source: chapter10/kernel.xml@ ce49ad6

multilib
Last change on this file since ce49ad6 was ce49ad6, checked in by Thomas Trepl <thomas@…>, 16 months ago

Automatic merge of trunk into multilib
  • Property mode set to 100644
File size: 23.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-bootable-kernel" role="wrap">
9 <?dbhtml filename="kernel.html"?>
10
11 <sect1info condition="script">
12 <productname>kernel</productname>
13 <productnumber>&linux-version;</productnumber>
14 <address>&linux-url;</address>
15 </sect1info>
16
17 <title>Linux-&linux-version;</title>
18
19 <indexterm zone="ch-bootable-kernel">
20 <primary sortas="a-Linux">Linux</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The Linux package contains the Linux kernel.</para>
27
28 <segmentedlist>
29 <segtitle>&buildtime;</segtitle>
30 <segtitle>&diskspace;</segtitle>
31
32 <seglistitem>
33 <seg>&linux-knl-sbu;</seg>
34 <seg>&linux-knl-du;</seg>
35 </seglistitem>
36 </segmentedlist>
37
38 </sect2>
39
40 <sect2 role="installation">
41 <title>Installation of the kernel</title>
42
43 <para>Building the kernel involves a few steps&mdash;configuration,
44 compilation, and installation. Read the <filename>README</filename> file
45 in the kernel source tree for alternative methods to the way this book
46 configures the kernel.</para>
47
48 <para>Prepare for compilation by running the following command:</para>
49
50<screen><userinput remap="pre">make mrproper</userinput></screen>
51
52 <para>This ensures that the kernel tree is absolutely clean. The
53 kernel team recommends that this command be issued prior to each
54 kernel compilation. Do not rely on the source tree being clean after
55 un-tarring.</para>
56
57 <para>There are several ways to configure the kernel options. Usually,
58 This is done through a menu-driven interface, for example:</para>
59
60<screen role="nodump"><userinput>make menuconfig</userinput></screen>
61
62 <variablelist>
63 <title>The meaning of optional make environment variables:</title>
64
65 <varlistentry>
66 <term><parameter>LANG=&lt;host_LANG_value&gt; LC_ALL=</parameter></term>
67 <listitem>
68 <para>This establishes the locale setting to the one used on the
69 host. This may be needed for a proper menuconfig ncurses interface
70 line drawing on a UTF-8 linux text console.</para>
71
72 <para>If used, be sure to replace
73 <replaceable>&lt;host_LANG_value&gt;</replaceable> by the value of
74 the <envar>$LANG</envar> variable from your host. You can
75 alternatively use instead the host's value of <envar>$LC_ALL</envar>
76 or <envar>$LC_CTYPE</envar>.</para>
77 </listitem>
78 </varlistentry>
79
80 <varlistentry>
81 <term><command>make menuconfig</command></term>
82 <listitem>
83 <para>This launches an ncurses menu-driven interface. For other
84 (graphical) interfaces, type <command>make help</command>.</para>
85 </listitem>
86 </varlistentry>
87 </variablelist>
88
89 <!-- Support for compiling a keymap into the kernel is deliberately removed -->
90
91 <para>For general information on kernel configuration see <ulink
92 url="&hints-root;kernel-configuration.txt"/>. BLFS has some information
93 regarding particular kernel configuration requirements of packages outside
94 of LFS at <ulink
95 url="&blfs-book;longindex.html#kernel-config-index"/>. Additional
96 information about configuring and building the kernel can be found at
97 <ulink url="http://www.kroah.com/lkn/"/> </para>
98
99 <caution>
100 <para>A good starting place for setting up the kernel configuration is to
101 run <command>make defconfig</command>. This will set the base
