order</title>

    <indexterm zone="conf-modprobe">
      <primary sortas="e-/etc/modprobe.d/usb.conf">/etc/modprobe.d/usb.conf</primary>
    </indexterm>

    <para>Most of the time Linux modules are loaded automatically, but
    sometimes it needs some specific direction.  The program that loads
    modules, <command>modprobe</command> or <command>insmod</command>, uses
    <filename>/etc/modprobe.d/usb.conf</filename> for this purpose.  This file
    needs to be created so that if the USB drivers (ehci_hcd, ohci_hcd and
    uhci_hcd) have been built as modules, they will be loaded in the correct
    order; ehci_hcd needs to be loaded prior to ohci_hcd and uhci_hcd in order
    to avoid a warning being output at boot time.</para>

    <para>Create a new file <filename>/etc/modprobe.d/usb.conf</filename> by running
    the following:</para>

<screen><userinput>install -v -m755 -d /etc/modprobe.d
cat &gt; /etc/modprobe.d/usb.conf &lt;&lt; "EOF"
<literal># Begin /etc/modprobe.d/usb.conf

install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i ohci_hcd ; true
install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i uhci_hcd ; true

# End /etc/modprobe.d/usb.conf</literal>
EOF</userinput></screen>

  </sect2>

  <sect2 id="contents-kernel" role="content">
    <title>Contents of Linux</title>

    <segmentedlist>
      <segtitle>Installed files</segtitle>
      <segtitle>Installed directories</segtitle>

      <seglistitem>
        <seg>config-&linux-version;,
        vmlinuz-&linux-version;-lfs-&version;,
        and System.map-&linux-version;</seg>
        <seg>/lib/modules, /usr/share/doc/linux-&linux-version;</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="config">
        <term><filename>config-&linux-version;</filename></term>
        <listitem>
          <para>Contains all the configuration selections for the kernel</para>
          <indexterm zone="ch-bootable-kernel config">
            <primary sortas="e-/boot/config">/boot/config-&linux-version;</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="lfskernel">
        <term><filename>vmlinuz-&linux-version;-lfs-&version;</filename></term>
        <listitem>
          <para>The engine of the Linux system. When turning on the computer,
          the kernel is the first part of the operating system that gets loaded.
          It detects and initializes all components of the computer's hardware,
          then makes these components available as a tree of files to the
          software and turns a single CPU into a multitasking machine capable
          of running scores of programs seemingly at the same time</para>
          <indexterm zone="ch-bootable-kernel lfskernel">
            <primary sortas="b-lfskernel">lfskernel-&linux-version;</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="System.map">
        <term><filename>System.map-&linux-version;</filename></term>
        <listitem>
          <para>A list of addresses and symbols; it maps the entry points and
          addresses of all the functions and data structures in the
          kernel</para>
          <indexterm zone="ch-bootable-kernel System.map">
            <primary sortas="e-/boot/System.map">/boot/System.map-&linux-version;</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>