Difference between revisions of "Handbook:Parts/Installation/Kernel"
Maffblaster (talk | contribs) (Add NVMe support to manual kernel configuration options.) |
Maffblaster (talk | contribs) (→Enabling support for typical system components: Limit file system section.) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 91: | Line 91: | ||
<!--T:52--> | <!--T:52--> | ||
− | If an entirely manual configuration looks too daunting, system administrators should consider using {{c|genkernel}} as a hybrid approach to kernel maintenance. | + | If an entirely manual configuration looks too daunting, system administrators should consider using {{c|[[genkernel]]}} as a hybrid approach to kernel maintenance. |
Genkernel provides a generic kernel configuration file, automatically '''''gen'''''erates the '''''kernel''''', initramfs, and associated modules, and then installs the resulting binaries to the appropriate locations. This results in minimal and generic hardware support for the system's first boot, and allows for additional update control and customization of the kernel's configuration in the future. | Genkernel provides a generic kernel configuration file, automatically '''''gen'''''erates the '''''kernel''''', initramfs, and associated modules, and then installs the resulting binaries to the appropriate locations. This results in minimal and generic hardware support for the system's first boot, and allows for additional update control and customization of the kernel's configuration in the future. | ||
Line 178: | Line 178: | ||
The Linux kernel configuration has many, many sections. Let's first list some options that must be activated (otherwise Gentoo will not function, or not function properly without additional tweaks). We also have a [[Kernel/Gentoo_Kernel_Configuration_Guide|Gentoo kernel configuration guide]] on the Gentoo wiki that might help out further. | The Linux kernel configuration has many, many sections. Let's first list some options that must be activated (otherwise Gentoo will not function, or not function properly without additional tweaks). We also have a [[Kernel/Gentoo_Kernel_Configuration_Guide|Gentoo kernel configuration guide]] on the Gentoo wiki that might help out further. | ||
− | ==== | + | ==== Enabling required options ==== <!--T:25--> |
<!--T:84--> | <!--T:84--> | ||
Line 200: | Line 200: | ||
<!--T:85--> | <!--T:85--> | ||
When using {{Package|sys-kernel/vanilla-sources}}, the additional selections for init systems will be unavailable. Enabling support is possible, but goes beyond the scope of the handbook. | When using {{Package|sys-kernel/vanilla-sources}}, the additional selections for init systems will be unavailable. Enabling support is possible, but goes beyond the scope of the handbook. | ||
+ | |||
+ | ==== Enabling support for typical system components ==== | ||
<!--T:26--> | <!--T:26--> | ||
− | Make sure that every driver that is vital to the booting of the system (such as | + | Make sure that every driver that is vital to the booting of the system (such as SATA controllers, NVMe block device support, filesystem support, etc.) is compiled in the kernel and not as a module, otherwise the system may not be able to boot completely. |
<!--T:27--> | <!--T:27--> | ||
Line 211: | Line 213: | ||
<!--T:29--> | <!--T:29--> | ||
− | {{KernelBox|title=Enabling devtmpfs support|1= | + | {{KernelBox|title=Enabling devtmpfs support (<var>CONFIG_DEVTMPFS</var>)|1= |
Device Drivers ---> | Device Drivers ---> | ||
Generic Driver Options ---> | Generic Driver Options ---> | ||
Line 222: | Line 224: | ||
<!--T:81--> | <!--T:81--> | ||
− | {{KernelBox|title=Enabling SCSI disk support|1= | + | {{KernelBox|title=Enabling SCSI disk support (<var>CONFIG_SCSI</var>, <var>CONFIG_BLK_DEV_SD</var>)|1= |
