Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

  1. #1
    Join Date
    Aug 2011
    Location
    India
    Posts
    305

    Default How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Hi I am Rupesh from India and I have pc i3 processor and h510 motherboard It has uefi. I have installed open suse tumblewood and all the packages have been updated. As the default kernel provided by open suse tumblewood is not working properly I want to compile source code of new kernel which is obtained from kernel.org and the kernel source code present in /usr/src/linux*** but I can't.

    As the pc is uefi based I am getting lot of errors related to signing. I have installed all latest packages related to gcc, make, ctags, cscope, open ssh, open SSL, auto make, auto conf, cmake etc.,.

    I have created the config file from the existing configuration of system using the following command

    make localmodconfig

    I have succeeded in compiling source code of new kernel using make command but when I execute the command

    make install

    I am getting error as

    " certificate must have code signing extended key usage defined for secure boot ".

    After some time vmlinux, initrd files are created but when I try to boot the newly compiled kernel from grub I am getting errors as

    "bad shim signature"
    "you need to load the kernel first"

    I have tried a number of ways to compile successfully such as disabling secure boot in yast boot loader, selecting load all modules by verifying signature etc.,.

    Currently my .config file consists of the following lines containing the word sig

    Code:
    CONFIG_SIGNALFD=y
    CONFIG_KEXEC_SIG=y
    CONFIG_KEXEC_SIG_FORCE=y
    CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
    # CONFIG_STRICT_SIGALTSTACK_SIZE is not set
    CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL=38
    CONFIG_OLD_SIGSUSPEND3=y
    CONFIG_COMPAT_OLD_SIGACTION=y
    CONFIG_DYNAMIC_SIGFRAME=y
    CONFIG_MODULE_SIG_FORMAT=y
    CONFIG_MODULE_SIG=y
    CONFIG_MODULE_SIG_FORCE=y
    CONFIG_MODULE_SIG_ALL=y
    # CONFIG_MODULE_SIG_SHA1 is not set
    # CONFIG_MODULE_SIG_SHA224 is not set
    CONFIG_MODULE_SIG_SHA256=y
    # CONFIG_MODULE_SIG_SHA384 is not set
    # CONFIG_MODULE_SIG_SHA512 is not set
    CONFIG_MODULE_SIG_HASH="sha256"
    CONFIG_TCP_MD5SIG=y
    CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y
    # DesignWare PCI Core Support
    # end of DesignWare PCI Core Support
    CONFIG_I2C_DESIGNWARE_CORE=y
    # CONFIG_I2C_DESIGNWARE_SLAVE is not set
    CONFIG_I2C_DESIGNWARE_PLATFORM=y
    CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
    # CONFIG_I2C_DESIGNWARE_PCI is not set
    # CONFIG_SPI_DESIGNWARE is not set
    # CONFIG_SND_HDA_CODEC_SIGMATEL is not set
    # CONFIG_USB_ISIGHTFW is not set
    CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
    CONFIG_INTEGRITY_SIGNATURE=y
    # CONFIG_IMA_SIG_TEMPLATE is not set
    CONFIG_IMA_APPRAISE_MODSIG=y
    CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
    CONFIG_SIGNED_PE_FILE_VERIFICATION=y
    # Certificates for signature checking
    CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
    CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
    # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set
    # end of Certificates for signature checking
    CONFIG_CHECK_SIGNATURE=y
    CONFIG_SIGNATURE=y

    Kindly try to suggest how to compile the source code of kernel for uefi system with automatic key singing and how to boot the compiled kernel from grub2.
    Regards,
    Rupesh.

  2. #2
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    3,992
    Blog Entries
    1

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Quote Originally Posted by rupeshforu3 View Post
    the default kernel provided by open suse tumblewood is not working properly
    The current 5.16.11, or an older one?

    What are the symptoms constituting "not working properly"?

    Why do you think compiling your own kernel will solve your problems?

    I've never found need to compile a kernel in two decades of using SUSE and openSUSE.
    Reg. Linux User 211409 *** multibooting since 1992
    Primary: 15.3, TW, 15.1 & 13.1 on Haswell @earthlink.net
    Secondary: eComStation (OS/2) &15.2 on i965P/Radeon
    Tertiary: Debian, Fedora, Mageia, more on Rocket Lake & older Intel, AMD, NVidia....

  3. #3
    Join Date
    Sep 2012
    Posts
    7,859

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Quote Originally Posted by rupeshforu3 View Post
    open suse tumblewood ... open suse tumblewood
    You consistently misspell distribution name.

    I want to compile source code of new kernel which is obtained from kernel.org...
    Kindly try to suggest how to compile the source code of kernel for uefi system with automatic key singing and how to boot the compiled kernel from grub2.
    How is this question related to Install/Boot/Login openSUSE that is the topic of this subforum?

  4. #4
    Join Date
    Aug 2011
    Location
    India
    Posts
    305

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Quote Originally Posted by arvidjaar View Post
    You consistently misspell distribution name.


    How is this question related to Install/Boot/Login openSUSE that is the topic of this subforum?
    Ok may I know where to place the current thread.
    Regards,
    Rupesh.

  5. #5
    Join Date
    Aug 2011
    Location
    India
    Posts
    305

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    The main issues are when I click the shutdown button in desktop environments like gnome, mate the system is not shutting down immediately. When I run the command halt in terminal the monitor gets turned off but still the cpu runs a long time until I switch off the power.