102 configuration to a good state that takes your current system architecture
103 into account.</para>
104
105 <para>Do not disable any option enabled by <command>make
106 defconfig</command> unless the following note explicitly makes it
107 disabled or you really know what you are doing.</para>
108 </caution>
109
110 <note>
111 <para>Be sure to enable/disable/set the following features or the system might
112 not work correctly or boot at all:</para>
113
114 <screen role="nodump" revision="sysv">Processor type and features ---&gt;
115 [*] Build a relocatable kernel [CONFIG_RELOCATABLE]
116 [*] Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE]
117General setup ---&gt;
118 [ ] Compile the kernel with warnings as errors [CONFIG_WERROR]
119 &lt; &gt; Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS]
120 [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT]
121General architecture-dependent options ---&gt;
122 [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR]
123 [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG]
124Device Drivers ---&gt;
125 Graphics support ---&gt;
126 Frame buffer Devices ---&gt;
127 &lt;*&gt; Support for frame buffer devices ---&gt;
128 Console display driver support ---&gt;
129 [*] Framebuffer Console support [CONFIG_FRAMEBUFFER_CONSOLE]
130 Generic Driver Options ---&gt;
131 [ ] Support for uevent helper [CONFIG_UEVENT_HELPER]
132 [*] Maintain a devtmpfs filesystem to mount at /dev [CONFIG_DEVTMPFS]
133 [*] Automount devtmpfs at /dev, after the kernel mounted the rootfs [CONFIG_DEVTMPFS_MOUNT]</screen>
134
135 <screen role="nodump" revision="systemd">Processor type and features ---&gt;
136 [*] Build a relocatable kernel [CONFIG_RELOCATABLE]
137 [*] Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE]
138General setup ---&gt;
139 [ ] Compile the kernel with warnings as errors [CONFIG_WERROR]
140 [ ] Auditing Support [CONFIG_AUDIT]
141 CPU/Task time and stats accounting ---&gt;
142 [*] Pressure stall information tracking [CONFIG_PSI]
143 &lt; &gt; Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS]
144 [*] Control Group support [CONFIG_CGROUPS] ---&gt;
145 [*] Memory controller [CONFIG_MEMCG]
146 [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED]
147 [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT]
148General architecture-dependent options ---&gt;
149 [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP]
150 [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR]
151 [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG]
152Networking support ---&gt;
153 Networking options ---&gt;
154 &lt;*&gt; The IPv6 protocol [CONFIG_IPV6]
155Device Drivers ---&gt;
156 Generic Driver Options ---&gt;
157 [ ] Support for uevent helper [CONFIG_UEVENT_HELPER]
158 [*] Maintain a devtmpfs filesystem to mount at /dev [CONFIG_DEVTMPFS]
159 [*] Automount devtmpfs at /dev, after the kernel mounted the rootfs [CONFIG_DEVTMPFS_MOUNT]
160 Firmware Loader ---&gt;
161 [ ] Enable the firmware sysfs fallback mechanism [CONFIG_FW_LOADER_USER_HELPER]
162 Firmware Drivers ---&gt;
163 [*] Export DMI identification via sysfs to userspace [CONFIG_DMIID]
164 Graphics support ---&gt;
165 Frame buffer Devices ---&gt;
166 &lt;*&gt; Support for frame buffer devices ---&gt;
167 Console display driver support ---&gt;
168 [*] Framebuffer Console support [CONFIG_FRAMEBUFFER_CONSOLE]
169File systems ---&gt;
170 [*] Inotify support for userspace [CONFIG_INOTIFY_USER]
171 Pseudo filesystems ---&gt;
172 [*] Tmpfs POSIX Access Control Lists [CONFIG_TMPFS_POSIX_ACL]</screen>
173
