path: root/chapter10/kernel.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../general.ent">
  %general-entities;
]>

<sect1 id="ch-bootable-kernel" role="wrap">
  <?dbhtml filename="kernel.html"?>

  <sect1info condition="script">
    <productname>kernel</productname>
    <productnumber>&linux-version;</productnumber>
    <address>&linux-url;</address>
  </sect1info>

  <title>Linux-&linux-version;</title>

  <indexterm zone="ch-bootable-kernel">
    <primary sortas="a-Linux">Linux</primary>
  </indexterm>

  <sect2 role="package">
    <title/>

    <para>The Linux package contains the Linux kernel.</para>

    <segmentedlist>
      <segtitle>&buildtime;</segtitle>
      <segtitle>&diskspace;</segtitle>

      <seglistitem>
        <seg>&linux-knl-sbu;</seg>
        <seg>&linux-knl-du;</seg>
      </seglistitem>
    </segmentedlist>

  </sect2>

  <sect2 role="installation">
    <title>Installation of the kernel</title>

    <para>Building the kernel involves a few steps&mdash;configuration,
    compilation, and installation. Read the <filename>README</filename> file
    in the kernel source tree for alternative methods to the way this book
    configures the kernel.</para>

    <para>Prepare for compilation by running the following command:</para>

<screen><userinput remap="pre">make mrproper</userinput></screen>

    <para>This ensures that the kernel tree is absolutely clean. The
    kernel team recommends that this command be issued prior to each
    kernel compilation. Do not rely on the source tree being clean after
    un-tarring.</para>

    <para>There are several ways to configure the kernel options. Usually,
    This is done through a menu-driven interface, for example:</para>

<screen role="nodump"><userinput>make menuconfig</userinput></screen>

    <variablelist>
      <title>The meaning of optional make environment variables:</title>

      <varlistentry>
        <term><parameter>LANG=&lt;host_LANG_value&gt; LC_ALL=</parameter></term>
        <listitem>
          <para>This establishes the locale setting to the one used on the
          host.  This may be needed for a proper menuconfig ncurses interface
          line drawing on a UTF-8 linux text console.</para>

          <para>If used, be sure to replace
          <replaceable>&lt;host_LANG_value&gt;</replaceable> by the value of
          the <envar>$LANG</envar> variable from your host.  You can
          alternatively use instead the host's value of <envar>$LC_ALL</envar>
          or <envar>$LC_CTYPE</envar>.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><command>make menuconfig</command></term>
        <listitem>
          <para>This launches an ncurses menu-driven interface. For other
          (graphical) interfaces, type <command>make help</command>.</para>
        </listitem>
      </varlistentry>
    </variablelist>

    <!-- Support for compiling a keymap into the kernel is deliberately removed -->

    <para>For general information on kernel configuration see <ulink
    url="&hints-root;kernel-configuration.txt"/>.  BLFS has some information
    regarding particular kernel configuration requirements of packages outside
    of LFS at <ulink
    url="&blfs-book;longindex.html#kernel-config-index"/>.  Additional
    information about configuring and building the kernel can be found at
    <ulink url="http://www.kroah.com/lkn/"/> </para>

    <para>
      Set up a minimal base configuration:
    </para>

    <screen role="nodump"><userinput>cat &gt; lfs.config &lt;&lt; EOF<literal>
# Many packages expect SysV IPC or POSIX message queue
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y

# Mainstream x86 system contains multiple CPU cores.  This is needed to use
# all the cores.
CONFIG_SMP=y

# Many packages expect the basic network functionality is available, even
# if the system has no NIC at all.
CONFIG_NET=y
CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IPV6=y

# Mainstream x86 system use PCIe as the system bus for peripherals.
CONFIG_PCI=y
CONFIG_PCIEPORTBUS=y

# Enable devtmpfs which is necessary for udev, and mount it at early boot
# stage so we don't need to create static device nodes in /dev.
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y

# LFS uses ext4 file system.  Don't set it to m or you'll need an initramfs.
# Also Enable Access Control List feature needed by the Acl package.
CONFIG_EXT4_FS=y
CONFIG_EXT4_FS_POSIX_ACL=y

# Allow to execute ELF executables and scripts.  All executables in a LFS
# system are either ELF or a script.
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_SCRIPT=y

# Allow to use framebuffer console if your BIOS provides a framebuffer.
# Otherwise the VGA console (forced to y with CONFIG_EXPERT=n) can be used
# as a fallback.  Some of them can be set to m, but doing so may cause debug
# difficulties in case the boot fails before loading modules.
CONFIG_SYSFB_SIMPLEFB=y
CONFIG_FB=y
CONFIG_DRM=y
CONFIG_DRM_FBDEV_EMULATION=y
CONFIG_DRM_SIMPLEDRM=y

# Enable NVME disk and disk controller support, SATA disk support, and AHCI
# SATA controller support.  They should be enough for accessing the disk
# for a mainstream x86 system.  Do not set them to m, or an initramfs will
# be needed for boot.
CONFIG_BLK_DEV_NVME=y
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_ATA=y
CONFIG_SATA_AHCI=y

# Enable kernel modules.  If you think it's not necessary, you can omit it
# and change all "m" below to "y".
CONFIG_MODULES=y

# Enable PS/2 and USB keyboards, and the USB controllers on mainstream x86
# systems.
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=m
CONFIG_USB_SUPPORT=y
CONFIG_USB=m
CONFIG_USB_PCI=y
CONFIG_USB_HID=m
CONFIG_HID_GENERIC=m
CONFIG_USB_XHCI_HCD=m
CONFIG_USB_EHCI_HCD=m
CONFIG_USB_OHCI_HCD=m
CONFIG_USB_OHCI_HCD_PCI=m
CONFIG_USB_UHCI_HCD=m

# Enable ASLR and SSP for the kernel.  We've already protected the entire
# userspace with them (via --enable-default-{pie,ssp} in GCC configuration)
# so it does not make too much sense to leave the kernel alone.
CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_STACKPROTECTOR=y
CONFIG_STACKPROTECTOR_STRONG=y

# Enable ACPI or the system will not shutdown or reboot correctly.
CONFIG_ACPI=y

# Enable CMOS RTC shipped in mainstream x86 systems, so the system time
# will be correct once LFS is boot.
CONFIG_RTC_CLASS=y
CONFIG_RTC_INTF_DEV=y
CONFIG_RTC_DRV_CMOS=y

# Not strictly needed, but it seems a nice optimization.
CONFIG_JUMP_LABEL=y

</literal>EOF</userinput></screen>

    <para>
      Now enable some additional settings depending on if you are building
      a 32-bit or 64-bit system:
    </para>

<screen role='nodump'><userinput>if [ $(uname -m) = x86_64 ]; then
	cat &gt;&gt; lfs.config &lt;&lt; EOF<literal>
# Enable building a 64-bit kernel.
CONFIG_64BIT=y

# Enable x2apic which is recommended by Intel on supported systems.
# It also prevents a kernel panic when the BIOS forcefully enables x2apic.
CONFIG_PCI_MSI=y
CONFIG_IOMMU_SUPPORT=y
CONFIG_IRQ_REMAP=y
CONFIG_X86_X2APIC=y

</literal>EOF
else
	cat &gt;&gt; lfs.config &lt;&lt; EOF<literal>
# Enable using more than 4GB memory because mainstream x86 systems often
# contains more.
CONFIG_HIGHMEM64G=y

# Enable the system calls with 32-bit time_t.  This is necessary until the
# year 2037 problem solved in all packages.
CONFIG_COMPAT_32BIT_TIME=y

</literal>EOF
fi</userinput></screen>

    <para revision='systemd'>
      Enable some features needed by Systemd:
    </para>

    <screen role="nodump" revision="systemd"><userinput>cat &gt;&gt; lfs.config &lt;&lt;EOF<literal>
CONFIG_PSI=y
CONFIG_CGROUPS=y
CONFIG_MEMCG=y
CONFIG_SECCOMP=y
CONFIG_NETDEVICES=y
CONFIG_DMIID=y
CONFIG_INOTIFY_USER=y
CONFIG_AUTOFS_FS=m
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y

</literal>EOF</userinput></screen>

    <para>
      Now create the <filename>.config</filename> file with our settings
      in <filename>lfs.config</filename>, but other options disabled:
    </para>

<screen role="nodump"><userinput>KCONFIG_ALLCONFIG=lfs.config make allnoconfig</userinput></screen>

    <para>
      Check if our settings are set correctly:
    </para>

<screen role="nodump"><userinput>for i in $(sed '/^#/d' lfs.config); do
  grep $i .config -q || echo "$i is not set correctly"
done</userinput></screen>

    <para>
      Enable mitigations against hardware vulnerabilities in mainstream x86
      systems.  Even if you want to disable them (only do so if you know
      what you are doing), it would be better to use
      <option>mitigations=off</option> in the kernel command line instead of
      disabling them at build time:
    </para>

<screen role="nodump"><userinput>echo "CONFIG_SPECULATION_MITIGATIONS=y" >> .config
make olddefconfig</userinput></screen>

    <note>
      <para>
        In the instructions above, a <quote>mainstream x86 system</quote>
        means a x86 system manufactured in 2010 or more recent.  All these
        systems should have 64-bit capability (though still compatible with
        32-bit distros).
      </para>

      <para>
        If your system is older, it may contain a non-AHCI ATA controller.
        Then you need to set <option>CONFIG_ATA_SFF=y</option>,
        <option>CONFIG_ATA_BMDMA=y</option>, and a suitable driver for the
        ATA controller (for example, <option>CONFIG_ATA_PIIX=y</option>
        for old Intel chipsets and QEMU virtual machines).
      </para>

      <para>
        If your system is older and it contains 4GB or smaller RAM, and you
        are building a 32-bit LFS system, remove
        <parameter>CONFIG_HIGHMEM64G=y</parameter> or the kernel may fail
        to boot.
      </para>
    </note>

    <para>
      The instructions above has created a minimal configuration enough
      for booting LFS on a mainstream x86 system with a functional Linux
      console.  For other peripherals (NICs, mice, etc.), it's obviously
      impossible to cover all the drivers for them here.  And there are also
      other configuation options you may want to tweak.  Now you should run
      <command>make menuconfig</command> to invoke a menu-driven
      configuration interface and manually adapt the configuration for your
      need, or run <command>make localmodconfig</command> to enable all
      configuration options for kernel modules already loaded by the host
      distro (they should likely cover the drivers for the peripherals
      already connected onto the system).  Some examples of kernel
      configurations (for the systems of LFS editors) can be viewed at
      <ulink url='about:blank'>TODO</ulink>.
    </para>

    <note>
      <para>
        Do not set <option>CONFIG_WERROR=y</option> or
        <option>CONFIG_IKHEADERS=y</option>, or the kernel may fail to
        build.  Do not set <option>CONFIG_SYSFS_DEPRECATED=y</option>,
        <option>CONFIG_UEVENT_HELPER=y</option>, or
        <option>CONFIG_FW_LOADER_USER_HELPER=y</option>, or the system may
        fail to boot.  Do not set <option>CONFIG_EXPERT=y</option>
        unless you really know what you are doing.
      </para>
    </note>

    <para>Compile the kernel image and modules:</para>

<screen><userinput remap="make">make</userinput></screen>

    <para>If using kernel modules, module configuration in <filename
    class="directory">/etc/modprobe.d</filename> may be required.
    Information pertaining to modules and kernel configuration is
    located in <xref linkend="ch-config-udev"/> and in the kernel
    documentation in the <filename
    class="directory">linux-&linux-version;/Documentation</filename> directory.
    Also, <filename>modprobe.d(5)</filename> may be of interest.</para>

    <para>Unless module support has been disabled in the kernel configuration,
    install the modules with:</para>

<screen><userinput remap="install">make modules_install</userinput></screen>

    <para>After kernel compilation is complete, additional steps are
    required to complete the installation. Some files need to be copied to
    the <filename class="directory">/boot</filename> directory.</para>

    <caution>
      <para>If you've decided to use a separate &boot-dir; partition for the
      LFS system (maybe sharing a &boot-dir; partition with the host
      distro) , the files copied below should go there. The easiest way to
      do that is to create the entry for &boot-dir; in &fstab; first (read
      the previous section for details), then issue the following command
      as the &root; user in the
      <emphasis>chroot environment</emphasis>:</para>

<screen role="nodump"><userinput>mount /boot</userinput></screen>

      <para>The path to the device node is omitted in the command because
      <command>mount</command> can read it from &fstab;.</para>
    </caution>

    <para>The path to the kernel image may vary depending on the platform being
    used. The filename below can be changed to suit your taste, but the stem of
    the filename should be <emphasis>vmlinuz</emphasis> to be compatible with
    the automatic setup of the boot process described in the next section.  The
    following command assumes an x86 architecture:</para>

<screen><userinput remap="install">cp -iv arch/x86/boot/bzImage /boot/vmlinuz-&linux-version;-lfs-&version;</userinput></screen>

    <para><filename>System.map</filename> is a symbol file for the kernel.
    It maps the function entry points of every function in the kernel API,
    as well as the addresses of the kernel data structures for the running
    kernel.  It is used as a resource when investigating kernel problems.
    Issue the following command to install the map file:</para>

<screen><userinput remap="install">cp -iv System.map /boot/System.map-&linux-version;</userinput></screen>

    <para>The kernel configuration file <filename>.config</filename>
    produced by the <command>make menuconfig</command> step
    above contains all the configuration selections for the kernel
    that was just compiled. It is a good idea to keep this file for future
    reference:</para>

<screen><userinput remap="install">cp -iv .config /boot/config-&linux-version;</userinput></screen>

    <para>Install the documentation for the Linux kernel:</para>

<screen><userinput remap="install">install -d /usr/share/doc/linux-&linux-version;
cp -r Documentation/* /usr/share/doc/linux-&linux-version;</userinput></screen>

    <para>It is important to note that the files in the kernel source
    directory are not owned by <emphasis>root</emphasis>. Whenever a
    package is unpacked as user <emphasis>root</emphasis> (like we did
    inside chroot), the files have the user and group IDs of whatever
    they were on the packager's computer. This is usually not a problem
    for any other package to be installed because the source tree is
    removed after the installation. However, the Linux source tree is
    often retained for a long time.  Because of this, there is a chance
    that whatever user ID the packager used will be assigned to somebody
    on the machine. That person would then have write access to the kernel
    source.</para>

    <note>
      <para>In many cases, the configuration of the kernel will need to be
      updated for packages that will be installed later in BLFS.  Unlike
      other packages, it is not necessary to remove the kernel source tree
      after the newly built kernel is installed.</para>

      <para>If the kernel source tree is going to be retained, run
      <command>chown -R 0:0</command> on the <filename
      class="directory">linux-&linux-version;</filename> directory to ensure
      all files are owned by user <emphasis>root</emphasis>.</para>
    </note>

    <warning>
      <para>Some kernel documentation recommends creating a symlink from
      <filename class="symlink">/usr/src/linux</filename> pointing to the kernel
      source directory.  This is specific to kernels prior to the 2.6 series and
      <emphasis>must not</emphasis> be created on an LFS system as it can cause
      problems for packages you may wish to build once your base LFS system is
      complete.</para>
    </warning>

    <warning>
      <para>The headers in the system's <filename
      class="directory">include</filename> directory (<filename
      class="directory">/usr/include</filename>) should
      <emphasis>always</emphasis> be the ones against which Glibc was compiled,
      that is, the sanitised headers installed in <xref
      linkend="ch-tools-linux-headers"/>.  Therefore, they should
      <emphasis>never</emphasis> be replaced by either the raw kernel headers
      or any other kernel sanitized headers.</para>
    </warning>

  </sect2>

  <sect2 id="conf-modprobe" role="configuration">
    <title>Configuring Linux Module Load Order</title>

    <indexterm zone="conf-modprobe">
      <primary sortas="e-/etc/modprobe.d/usb.conf">/etc/modprobe.d/usb.conf</primary>
    </indexterm>

    <para>Most of the time Linux modules are loaded automatically, but
    sometimes it needs some specific direction.  The program that loads
    modules, <command>modprobe</command> or <command>insmod</command>, uses
    <filename>/etc/modprobe.d/usb.conf</filename> for this purpose.  This file
    needs to be created so that if the USB drivers (ehci_hcd, ohci_hcd and
    uhci_hcd) have been built as modules, they will be loaded in the correct
    order; ehci_hcd needs to be loaded prior to ohci_hcd and uhci_hcd in order
    to avoid a warning being output at boot time.</para>

    <para>Create a new file <filename>/etc/modprobe.d/usb.conf</filename> by running
    the following:</para>

<screen><userinput>install -v -m755 -d /etc/modprobe.d
cat &gt; /etc/modprobe.d/usb.conf &lt;&lt; "EOF"
<literal># Begin /etc/modprobe.d/usb.conf

install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i ohci_hcd ; true
install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i uhci_hcd ; true

# End /etc/modprobe.d/usb.conf</literal>
EOF</userinput></screen>

  </sect2>

  <sect2 id="contents-kernel" role="content">
    <title>Contents of Linux</title>

    <segmentedlist>
      <segtitle>Installed files</segtitle>
      <segtitle>Installed directories</segtitle>

      <seglistitem>
        <seg>config-&linux-version;,
        vmlinuz-&linux-version;-lfs-&version;,
        and System.map-&linux-version;</seg>
        <seg>/lib/modules, /usr/share/doc/linux-&linux-version;</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="config">
        <term><filename>config-&linux-version;</filename></term>
        <listitem>
          <para>Contains all the configuration selections for the kernel</para>
          <indexterm zone="ch-bootable-kernel config">
            <primary sortas="e-/boot/config">/boot/config-&linux-version;</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="lfskernel">
        <term><filename>vmlinuz-&linux-version;-lfs-&version;</filename></term>
        <listitem>
          <para>The engine of the Linux system. When turning on the computer,
          the kernel is the first part of the operating system that gets loaded.
          It detects and initializes all components of the computer's hardware,
          then makes these components available as a tree of files to the
          software and turns a single CPU into a multitasking machine capable
          of running scores of programs seemingly at the same time</para>
          <indexterm zone="ch-bootable-kernel lfskernel">
            <primary sortas="b-lfskernel">lfskernel-&linux-version;</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="System.map">
        <term><filename>System.map-&linux-version;</filename></term>
        <listitem>
          <para>A list of addresses and symbols; it maps the entry points and
          addresses of all the functions and data structures in the
          kernel</para>
          <indexterm zone="ch-bootable-kernel System.map">
            <primary sortas="e-/boot/System.map">/boot/System.map-&linux-version;</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>