+ | Device Drivers ---> | ||
+ | SCSI device support ---> | ||
+ | <*> SCSI device support | ||
+ | <*> SCSI disk support | ||
+ | }} | ||
+ | |||
+ | {{KernelBox|title=Enabling basic SATA and PATA support (<var>CONFIG_ATA_ACPI</var>, <var>CONFIG_SATA_PMP</var>, <var>CONFIG_SATA_AHCI</var>, <var>CONFIG_ATA_BMDMA</var>, <var>CONFIG_ATA_SFF</var>, <var>CONFIG_ATA_PIIX</var>)|1= | ||
Device Drivers ---> | Device Drivers ---> | ||
− | + | <*> Serial ATA and Parallel ATA drivers (libata) ---> | |
− | + | [*] ATA ACPI Support | |
+ | [*] SATA Port Multiplier support | ||
+ | <*> AHCI SATA support (ahci) | ||
+ | [*] ATA BMDMA support | ||
+ | [*] ATA SFF support (for legacy IDE and PATA) | ||
+ | <*> Intel ESB, ICH, PIIX3, PIIX4 PATA/SATA support (ata_piix) | ||
}} | }} | ||
− | Verify basic NVMe support has been | + | Verify basic NVMe support has been enabled: |
− | {{KernelBox|title=Linux 4.4.x|1= | + | {{KernelBox|title=Enable basic NVMe support for Linux 4.4.x (<var>CONFIG_BLK_DEV_NVME</var>)|1= |
Device Drivers ---> | Device Drivers ---> | ||
<*> NVM Express block device | <*> NVM Express block device | ||
}} | }} | ||
− | {{KernelBox|title=Linux 5.x.x|1= | + | {{KernelBox|title=Enable basic NVMe support for Linux 5.x.x (<var>CONFIG_DEVTMPFS</var>)|1= |
Device Drivers ---> | Device Drivers ---> | ||
NVME Support ---> | NVME Support ---> | ||
Line 243: | Line 257: | ||
It does not hurt to enable the following additional NVMe support: | It does not hurt to enable the following additional NVMe support: | ||
− | {{KernelBox|title= | + | {{KernelBox|title=Enabling additional NVMe support (<var>CONFIG_NVME_MULTIPATH</var>, <var>CONFIG_NVME_MULTIPATH</var>, <var>CONFIG_NVME_HWMON</var>, <var>CONFIG_NVME_FC</var>, <var>CONFIG_NVME_TCP</var>, <var>CONFIG_NVME_TARGET</var>, <var>CONFIG_NVME_TARGET_PASSTHRU</var>, <var>CONFIG_NVME_TARGET_LOOP</var>, <var>CONFIG_NVME_TARGET_FC</var>, <var>CONFIG_NVME_TARGET_FCLOOP</var>, <var>CONFIG_NVME_TARGET_TCP</var>|1= |
− | |||
[*] NVMe multipath support | [*] NVMe multipath support | ||
[*] NVMe hardware monitoring | [*] NVMe hardware monitoring | ||
Line 258: | Line 271: | ||
<!--T:30--> | <!--T:30--> | ||
− | Now go to File Systems and select support for the filesystems that will be used by the system. Do not compile the file system that is used for the root filesystem as module, otherwise the system may not be able to mount the partition. Also select ''Virtual memory'' and ''/proc file system''. Select one or more of the following options as needed by the system | + | Now go to File Systems and select support for the filesystems that will be used by the system. Do not compile the file system that is used for the root filesystem as module, otherwise the system may not be able to mount the partition. Also select ''Virtual memory'' and ''/proc file system''. Select one or more of the following options as needed by the system: |
<!--T:31--> | <!--T:31--> | ||
− | {{KernelBox|title= | + | {{KernelBox|title=Enable file system support (<var>CONFIG_EXT2_FS</var>, <var>CONFIG_EXT3_FS</var>, <var>CONFIG_EXT4_FS</var>, <var>CONFIG_BTRFS_FS</var>, <var>CONFIG_MSDOS_FS</var>, <var>CONFIG_VFAT_FS</var>, <var>CONFIG_PROC_FS</var>, and <var>CONFIG_TMPFS</var>)|1= |
File systems ---> | File systems ---> | ||
<*> Second extended fs support | <*> Second extended fs support | ||
<*> The Extended 3 (ext3) filesystem | <*> The Extended 3 (ext3) filesystem | ||
<*> The Extended 4 (ext4) filesystem | <*> The Extended 4 (ext4) filesystem | ||
− | |||
− | |||
− | |||
<*> Btrfs filesystem support | <*> Btrfs filesystem support | ||
DOS/FAT/NT Filesystems ---> | DOS/FAT/NT Filesystems ---> | ||
<*> MSDOS fs support | <*> MSDOS fs support | ||
<*> VFAT (Windows-95) fs support | <*> VFAT (Windows-95) fs support | ||
− | |||
Pseudo Filesystems ---> | Pseudo Filesystems ---> | ||
[*] /proc file system support | [*] /proc file system support | ||
Line 283: | Line 292: | ||
<!--T:33--> | <!--T:33--> | ||
− | {{KernelBox|title= | + | {{KernelBox|title=Enabling PPPoE support (<var>PPPoE</var>, <var>CONFIG_PPPOE</var>, <var>CONFIG_PPP_ASYNC</var>, <var>CONFIG_PPP_SYNC_TTY</var>|1= |
Device Drivers ---> | Device Drivers ---> | ||
Network device support ---> | Network device support ---> | ||
<*> PPP (point-to-point protocol) support | <*> PPP (point-to-point protocol) support | ||
− | <*> | + | <*> PPP over Ethernet |
− | <*> | + | <*> PPP support for async serial ports |
+ | <*> PPP support for sync tty ports | ||
}} | }} | ||
Line 301: | Line 311: | ||
<!--T:37--> | <!--T:37--> | ||
− | {{KernelBox|title=Activating SMP support|1= | + | {{KernelBox|title=Activating SMP support (<var>CONFIG_SMP</var>)|1= |
Processor type and features ---> | Processor type and features ---> | ||
[*] Symmetric multi-processing support | [*] Symmetric multi-processing support | ||
Line 310: | Line 320: | ||
<!--T:39--> | <!--T:39--> | ||
− | If USB input devices (like keyboard or mouse) or other USB devices will be used, do not forget to enable those as well | + | If USB input devices (like keyboard or mouse) or other USB devices will be used, do not forget to enable those as well: |
<!--T:40--> | <!--T:40--> | ||
− | {{KernelBox|title= | + | {{KernelBox|title=Enable USB and human input device support (<var>CONFIG_HID_GENERIC</var>, <var>CONFIG_USB_HID</var>, <var>CONFIG_USB_SUPPORT</var>, <var>CONFIG_USB_XHCI_HCD</var>, <var>CONFIG_USB_EHCI_HCD</var>, <var>CONFIG_USB_OHCI_HCD</var>, <var>(<var>CONFIG_HID_GENERIC</var>, <var>CONFIG_USB_HID</var>, <var>CONFIG_USB_SUPPORT</var>, <var>CONFIG_USB_XHCI_HCD</var>, <var>CONFIG_USB_EHCI_HCD</var>, <var>CONFIG_USB_OHCI_HCD</var>, <var>CONFIG_USB4</var>)|1= |
Device Drivers ---> | Device Drivers ---> | ||
HID support ---> | HID support ---> | ||
Line 325: | Line 335: | ||
<*> EHCI HCD (USB 2.0) support | <*> EHCI HCD (USB 2.0) support | ||
<*> OHCI HCD (USB 1.1) support | <*> OHCI HCD (USB 1.1) support | ||
+ | <*> Unified support for USB4 and Thunderbolt ---> | ||
}} | }} | ||
Revision as of 08:47, 19 February 2023
Readers should not try to follow instructions directly from the Handbook:Parts namespace (which is THIS page!). The sections displayed below are used as a skeleton for transcluding information into the computer architecture specific handbooks and are therefore lacking critical information.
Please visit the Handbook list to read instructions for a relevant computer architecture.
Optional: Installing firmware and/or microcode
Firmware
Before getting to configuring kernel sections, it is beneficial to be aware that some hardware devices require additional, sometimes non-FOSS compliant, firmware to be installed on the system before they will operate correctly. This is often the case for wireless network interfaces commonly found in both desktop and laptop computers. Modern video chips from vendors like AMD, Nvidia, and Intel, often also require external firmware files to be fully functional. Most firmware for modern hardware devices can be found within the sys-kernel/linux-firmware package.
It is recommended to have the sys-kernel/linux-firmware package installed before the initial system reboot in order to have the firmware available in the event that it is necessary:
root #
emerge --ask sys-kernel/linux-firmware
Installing certain firmware packages often requires accepting the associated firmware licenses. If necessary, visit the license handling section of the Handbook for help on accepting licenses.
It is important to note that kernel symbols that are built as modules (M) will load their associated firmware files from the filesystem when they are loaded by the kernel. It is not necessary to include the device's firmware files into the kernel's binary image for symbols loaded as modules.
Microcode
In addition to discrete graphics hardware and network interfaces, CPUs also can require firmware updates. Typically this kind of firmware is referred to as microcode. Newer revisions of microcode are sometimes necessary to patch instability, security concerns, or other miscellaneous bugs in CPU hardware.
Microcode updates for AMD CPUs are distributed within the aforementioned sys-kernel/linux-firmware package. Microcode for Intel CPUs can be found within the sys-firmware/intel-microcode package, which will need to be installed separately. See the Microcode article for more information on how to apply microcode updates.
Kernel configuration and compilation
Now it is time to configure and compile the kernel sources. For the purposes of the installation, three approaches to kernel management will be presented, however at any point post-installation a new approach can be employed.
Ranked from least involved with least control over updates, to most involved with most control over updates:
- Full automation
- A Distribution Kernel is used to configure, automatically build, and install the Linux kernel, its associated modules, and (optionally, but enabled by default) an initramfs file. Future kernel updates are fully automated since they are handled through the package manager, just like any other system package. It is possible provide a custom kernel configuration file if customization is necessary. This is the least involved process, and is perfect for new Gentoo users, but offers the least amount of update control.
- Genkernel (hybrid)
- New kernel sources are installed via the system package manager. System administrators use Gentoo's genkernel tool to generically configure, automatically build and install the Linux kernel, its associated modules, and (optionally, but not enabled by default) an initramfs file. It is possible provide a custom kernel configuration file if customization is necessary. Future kernel configuration, compilation, and installation require the system administrator's involvement in the form of running eselect kernel, genkernel, and potentially other commands for each update.
- Manual configuration
- New kernel sources are installed via the system package manager. The kernel is manually configured, built, and installed using the eselect kernel and a slew of make commands. Future kernel updates repeat the manual process of configuring, building, and installing the kernel files. This is the most involved process, but offers maximum control over the kernel update process.
The core around which all distributions are built is the Linux kernel. It is the layer between the user's programs and the system hardware. Although the handbook provides its users several possible kernel sources, a more comprehensive listing with more detailed descriptions is available at the Kernel overview page.
Distribution kernels
Distribution Kernels are ebuilds that cover the complete process of unpacking, configuring, compiling, and installing the kernel. The primary advantage of this method is that the kernels are updated to new versions by the package manager as part of @world upgrade. This requires no more involvement than running an emerge command. Distribution kernels default to a configuration supporting the majority of hardware, however two mechanisms are offered for customization: savedconfig and config snippets. See the project page for more details on configuration.
Optional: Signed kernel modules
The kernel modules in the prebuilt distribution kernel (sys-kernel/gentoo-kernel-bin) are already signed. To sign the modules of kernels built from source enable the modules-sign USE flag, and optionally specify which key to use for signing in /etc/portage/make.conf:
USE="modules-sign"
# Optionally, to use custom signing keys.
MODULES_SIGN_KEY="/path/to/kernel_key.pem"
MODULES_SIGN_CERT="/path/to/kernel_key.pem" # Only required if the MODULES_SIGN_KEY does not also contain the certificate.
MODULES_SIGN_HASH="sha512" # Defaults to sha512.
If MODULES_SIGN_KEY is not specified the kernel build system will generate a key, it will be stored in /usr/src/linux-x.y.z/certs. It is recommended to manually generate a key to ensure that it will be the same for each kernel release. A key may be generated with:
root #
openssl req -new -nodes -utf8 -sha256 -x509 -outform PEM -out kernel_key.pem -keyout kernel_key.pem
The MODULES_SIGN_KEY and MODULES_SIGN_CERT may be different files. For this example the pem file generated by OpenSSL includes both the key and the accompanying certificate, and thus both variables are set to the same value.
OpenSSL will ask some questions about the user generating the key, it is recommended to fill in these questions as detailed as possible.