174 <para>Enable some additional features if you are building a 64-bit
175 system. If you are using menuconfig, enable them in the order of
176 <parameter>CONFIG_PCI_MSI</parameter> first, then
177 <parameter>CONFIG_IRQ_REMAP</parameter>, at last
178 <parameter>CONFIG_X86_X2APIC</parameter> because an option only
179 shows up after its dependencies are selected.</para>
180
181 <screen role="nodump">Processor type and features ---&gt;
182 [*] Support x2apic [CONFIG_X86_X2APIC]
183Device Drivers ---&gt;
184 [*] PCI Support ---&gt; [CONFIG_PCI]
185 [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI]
186 [*] IOMMU Hardware Support ---&gt; [CONFIG_IOMMU_SUPPORT]
187 [*] Support for Interrupt Remapping [CONFIG_IRQ_REMAP]</screen>
188 </note>
189
190 <note revision="systemd">
191 <para>While "The IPv6 Protocol" is not strictly
192 required, it is highly recommended by the systemd developers.</para>
193 </note>
194
195 <para revision="sysv">There are several other options that may be desired
196 depending on the requirements for the system. For a list of options needed
197 for BLFS packages, see the <ulink
198 url="&lfs-root;blfs/view/&short-version;/longindex.html#kernel-config-index">BLFS
199 Index of Kernel Settings</ulink>
200 (&lfs-root;blfs/view/&short-version;/longindex.html#kernel-config-index).</para>
201
202 <note>
203 <para>If your host hardware is using UEFI and you wish to boot the
204 LFS system with it, you should adjust some kernel configuration
205 following <ulink url="&blfs-book;postlfs/grub-setup.html#uefi-kernel">
206 the BLFS page</ulink>.</para>
207 </note>
208
209 <note arch="ml_32,ml_x32,ml_all">
210 <para>
211 The kernel on a multilib system needs to be able to
212 identify and start binaries compiled for different architectures
213 than the default.
214 </para>
215
216 <para arch="ml_32,ml_all">
217 If support for any 32bit ABI was built, make sure that the option
218 "IA32 Emulation" is selected. The option 'IA32 a.out support' is
219 optional.
220 </para>
221
222 <para arch="ml_x32,ml_all">
223 If support for the x32bit ABI was built, make sure that the option
224 "x32 ABI for 64-bit mode" is selected.
225 </para>
226
227<screen arch="ml_32">Binary Emulations ---&gt;
228 [*] IA32 Emulation [CONFIG_IA32_EMULATION]
229 &lt;M&gt; IA32 a.out support [CONFIG_IA32_AOUT]
230</screen>
231<screen arch="ml_x32">Binary Emulations ---&gt;
232 [*] x32 ABI for 64-bit mode [CONFIG_X86_X32]
233</screen>
234<screen arch="ml_all">Binary Emulations ---&gt;
235 [*] IA32 Emulation [CONFIG_IA32_EMULATION]
236 &lt;M&gt; IA32 a.out support [CONFIG_IA32_AOUT]
237 [*] x32 ABI for 64-bit mode [CONFIG_X86_X32]
238</screen>
239 </note>
240
241 <variablelist>
242 <title>The rationale for the above configuration items:</title>
243
244 <varlistentry>
245 <term><parameter>Randomize the address of the kernel image (KASLR)</parameter></term>
246 <listitem>
247 <para>Enable ASLR for kernel image, to mitigate some attacks based
248 on fixed addresses of sensitive data or code in the kernel.</para>
249 </listitem>
250 </varlistentry>
251
252 <varlistentry>
253 <term>
254 <parameter>
255 Compile the kernel with warnings as errors
256 </parameter>
257 </term>
258 <listitem>
259 <para>This may cause building failure if the compiler and/or
260 configuration are different from those of the kernel
261 developers.</para>
262 </listitem>
263 </varlistentry>
264
265 <varlistentry>
266 <term>
267 <parameter>
268 Enable kernel headers through /sys/kernel/kheaders.tar.xz
269 </parameter>
270 </term>
271 <listitem>
272 <para>This will require <command>cpio</command> building the kernel.
273 <command>cpio</command> is not installed by LFS.</para>
274 </listitem>
275 </varlistentry>
276
277 <varlistentry>
278 <term>
279 <parameter>
280 Configure standard kernel features (expert users)
281 </parameter>
282 </term>
283 <listitem>
284 <para>This will make some options show up in the configuration
285 interface but changing those options may be dangerous. Do not use
286 this unless you know what you are doing.</para>
287 </listitem>
288 </varlistentry>
289
290 <varlistentry>
291 <term><parameter>Strong Stack Protector</parameter></term>
292 <listitem>
293 <para>Enable SSP for the kernel. We've enabled it for the entire
294 userspace with <parameter>--enable-default-ssp</parameter>
295 configuring GCC, but the kernel does not use GCC default setting
296 for SSP. We enable it explicitly here.</para>
297 </listitem>
298 </varlistentry>
299
300 <varlistentry>
301 <term><parameter>Support for uevent helper</parameter></term>
302 <listitem>
303 <para>Having this option set may interfere with device
304 management when using Udev/Eudev. </para>
305 </listitem>
306 </varlistentry>
307
308 <varlistentry>
309 <term><parameter>Maintain a devtmpfs</parameter></term>
310 <listitem>
311 <para>This will create automated device nodes which are populated by the
312 kernel, even without Udev running. Udev then runs on top of this,
313 managing permissions and adding symlinks. This configuration
314 item is required for all users of Udev/Eudev.</para>
315 </listitem>
316 </varlistentry>
317
318 <varlistentry>
319 <term><parameter>Automount devtmpfs at /dev</parameter></term>
320 <listitem>
321 <para>This will mount the kernel view of the devices on /dev
322 upon switching to root filesystem just before starting
323 init.</para>
324 </listitem>
325 </varlistentry>
326
327 <varlistentry>
328 <term><parameter>Framebuffer Console support</parameter></term>
329 <listitem>
330 <para>This is needed to display the Linux console on a frame
331 buffer device. To allow the kernel to print debug messages at an
332 early boot stage, it shouldn't be built as a kernel module
333 unless an initramfs will be used. And, if
334 <option>CONFIG_DRM</option> (Direct Rendering Manager) is enabled,
335 it's likely <option>CONFIG_DRM_FBDEV_EMULATION</option> (Enable
336 legacy fbdev support for your modesetting driver) should be
337 enabled as well.</para>
338 </listitem>
339 </varlistentry>
340
341 <varlistentry>
342 <term><parameter>Support x2apic</parameter></term>
343 <listitem>
344 <para>Support running the interrupt controller of 64-bit x86
345 processors in x2APIC mode. x2APIC may be enabled by firmware on
346 64-bit x86 systems, and a kernel without this option enabled will
347 panic on boot if x2APIC is enabled by firmware. This option has
348 has no effect, but also does no harm if x2APIC is disabled by the
349 firmware.</para>
350 </listitem>
351 </varlistentry>
352
353 </variablelist>
354
355 <para>Alternatively, <command>make oldconfig</command> may be more
356 appropriate in some situations. See the <filename>README</filename>
357 file for more information.</para>
358
359 <para>If desired, skip kernel configuration by copying the kernel
360 config file, <filename>.config</filename>, from the host system
361 (assuming it is available) to the unpacked <filename
362 class="directory">linux-&linux-version;</filename> directory. However,
363 we do not recommend this option. It is often better to explore all the
364 configuration menus and create the kernel configuration from
365 scratch.</para>
366
367 <para>Compile the kernel image and modules:</para>
368
369<screen><userinput remap="make">make</userinput></screen>
370
371 <para>If using kernel modules, module configuration in <filename
372 class="directory">/etc/modprobe.d</filename> may be required.
373 Information pertaining to modules and kernel configuration is
374 located in <xref linkend="ch-config-udev"/> and in the kernel
375 documentation in the <filename
376 class="directory">linux-&linux-version;/Documentation</filename> directory.
377 Also, <filename>modprobe.d(5)</filename> may be of interest.</para>
378
379 <para>Unless module support has been disabled in the kernel configuration,
380 install the modules with:</para>
381
382<screen><userinput remap="install">make modules_install</userinput></screen>
383
384 <para>After kernel compilation is complete, additional steps are
385 required to complete the installation. Some files need to be copied to
386 the <filename class="directory">/boot</filename> directory.</para>
387
388 <caution>
389 <para>If you've decided to use a separate &boot-dir; partition for the
390 LFS system (maybe sharing a &boot-dir; partition with the host
391 distro) , the files copied below should go there. The easiest way to
392 do that is to create the entry for &boot-dir; in &fstab; first (read
393 the previous section for details), then issue the following command
394 as the &root; user in the
395 <emphasis>chroot environment</emphasis>:</para>
396
397<screen role="nodump"><userinput>mount /boot</userinput></screen>
398
399 <para>The path to the device node is omitted in the command because
400 <command>mount</command> can read it from &fstab;.</para>
401 </caution>
402
403 <para>The path to the kernel image may vary depending on the platform being
404 used. The filename below can be changed to suit your taste, but the stem of
405 the filename should be <emphasis>vmlinuz</emphasis> to be compatible with
406 the automatic setup of the boot process described in the next section. The
407 following command assumes an x86 architecture:</para>
408
409<screen><userinput remap="install">cp -iv arch/x86/boot/bzImage /boot/vmlinuz-&linux-version;-lfs-&version;</userinput></screen>
410
411 <para><filename>System.map</filename> is a symbol file for the kernel.
412 It maps the function entry points of every function in the kernel API,
413 as well as the addresses of the kernel data structures for the running
414 kernel. It is used as a resource when investigating kernel problems.
415 Issue the following command to install the map file:</para>
416
417<screen><userinput remap="install">cp -iv System.map /boot/System.map-&linux-version;</userinput></screen>
418
419 <para>The kernel configuration file <filename>.config</filename>
420 produced by the <command>make menuconfig</command> step
421 above contains all the configuration selections for the kernel
422 that was just compiled. It is a good idea to keep this file for future
423 reference:</para>
424
425<screen><userinput remap="install">cp -iv .config /boot/config-&linux-version;</userinput></screen>
426
427 <para>Install the documentation for the Linux kernel:</para>
428
429<screen><userinput remap="install">install -d /usr/share/doc/linux-&linux-version;
430cp -r Documentation/* /usr/share/doc/linux-&linux-version;</userinput></screen>
431
432 <para>It is important to note that the files in the kernel source
433 directory are not owned by <emphasis>root</emphasis>. Whenever a
434 package is unpacked as user <emphasis>root</emphasis> (like we did
435 inside chroot), the files have the user and group IDs of whatever
436 they were on the packager's computer. This is usually not a problem
437 for any other package to be installed because the source tree is
438 removed after the installation. However, the Linux source tree is
439 often retained for a long time. Because of this, there is a chance
440 that whatever user ID the packager used will be assigned to somebody
441 on the machine. That person would then have write access to the kernel
442 source.</para>
443
444 <note>
445 <para>In many cases, the configuration of the kernel will need to be
446 updated for packages that will be installed later in BLFS. Unlike
447 other packages, it is not necessary to remove the kernel source tree
448 after the newly built kernel is installed.</para>
449
450 <para>If the kernel source tree is going to be retained, run
451 <command>chown -R 0:0</command> on the <filename
452 class="directory">linux-&linux-version;</filename> directory to ensure
453 all files are owned by user <emphasis>root</emphasis>.</para>
454 </note>
455
456 <warning>
457 <para>Some kernel documentation recommends creating a symlink from
458 <filename class="symlink">/usr/src/linux</filename> pointing to the kernel
459 source directory. This is specific to kernels prior to the 2.6 series and
460 <emphasis>must not</emphasis> be created on an LFS system as it can cause
461 problems for packages you may wish to build once your base LFS system is
462 complete.</para>
463 </warning>
464
465 <warning>
466 <para>The headers in the system's <filename
467 class="directory">include</filename> directory (<filename
468 class="directory">/usr/include</filename>) should
469 <emphasis>always</emphasis> be the ones against which Glibc was compiled,
470 that is, the sanitised headers installed in <xref
471 linkend="ch-tools-linux-headers"/>. Therefore, they should
472 <emphasis>never</emphasis> be replaced by either the raw kernel headers
473 or any other kernel sanitized headers.</para>
474 </warning>
475
476 </sect2>
477
478 <sect2 id="conf-modprobe" role="configuration">
479 <title>Configuring Linux Module Load Order</title>
480
481 <indexterm zone="conf-modprobe">
482 <primary sortas="e-/etc/modprobe.d/usb.conf">/etc/modprobe.d/usb.conf</primary>
483 </indexterm>
484
485 <para>Most of the time Linux modules are loaded automatically, but
486 sometimes it needs some specific direction. The program that loads
487 modules, <command>modprobe</command> or <command>insmod</command>, uses
488 <filename>/etc/modprobe.d/usb.conf</filename> for this purpose. This file
489 needs to be created so that if the USB drivers (ehci_hcd, ohci_hcd and
490 uhci_hcd) have been built as modules, they will be loaded in the correct
491 order; ehci_hcd needs to be loaded prior to ohci_hcd and uhci_hcd in order
492 to avoid a warning being output at boot time.</para>
493
494 <para>Create a new file <filename>/etc/modprobe.d/usb.conf</filename> by running
495 the following:</para>
496
497<screen><userinput>install -v -m755 -d /etc/modprobe.d
498cat &gt; /etc/modprobe.d/usb.conf &lt;&lt; "EOF"
499<literal># Begin /etc/modprobe.d/usb.conf
500
501install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i ohci_hcd ; true
502install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i uhci_hcd ; true
503
504# End /etc/modprobe.d/usb.conf</literal>
505EOF</userinput></screen>
506
507 </sect2>
508
509 <sect2 id="contents-kernel" role="content">
510 <title>Contents of Linux</title>
511
512 <segmentedlist>
513 <segtitle>Installed files</segtitle>
514 <segtitle>Installed directories</segtitle>
515
516 <seglistitem>
517 <seg>config-&linux-version;,
518 vmlinuz-&linux-version;-lfs-&version;,
519 and System.map-&linux-version;</seg>
520 <seg>/lib/modules, /usr/share/doc/linux-&linux-version;</seg>
521 </seglistitem>
522 </segmentedlist>
523
524 <variablelist>
525 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
526 <?dbfo list-presentation="list"?>
527 <?dbhtml list-presentation="table"?>
528
529 <varlistentry id="config">
530 <term><filename>config-&linux-version;</filename></term>
531 <listitem>
532 <para>Contains all the configuration selections for the kernel</para>
533 <indexterm zone="ch-bootable-kernel config">
534 <primary sortas="e-/boot/config">/boot/config-&linux-version;</primary>
535 </indexterm>
536 </listitem>
537 </varlistentry>
538
539 <varlistentry id="lfskernel">
540 <term><filename>vmlinuz-&linux-version;-lfs-&version;</filename></term>
541 <listitem>
542 <para>The engine of the Linux system. When turning on the computer,
543 the kernel is the first part of the operating system that gets loaded.
544 It detects and initializes all components of the computer's hardware,
545 then makes these components available as a tree of files to the
546 software and turns a single CPU into a multitasking machine capable
547 of running scores of programs seemingly at the same time</para>
548 <indexterm zone="ch-bootable-kernel lfskernel">
549 <primary sortas="b-lfskernel">lfskernel-&linux-version;</primary>
550 </indexterm>
551 </listitem>
552 </varlistentry>
553
554 <varlistentry id="System.map">
555 <term><filename>System.map-&linux-version;</filename></term>
556 <listitem>
557 <para>A list of addresses and symbols; it maps the entry points and
558 addresses of all the functions and data structures in the
559 kernel</para>
560 <indexterm zone="ch-bootable-kernel System.map">
561 <primary sortas="e-/boot/System.map">/boot/System.map-&linux-version;</primary>
562 </indexterm>
563 </listitem>
564 </varlistentry>
565
566 </variablelist>
567
568 </sect2>
569
570</sect1>
Note: See TracBrowser for help on using the repository browser.