How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

Guddla Rupesh rupeshforu3 at gmail.com
Tue Mar 1 06:12:53 EST 2022 

Someone of you asked what is the need of compiling source code of kernel
and I am doing so due to the following reasons.

The main issues are when I click the shutdown button in desktop
environments like gnome, mate the system is not shutting down immediately.
When I run the command halt in terminal the monitor gets turned off but
still the cpu runs a long time until I switch off the power.

Previously I have tried to connect to internet through android tethering
and the connection turns off with in 6 minutes and so I have tried a number
of ways such as installing android udev rools and trying the commands

adb tcpip 5555
adb connect <my phone ip address>

Still there is no use and so I have bought usb wifi adapter which consists
of RTL 8188 and this time I am able to connect to internet all the time
through wifi.

Now the issue is when I want to copy files from android smartphone to pc
and connect the phone to pc the system is showing error as usb device not
recognised.

Before installing wifi dongle through usb I am able to connect my phone to
pc and transfer files between the two but now it is not possible.

Most of the time I work using ffmpeg tool and so I have installed open CL
packages like beignet, beignet devel, opencl headers, ocl-dev, clinfo
packages. When I issue the command clinfo I am getting errors as no open CL
devices found etc.,.


If these issues are resolved then there is no need to compile source code
of kernel.


Try to suggest how to configure the system for the following
1) shutdown the system properly when I click on the shutdown button.
2) shutdown the system properly when I issue the command halt or poweroff.
3) how to connect my smartphone through usb at the same time wifi adapter
or dongle running.
4) how tools such as ffmpeg or clinfo detect my cpu.
Hi let me know how to compile source code of kernel first.

At present I have made changes in bios secure boot as

Os type to "other os"
Secure boot mode to "standard"

After that I have disabled secure boot option in yast boot loader.

After that I have compiled kernel source code and this time also when I
issue the command "make install" I am getting same error as " must have
certificates....".

After reboot when I select the new kernel I am not getting shim error but
instead I am getting error as

"systemd: failed to load modules"

After some time I am able to see message as reached target but there is no
user login window.

Another thing I want to mention is that when I issue the command " make
install " I am able to see messages as moving vmlinuz.5.11 to
vmlinuz.5.11.old, initrd.5.11 to United.5.11.old etc.,.

Also the modules newly compiled are going to overwrite the existing modules
present in /lib/modules/kernel version.

My question is suppose I download the kernel source code from kernel.org
and it's file name is kernel.5.13.1 and the present kernel I am running is
5.13.1 then how to compile source code of kernel and create kernel with
file name vmlinuz.5.13.1-new and initrd.5.13.1-new and finally place the
kernel modules under the directory /lib/modules/5.13.1-new

Regards,
Rupesh.

On Mon, 28 Feb 2022, 11:14 pm Guddla Rupesh, <rupeshforu3 at gmail.com> wrote:

> Hi I am Rupesh from India and I have pc i3 processor and h510 motherboard
> It has uefi. I have installed open suse tumblewood and all the packages
> have been updated. As the default kernel provided by open suse tumblewood
> is not working properly I want to compile source code of new kernel which
> is obtained from kernel.org and the kernel source code present in
> /usr/src/linux*** but I can't.
>
> As the pc is uefi based I am getting lot of errors related to signing. I
> have installed all latest packages related to gcc, make, ctags, cscope,
> open ssh, open SSL, auto make, auto conf, cmake etc.,.
>
> I have created the config file from the existing configuration of system
> using the following command
>
> make localmodconfig
>
> I have succeeded in compiling source code of new kernel using make command
> but when I execute the command
>
> make install
>
> I am getting error as
>
> " certificate must have code signing extended key usage defined for secure
> boot ".
>
> After some time vmlinux, initrd files are created but when I try to boot
> the newly compiled kernel from grub I am getting errors as
>
> "bad shim signature"
> "you need to load the kernel first"
>
> I have tried a number of ways to compile successfully such as disabling
> secure boot in yast boot loader, selecting load all modules by verifying
> signature etc.,.
>
> Currently my .config file consists of the following lines containing the
> word sig
>
> [CODE]
> CONFIG_SIGNALFD=y
> CONFIG_KEXEC_SIG=y
> CONFIG_KEXEC_SIG_FORCE=y
> CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
> # CONFIG_STRICT_SIGALTSTACK_SIZE is not set
> CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL=38
> CONFIG_OLD_SIGSUSPEND3=y
> CONFIG_COMPAT_OLD_SIGACTION=y
> CONFIG_DYNAMIC_SIGFRAME=y
> CONFIG_MODULE_SIG_FORMAT=y
> CONFIG_MODULE_SIG=y
> CONFIG_MODULE_SIG_FORCE=y
> CONFIG_MODULE_SIG_ALL=y
> # CONFIG_MODULE_SIG_SHA1 is not set
> # CONFIG_MODULE_SIG_SHA224 is not set
> CONFIG_MODULE_SIG_SHA256=y
> # CONFIG_MODULE_SIG_SHA384 is not set
> # CONFIG_MODULE_SIG_SHA512 is not set
> CONFIG_MODULE_SIG_HASH="sha256"
> CONFIG_TCP_MD5SIG=y
> CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y
> # DesignWare PCI Core Support
> # end of DesignWare PCI Core Support
> CONFIG_I2C_DESIGNWARE_CORE=y
> # CONFIG_I2C_DESIGNWARE_SLAVE is not set
> CONFIG_I2C_DESIGNWARE_PLATFORM=y
> CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
> # CONFIG_I2C_DESIGNWARE_PCI is not set
> # CONFIG_SPI_DESIGNWARE is not set
> # CONFIG_SND_HDA_CODEC_SIGMATEL is not set
> # CONFIG_USB_ISIGHTFW is not set
> CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
> CONFIG_INTEGRITY_SIGNATURE=y
> # CONFIG_IMA_SIG_TEMPLATE is not set
> CONFIG_IMA_APPRAISE_MODSIG=y
> CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
> CONFIG_SIGNED_PE_FILE_VERIFICATION=y
> # Certificates for signature checking
> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
> CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
> # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set
> # end of Certificates for signature checking
> CONFIG_CHECK_SIGNATURE=y
> CONFIG_SIGNATURE=y
> [/CODE]
>
>
> Kindly try to suggest how to compile the source code of kernel for uefi
> system with automatic key singing and how to boot the compiled kernel from
> grub2.
>
>
> Regards,
> Rupesh.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20220301/9e96b52c/attachment-0001.html>

More information about the Kernelnewbies mailing list