    Previously I have tried to connect to internet through android tethering and the connection turns off with in 6 minutes and so I have tried a number of ways such as installing android udev rools and trying the commands

    adb tcpip 5555
    adb connect <my phone ip address>

    Still there is no use and so I have bought usb wifi adapter which consists of RTL 8188 and this time I am able to connect to internet all the time through wifi.

    Now the issue is when I want to copy files from android smartphone to pc and connect the phone to pc the system is showing error as usb device not recognised.

    Before installing wifi dongle through usb I am able to connect my phone to pc and transfer files between the two but now it is not possible.

    Most of the time I work using ffmpeg tool and so I have installed open CL packages like beignet, beignet devel, opencl headers, ocl-dev, clinfo packages. When I issue the command clinfo I am getting errors as no open CL devices found etc.,.


    If these issues are resolved then there is no need to compile source code of kernel.


    Try to suggest how to configure the system for the following
    1) shutdown the system properly when I click on the shutdown button.
    2) shutdown the system properly when I issue the command halt or poweroff.
    3) how to connect my smartphone through usb at the same time wifi adapter or dongle running.
    4) how tools such as ffmpeg or clinfo detect my cpu.
    Regards,
    Rupesh.

  6. #6
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    3,992
    Blog Entries
    1

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Quote Originally Posted by rupeshforu3 View Post
    Try to suggest how to configure the system for the following
    1) shutdown the system properly when I click on the shutdown button.
    2) shutdown the system properly when I issue the command halt or poweroff.
    3) how to connect my smartphone through usb at the same time wifi adapter or dongle running.
    4) how tools such as ffmpeg or clinfo detect my cpu.
    The last two are subjects deserving unique threads. Shutting down properly without random waits is pretty important. Start one about only that.
    Reg. Linux User 211409 *** multibooting since 1992
    Primary: 15.3, TW, 15.1 & 13.1 on Haswell @earthlink.net
    Secondary: eComStation (OS/2) &15.2 on i965P/Radeon
    Tertiary: Debian, Fedora, Mageia, more on Rocket Lake & older Intel, AMD, NVidia....

  7. #7
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    4,000

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Quote Originally Posted by rupeshforu3 View Post
    Try to suggest how to configure the system for the following
    1) shutdown the system properly when I click on the shutdown button.
    2) shutdown the system properly when I issue the command halt or poweroff.
    Proper shutdown procedures are straight forward. However to my experience many users are reluctant to deal with them: https://forums.opensuse.org/showthre...Slow-Shutdowns
    i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), 5600X (2022) openSUSE Tumbleweed, KDE Plasma

  8. #8
    Join Date
    Aug 2011
    Location
    India
    Posts
    305

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Hi let me know how to compile source code of kernel first.

    At present I have made changes in bios secure boot as

    Os type to "other os"
    Secure boot mode to "standard"

    After that I have disabled secure boot option in yast boot loader.

    After that I have compiled kernel source code and this time also when I issue the command "make install" I am getting same error as " must have certificates....".

    After reboot when I select the new kernel I am not getting shim error but instead I am getting error as

    "systemd: failed to load modules"

    After some time I am able to see message as reached target but there is no user login window.

    Another thing I want to mention is that when I issue the command " make install " I am able to see messages as moving vmlinuz.5.11 to vmlinuz.5.11.old, initrd.5.11 to United.5.11.old etc.,.

    Also the modules newly compiled are going to overwrite the existing modules present in /lib/modules/kernel version.

    My question is suppose I download the kernel source code from kernel.org and it's file name is kernel.5.13.1 and the present kernel I am running is 5.13.1 then how to compile source code of kernel and create kernel with file name vmlinuz.5.13.1-new and initrd.5.13.1-new and finally place the kernel modules under the directory /lib/modules/5.13.1-new
    Regards,
    Rupesh.

  9. #9
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    3,992
    Blog Entries
    1

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Quote Originally Posted by rupeshforu3 View Post
    let me know how to compile source code of kernel first.
    Don't be surprised if no one answers this. openSUSE users have the openSUSE build service at their disposal for custom builds. Seeing discussions of compiling kernels in the various openSUSE forums is rare. There may be no one familiar with self compiling who reads here.
    Reg. Linux User 211409 *** multibooting since 1992
    Primary: 15.3, TW, 15.1 & 13.1 on Haswell @earthlink.net
    Secondary: eComStation (OS/2) &15.2 on i965P/Radeon
    Tertiary: Debian, Fedora, Mageia, more on Rocket Lake & older Intel, AMD, NVidia....

  10. #10
    Join Date
    Aug 2011
    Location
    India
    Posts
    305

    Default Re: How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

    Well I want to use obs to compile source code of kernel but is it possible compile locally on my machine without uploading to server.

    Can I install obs server as a package.

    There are a number of guis for compilers like eclipse, visual studio, android studio. In these software just we can open the .sln or other project files and automatically the executable code is generated. These tools take care of setting up the environment, loading repository like git etc.,.

    I think that compiling source code using obs involve creating a package, home directory etc., and in order to create these we must read lots of manuals etc.,.

    I prefer always gui than cli because it is easy to use. For example ffmpeg tool consists of lot of manual and one must read thoroughly inorder to work in terminal and instead there are nice guis for ffmpeg in which we need to provide input file name and output file name and codec option.

    While working with command line if we forget any , or ; or : there are lots of risk.

    Finally what I want is a nice front end for osc which sets up environment, home directory, load other repository etc.,. Here there is no need to read manual of osc.
    Regards,
    Rupesh.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •