How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.

Guddla Rupesh rupeshforu3 at gmail.com
Wed Mar 2 11:55:29 EST 2022


I have seen the config from /proc/config.gz and found that processor family
as generic x86 64.

Actually my system consists of i3 10th gen comet lake 10100 which has
integrated graphics and pci express 4.0 and also lots of new instructions
like avx2, sse4 etc.,.

The main reason of compiling source code of kernel is it detects all my
hardware and provide support for opencl, video acceleration etc.,. But I
can't find any option to select my processor especially comet lake or
atleast skylake and instead there is an option called core2 in the section
processor family.

Finally I have disabled secure boot mode in bios and compiled source code
successfully and now I am able to boot into the latest build kernel but
there is no difference in performance between old and new kernels.

I think that normal kernel shipped by the distro is generic and it doesn't
have support for latest instructions like avx2, sse4 etc.,. To get support
we must compile kernel with lots of tuning.

I have exported the modules running on system and disable others by running
the command

make localmodconfig

What I want is " is there any way to export my cpu instruction set to
kernel .config file and compile kernel and install the modules.".

If I can compile kernel source code then my Linux system will run at
extreme speeds never before.

On Tue, 1 Mar 2022, 11:28 pm Rogério Valentim Feitoza da Silva, <
rogerio.silva3920 at gmail.com> wrote:

> On Tuesday, 1 March 2022 at 00:08, Guddla Rupesh <rupeshforu3 at gmail.com>
> wrote:
> >
> > Hi I am Rupesh from India and I have pc i3 processor and h510
> motherboard It has uefi. I have installed open suse tumblewood and all the
> packages have been updated. As the default kernel provided by open suse
> tumblewood is not working properly I want to compile source code of new
> kernel which is obtained from kernel.org and the kernel source code
> present in /usr/src/linux*** but I can't.
> >
> > As the pc is uefi based I am getting lot of errors related to signing. I
> have installed all latest packages related to gcc, make, ctags, cscope,
> open ssh, open SSL, auto make, auto conf, cmake etc.,.
> >
> > I have created the config file from the existing configuration of system
> using the following command
> >
> > make localmodconfig
> >
> > I have succeeded in compiling source code of new kernel using make
> command but when I execute the command
> >
> > make install
> >
> > I am getting error as
> >
> > " certificate must have code signing extended key usage defined for
> secure boot ".
> >
> > After some time vmlinux, initrd files are created but when I try to boot
> the newly compiled kernel from grub I am getting errors as
> >
> > "bad shim signature"
> > "you need to load the kernel first"
> >
> > I have tried a number of ways to compile successfully such as disabling
> secure boot in yast boot loader, selecting load all modules by verifying
> signature etc.,.
> >
> > Currently my .config file consists of the following lines containing the
> word sig
> >
> > [CODE]
> > CONFIG_SIGNALFD=y
> > CONFIG_KEXEC_SIG=y
> > CONFIG_KEXEC_SIG_FORCE=y
> > CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
> > # CONFIG_STRICT_SIGALTSTACK_SIZE is not set
> > CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL=38
> > CONFIG_OLD_SIGSUSPEND3=y
> > CONFIG_COMPAT_OLD_SIGACTION=y
> > CONFIG_DYNAMIC_SIGFRAME=y
> > CONFIG_MODULE_SIG_FORMAT=y
> > CONFIG_MODULE_SIG=y
> > CONFIG_MODULE_SIG_FORCE=y
> > CONFIG_MODULE_SIG_ALL=y
> > # CONFIG_MODULE_SIG_SHA1 is not set
> > # CONFIG_MODULE_SIG_SHA224 is not set
> > CONFIG_MODULE_SIG_SHA256=y
> > # CONFIG_MODULE_SIG_SHA384 is not set
> > # CONFIG_MODULE_SIG_SHA512 is not set
> > CONFIG_MODULE_SIG_HASH="sha256"
> > CONFIG_TCP_MD5SIG=y
> > CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y
> > # DesignWare PCI Core Support
> > # end of DesignWare PCI Core Support
> > CONFIG_I2C_DESIGNWARE_CORE=y
> > # CONFIG_I2C_DESIGNWARE_SLAVE is not set
> > CONFIG_I2C_DESIGNWARE_PLATFORM=y
> > CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
> > # CONFIG_I2C_DESIGNWARE_PCI is not set
> > # CONFIG_SPI_DESIGNWARE is not set
> > # CONFIG_SND_HDA_CODEC_SIGMATEL is not set
> > # CONFIG_USB_ISIGHTFW is not set
> > CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
> > CONFIG_INTEGRITY_SIGNATURE=y
> > # CONFIG_IMA_SIG_TEMPLATE is not set
> > CONFIG_IMA_APPRAISE_MODSIG=y
> > CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
> > CONFIG_SIGNED_PE_FILE_VERIFICATION=y
> > # Certificates for signature checking
> > CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
> > CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
> > # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set
> > # end of Certificates for signature checking
> > CONFIG_CHECK_SIGNATURE=y
> > CONFIG_SIGNATURE=y
> > [/CODE]
> >
> >
> > Kindly try to suggest how to compile the source code of kernel for uefi
> system with automatic key singing and how to boot the compiled kernel from
> grub2.
> >
> >
> > Regards,
> > Rupesh.
> > _______________________________________________
> > Kernelnewbies mailing list
> > Kernelnewbies at kernelnewbies.org
> > https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> The "bad shim signature" error is probably from GRUB's "kernel"
> command. That might mean the "kernel" command has failed to load the
> kernel, and therefore the "boot" command failed because there is no
> kernel to transfer control to.
>
> -Rogério Valentim
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20220302/0b88a8c5/attachment-0001.html>


More information about the Kernelnewbies mailing list