Store the key in a safe location, at the very least the key should be readable only by the root user. Verify this with:
root #
ls -l kernel_key.pem
-r-------- 1 root root 3164 Jan 4 10:38 kernel_key.pem
If this outputs anything other then the above, correct the permissions with:
root #
chown root:root kernel_key.pem
root #
chmod 400 kernel_key.pem
Optional: Signing the kernel image (Secure Boot)
The kernel image in the prebuilt distribution kernel (sys-kernel/gentoo-kernel-bin) is already signed for use with Secure Boot. To sign the kernel image of kernels built from source enable the secureboot USE flag, and optionally specify which key to use for signing in /etc/portage/make.conf. Note that signing the kernel image for use with secureboot requires that the kernel modules are also signed, the same key may be used to sign both the kernel image and the kernel modules:
USE="modules-sign secureboot"
# Optionally, to use custom signing keys.
MODULES_SIGN_KEY="/path/to/kernel_key.pem"
MODULES_SIGN_CERT="/path/to/kernel_key.pem" # Only required if the MODULES_SIGN_KEY does not also contain the certificate.
MODULES_SIGN_HASH="sha512" # Defaults to sha512.
# Optionally, to boot with secureboot enabled, may be the same or different signing key.
SECUREBOOT_SIGN_KEY="/path/to/kernel_key.pem"
SECUREBOOT_SIGN_CERT="/path/to/kernel_key.pem"
The SECUREBOOT_SIGN_KEY and SECUREBOOT_SIGN_CERT may be different files. For this example the pem file generated by OpenSSL includes both the key and the accompanying certificate, and thus both variables are set to the same value.
For this example the same key that was generated to sign the modules is used to sign the kernel image. It is also possible to generate and use a second separate key for signing the kernel image. The same OpenSSL command as in the previous section may be used again.
See the above section for instructions on generating a new key, the steps may be repeated if a separate key should be used to sign the kernel image.
To successfully boot with Secure Boot enabled, the used bootloader must also be signed and the certificate must be accepted by the UEFI firmware or Shim. This will be explained later in the handbook.
Installing a distribution kernel
To build a kernel with Gentoo patches from source, type:
root #
emerge --ask sys-kernel/gentoo-kernel
System administrators who want to avoid compiling the kernel sources locally can instead use precompiled kernel images:
root #
emerge --ask sys-kernel/gentoo-kernel-bin
Distribution Kernels, such as sys-kernel/gentoo-kernel and sys-kernel/gentoo-kernel-bin, by default, expect to be installed alongside an initramfs. Before running emerge to install the kernel users should ensure that sys-kernel/installkernel has been configured to utilize an initramfs generator (for example Dracut) as described in the installkernel section.
Upgrading and cleaning up
Once the kernel is installed, the package manager will automatically update it to newer versions. The previous versions will be kept until the package manager is requested to clean up stale packages. To reclaim disk space, stale packages can be trimmed by periodically running emerge with the --depclean
option:
root #
emerge --depclean
Alternatively, to specifically clean up old kernel versions:
root #
emerge --prune sys-kernel/gentoo-kernel sys-kernel/gentoo-kernel-bin
By design, emerge only removes the kernel build directory. It does not actually remove the kernel modules, nor the installed kernel image. To completely clean-up old kernels, the app-admin/eclean-kernel tool may be used.
Post-install/upgrade tasks
An upgrade of a distribution kernel is capable of triggering an automatic rebuild for external kernel modules installed by other packages (for example: sys-fs/zfs-kmod or x11-drivers/nvidia-drivers). This automated behaviour is enabled by enabling the dist-kernel USE flag. When required, this same flag will also trigger re-generation of the initramfs.
It is highly recommended to enable this flag globally via /etc/portage/make.conf when using a distribution kernel:
USE="dist-kernel"
Manually rebuilding the initramfs or Unified Kernel Image
If required, manually trigger such rebuilds by, after a kernel upgrade, executing:
root #
emerge --ask @module-rebuild
If any kernel modules (e.g. ZFS) are needed at early boot, rebuild the initramfs afterward via:
root #
emerge --config sys-kernel/gentoo-kernel
root #
emerge --config sys-kernel/gentoo-kernel-bin
After installing the Distribution Kernel successfully, it is now time to proceed to the next section: Configuring the system.
Installing the kernel sources
This section is only relevant when using the following genkernel (hybrid) or manual kernel management approach.
When installing and compiling the kernel for amd64-based systems, Gentoo recommends the sys-kernel/gentoo-sources package.
Choose an appropriate kernel source and install it using emerge:
root #
emerge --ask sys-kernel/gentoo-sources
This will install the Linux kernel sources in /usr/src/ using the specific kernel version in the path. It will not create a symbolic link by itself without USE=symlink
being enabled on the chosen kernel sources package.
It is conventional for a /usr/src/linux symlink to be maintained, such that it refers to whichever sources correspond with the currently running kernel. However, this symbolic link will not be created by default. An easy way to create the symbolic link is to utilize eselect's kernel module.
For further information regarding the purpose of the symlink, and how to manage it, please refer to Kernel/Upgrade.
First, list all installed kernels:
root #
eselect kernel list
Available kernel symlink targets: [1] linux-6.6.21-gentoo
In order to create a symbolic link called linux, use:
root #
eselect kernel set 1
root #
ls -l /usr/src/linux
lrwxrwxrwx 1 root root 12 Oct 13 11:04 /usr/src/linux -> linux-6.6.21-gentoo
Alternative: Genkernel
If an entirely manual configuration looks too daunting, system administrators should consider using genkernel as a hybrid approach to kernel maintenance.
Genkernel provides a generic kernel configuration file, automatically generates the kernel, initramfs, and associated modules, and then installs the resulting binaries to the appropriate locations. This results in minimal and generic hardware support for the system's first boot, and allows for additional update control and customization of the kernel's configuration in the future.
Be informed: while using genkernel to maintain the kernel provides system administrators with more update control over the system's kernel, initramfs, and other options, it will require a time and effort commitment to perform future kernel updates as new sources are released. Those looking for a hands-off approach to kernel maintenance should use a distribution kernel.
For additional clarity, it is a misconception to believe genkernel automatically generates a custom kernel configuration for the hardware on which it is run; it uses a per-determined kernel configuration that supports most generic hardware and automatically handles the make commands necessary to assemble and install the kernel, the associate modules, and the initramfs file.
Binary redistributable software license group
If the linux-firmware package has been previously installed, then skip onward to the to the installation section.
As a prerequisite, due to the firwmare
USE flag being enabled by default for the sys-kernel/genkernel package, the package manager will also attempt to pull in the sys-kernel/linux-firmware package. The binary redistributable software licenses are required to be accepted before the linux-firmware will install.
This license group can be accepted system-wide for any package by adding the @BINARY-REDISTRIBUTABLE
as an ACCEPT_LICENSE value in the /etc/portage/make.conf file. It can be exclusively accepted for the linux-firmware package by adding a specific inclusion via a /etc/portage/package.license/linux-firmware file.
If necessary, review the methods of accepting software licenses available in the Installing the base system chapter of the handbook, then make some changes for acceptable software licenses.
If in analysis paralysis, the following will do the trick:
root #
mkdir /etc/portage/package.license
sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE
Installation
Explanations and prerequisites aside, install the sys-kernel/genkernel package:
root #
emerge --ask sys-kernel/genkernel
Generation
Compile the kernel sources by running genkernel all. Be aware though, as genkernel compiles a kernel that supports a wide array of hardware for differing computer architectures, this compilation may take quite a while to finish.
If the root partition/volume uses a filesystem other than ext4, it may be necessary to manually configure the kernel using genkernel --menuconfig all to add built-in kernel support for the particular filesystem(s) (i.e. not building the filesystem as a module).
Users of LVM2 should add
--lvm
as an argument to the genkernel command below.root #
genkernel --mountboot --install all
Once genkernel completes, a kernel and an initial ram filesystem (initramfs) will be generated and installed into the /boot directory. Associated modules will be installed into the /lib/modules directory. The initramfs will be started immediately after loading the kernel to perform hardware auto-detection (just like in the live disk image environments).
root #
ls /boot/vmlinu* /boot/initramfs*
root #
ls /lib/modules
Alternative: Manual configuration
Introduction
Manually configuring a kernel is often seen as the most difficult procedure a Linux user ever has to perform. Nothing is less true - after configuring a couple of kernels no one remembers that it was difficult!
However, one thing is true: it is vital to know the system when a kernel is configured manually. Most information can be gathered by emerging sys-apps/pciutils which contains the lspci command:
root #
emerge --ask sys-apps/pciutils
Inside the chroot, it is safe to ignore any pcilib warnings (like pcilib: cannot open /sys/bus/pci/devices) that lspci might throw out.
Another source of system information is to run lsmod to see what kernel modules the installation CD uses as it might provide a nice hint on what to enable.
Now go to the kernel source directory and execute make menuconfig. This will fire up menu-driven configuration screen.
root #
cd /usr/src/linux
root #
make menuconfig
The Linux kernel configuration has many, many sections. Let's first list some options that must be activated (otherwise Gentoo will not function, or not function properly without additional tweaks). We also have a Gentoo kernel configuration guide on the Gentoo wiki that might help out further.
Enabling required options
When using sys-kernel/gentoo-sources, it is strongly recommend the Gentoo-specific configuration options be enabled. These ensure that a minimum of kernel features required for proper functioning is available:
Gentoo Linux --->
Generic Driver Options --->
[*] Gentoo Linux support
[*] Linux dynamic and persistent device naming (userspace devfs) support
[*] Select options required by Portage features
Support for init systems, system and service managers --->
[*] OpenRC, runit and other script based systems and managers
[*] systemd
Naturally the choice in the last two lines depends on the selected init system (OpenRC vs. systemd). It does not hurt to have support for both init systems enabled.
When using sys-kernel/vanilla-sources, the additional selections for init systems will be unavailable. Enabling support is possible, but goes beyond the scope of the handbook.
Enabling support for typical system components
Make sure that every driver that is vital to the booting of the system (such as SATA controllers, NVMe block device support, filesystem support, etc.) is compiled in the kernel and not as a module, otherwise the system may not be able to boot completely.
Next select the exact processor type. It is also recommended to enable MCE features (if available) so that users are able to be notified of any hardware problems. On some architectures (such as x86_64), these errors are not printed to dmesg, but to /dev/mcelog. This requires the app-admin/mcelog package.
Also select Maintain a devtmpfs file system to mount at /dev so that critical device files are already available early in the boot process (CONFIG_DEVTMPFS and CONFIG_DEVTMPFS_MOUNT):
Device Drivers --->
Generic Driver Options --->
[*] Maintain a devtmpfs filesystem to mount at /dev
[*] Automount devtmpfs at /dev, after the kernel mounted the rootfs
Verify SCSI disk support has been activated (CONFIG_BLK_DEV_SD):
Device Drivers --->
SCSI device support --->
<*> SCSI device support
<*> SCSI disk support
Device Drivers --->
<*> Serial ATA and Parallel ATA drivers (libata) --->
[*] ATA ACPI Support
[*] SATA Port Multiplier support
<*> AHCI SATA support (ahci)
[*] ATA BMDMA support
[*] ATA SFF support (for legacy IDE and PATA)
<*> Intel ESB, ICH, PIIX3, PIIX4 PATA/SATA support (ata_piix)
Verify basic NVMe support has been enabled:
Device Drivers --->
<*> NVM Express block device
Device Drivers --->
NVME Support --->
<*> NVM Express block device
It does not hurt to enable the following additional NVMe support:
[*] NVMe multipath support
[*] NVMe hardware monitoring
<M> NVM Express over Fabrics FC host driver
<M> NVM Express over Fabrics TCP host driver
<M> NVMe Target support
[*] NVMe Target Passthrough support
<M> NVMe loopback device support
<M> NVMe over Fabrics FC target driver
< > NVMe over Fabrics FC Transport Loopback Test driver (NEW)
<M> NVMe over Fabrics TCP target support
Now go to File Systems and select support for the filesystems that will be used by the system. Do not compile the file system that is used for the root filesystem as module, otherwise the system may not be able to mount the partition. Also select Virtual memory and /proc file system. Select one or more of the following options as needed by the system:
File systems --->
<*> Second extended fs support
<*> The Extended 3 (ext3) filesystem
<*> The Extended 4 (ext4) filesystem
<*> Btrfs filesystem support
DOS/FAT/NT Filesystems --->
<*> MSDOS fs support
<*> VFAT (Windows-95) fs support
Pseudo Filesystems --->
[*] /proc file system support
[*] Tmpfs virtual memory file system support (former shm fs)
If PPPoE is used to connect to the Internet, or a dial-up modem, then enable the following options (CONFIG_PPP, CONFIG_PPP_ASYNC, and CONFIG_PPP_SYNC_TTY):
Device Drivers --->
Network device support --->
<*> PPP (point-to-point protocol) support
<*> PPP over Ethernet
<*> PPP support for async serial ports
<*> PPP support for sync tty ports
The two compression options won't harm but are not definitely needed, neither does the PPP over Ethernet option, that might only be used by ppp when configured to do kernel mode PPPoE.
Don't forget to include support in the kernel for the network (Ethernet or wireless) cards.
Most systems also have multiple cores at their disposal, so it is important to activate Symmetric multi-processing support (CONFIG_SMP):
Processor type and features --->
[*] Symmetric multi-processing support
In multi-core systems, each core counts as one processor.
If USB input devices (like keyboard or mouse) or other USB devices will be used, do not forget to enable those as well:
Device Drivers --->
HID support --->
-*- HID bus support
<*> Generic HID driver
[*] Battery level reporting for HID devices
USB HID support --->
<*> USB HID transport layer
[*] USB support --->
<*> xHCI HCD (USB 3.0) support
<*> EHCI HCD (USB 2.0) support
<*> OHCI HCD (USB 1.1) support
<*> Unified support for USB4 and Thunderbolt --->
Architecture specific kernel configurations
Placeholder for architecture-specific kernel build information
Compiling and installing
Placeholder for instructions for building and installing the kernel sources
Optional: Building an initramfs
In certain cases it is necessary to build an initramfs - an initial ram-based file system. The most common reason is when important file system locations (like /usr/ or /var/) are on separate partitions. With an initramfs, these partitions can be mounted using the tools available inside the initramfs.
Without an initramfs, there is a risk that the system will not boot properly as the tools that are responsible for mounting the file systems require information that resides on unmounted file systems. An initramfs will pull in the necessary files into an archive which is used right after the kernel boots, but before the control is handed over to the init tool. Scripts on the initramfs will then make sure that the partitions are properly mounted before the system continues booting.
If using genkernel, it should be used for both building the kernel and the initramfs. When using genkernel only for generating an initramfs, it is crucial to pass
--kernel-config=/path/to/kernel.config
to genkernel or the generated initramfs may not work with a manually built kernel. Note that manually built kernels go beyond the scope of support for the handbook. See the kernel configuration article for more information.To install an initramfs, install sys-kernel/dracut first, then have it generate an initramfs:
root #
emerge --ask sys-kernel/dracut
root #
dracut --kver=6.6.21-gentoo
The initramfs will be stored in /boot/. The resulting file can be found by simply listing the files starting with initramfs:
root #
ls /boot/initramfs*
Now continue with Kernel modules.
Kernel modules
Listing available kernel modules
Hardware modules are optional to be listed manually. udev will normally load all hardware modules that are detected to be connected in most cases. However, it is not harmful for modules that will be automatically loaded to be listed. Modules cannot be loaded twice; they are either loaded or unloaded. Sometimes exotic hardware requires help to load their drivers.
The modules that need to be loaded during each boot in can be added to /etc/modules-load.d/*.conf files in the format of one module per line. When extra options are needed for the modules, they should be set in /etc/modprobe.d/*.conf files instead.
To view all modules available for a specific kernel version, issue the following find command. Do not forget to substitute "<kernel version>" with the appropriate version of the kernel to search:
root #
find /lib/modules/<kernel version>/ -type f -iname '*.o' -or -iname '*.ko' | less
Force loading particular kernel modules
To force load the kernel to load the 3c59x.ko module (which is the driver for a specific 3Com network card family), edit the /etc/modules-load.d/network.conf file and enter the module name within it.
root #
mkdir -p /etc/modules-load.d
root #
nano -w /etc/modules-load.d/network.conf
Note that the module's .ko file suffix is insignificant to the loading mechanism and left out of the configuration file:
3c59x
Continue the installation with Configuring the system.