User:Zulu Foxtrott/Parts/Installation/Kernel

{{Handbook:Parts/TOC}}

Installing the sources

The core around which all Linux distributions are built is the Linux kernel. It is the layer between the user programs and the system hardware. Gentoo provides its users several possible kernel sources. A full listing with description is available at the Kernel overview page.

Downloading the sources

The recommended way to get the kernel sources is downloading them directly from upstream (the kernel developers themselves). Like with downloading the stage tarball, the only tool necessary is a web browser.

When installing kernel sources provided by Portage on a running Gentoo system, the package manager places them in the /usr/src directory. Go to the directory that once the installation is finished and running on the target system will be found at /usr/src:

Graphical browsers

In environments with fully graphical web browsers copy the kernel sources URL from [1]. Right click on the big yellow button labeled "Latest Release" and featuring the current stable release's version number, then Copy link address (Firefox) or Copy link location (Chromium) to copy the link to the clipboard, then paste the link to the wget utility on the command-line to download the sources:

Command-line browsers

To download the kernel sources directly from a command line environment, use for example links, the non-graphical, menu-driven browser.

To use an HTTP proxy with links, pass on the URL with the -http-proxy option:

Alternatively, use the (also non-graphical but not menu-driven) lynx browser.

If a proxy needs to be defined, and it has not been done already, export the http_proxy and/or ftp_proxy variables:

Select the version number (or "Download" next to it) displayed below the line "Latest Release" and press d to start the download.

Unpacking the sources

Create a directory on the storage device for the unpacked kernel sources:

Now unpack the downloaded kernel sources with tar into the newly created directory specified with the command line argument -C:

This will install the Linux kernel sources under the path /mnt/gentoo/usr/src/upstream-sources in a directory named "linux" followed by a version number. Change into that folder now:

TODO: reevaluate commented out parts

Now it is time to configure and compile the kernel sources.

Manual configuration

Introduction

Manually configuring a kernel is often seen as the most difficult procedure a Linux user ever has to perform. Nothing is less true - after configuring a couple of kernels no-one even remembers that it was difficult ;)

However, one thing is true: it is vital to know the system when a kernel is configured manually.

Since these instructions are geared towards situations where it is usually impossible to gather information about the target system from the target system itself, it is necessary to rely on other sources. A good starting point is to search the Gentoo wiki, information provided here is naturally often superior to other sources as it is targeted specially at Gentoo installations. A second option is to have a look at the vendor's or manufacturer's documentation. Last but not least, it is of course also possible to ask the Internet in general.

Now go to the kernel source directory and execute make menuconfig. This will fire up menu-driven configuration screen.

The Linux kernel configuration has many, many sections. Let's first list some options that must be activated (otherwise Gentoo will not function, or not function properly without additional tweaks). We also have a Gentoo kernel configuration guide on the Gentoo wiki that might help out further.

Activating required options

Kernel drivers can be compiled as modules, that is they are only loaded upon request at runtime. Thus it is possible to have a smaller kernel, which may be of interest especially on embedded devices. However, using modules may have the effect of complicating the installation procedure. To that end and to ease the documentation effort, it is advised to disable loadable module support for now. To keep the kernel size small anyway, disable features that are not essential to get the target system up and running Gentoo. Drivers vital to booting the target system must always be compiled in the kernel and not as a module, otherwise the system will not be able to boot completely. Deselect Enable loadable module support (CONFIG_MODULES):

[ ] Enable loadable module support  --->

Select Maintain a devtmpfs file system to mount at /dev so that critical device files are already available early in the boot process (CONFIG_DEVTMPFS and CONFIG_DEVTMPFS_MOUNT):

Device Drivers --->
  Generic Driver Options --->
    [*] Maintain a devtmpfs filesystem to mount at /dev
    [*]   Automount devtmpfs at /dev, after the kernel mounted the rootfs

It is essential to support the storage device of choice. Depending on its interface it may be necessary to select additional hardware specific drivers, for instance in case of MMC and SD cards. Of course it's always possible to simply select all offered options in the relevant submenus and optimize the kernel once the installation is running on the target system.

To add general support for MMC and SD cards, select MMC/SD/SDIO card support and the MMC block device driver and for SD cards, additionally activate Secure Digital Host Controller Interface support (CONFIG_MMC, CONFIG_MMC_BLOCK, CONFIG_MMC_SDHCI):

Device Drivers --->
  <*> MMC/SD/SDIO card support  --->
      <*>   MMC block device driver
      <*>   Secure Digital Host Controller Interface support

Don't forget to include the hardware specific drivers.

If Gentoo is supposed to run from a USB stick, verify SCSI disk support and USB Mass Storage support have been activated (CONFIG_BLK_DEV_SD,CONFIG_USB_SUPPORT, CONFIG_USB_XHCI_HCD, CONFIG_USB_EHCI_HCD, CONFIG_USB_OHCI_HCD and CONFIG_USB_STORAGE):

Device Drivers --->
  SCSI device support  --->
      <*> SCSI disk support
  [*] USB support  --->
      <*>   xHCI HCD (USB 3.0) support
      <*>   EHCI HCD (USB 2.0) support
      <*>   OHCI HCD (USB 1.1) support
      <*>   USB Mass Storage support

Supporting other storage devices (for example NVMe or SATA drives) will require selecting additional sets of options.

Now go to File Systems and select support for at least all the filesystems applied to the partitions on the storage device. Do not compile the file system that is used for the root filesystem as module, otherwise the Gentoo system will not be able to mount the partition. Also select Virtual memory and /proc file system. Select one or more of the following options as needed by the system (CONFIG_EXT2_FS, CONFIG_EXT3_FS, CONFIG_EXT4_FS, CONFIG_MSDOS_FS, CONFIG_VFAT_FS, CONFIG_PROC_FS, and CONFIG_TMPFS):

File systems --->
  <*> Second extended fs support
  <*> The Extended 3 (ext3) filesystem
  <*> The Extended 4 (ext4) filesystem
  <*> Reiserfs support
  <*> JFS filesystem support
  <*> XFS filesystem support
  <*> Btrfs filesystem support
  DOS/FAT/NT Filesystems  --->
    <*> MSDOS fs support
    <*> VFAT (Windows-95) fs support
 
Pseudo Filesystems --->
    [*] /proc file system support
    [*] Tmpfs virtual memory file system support (former shm fs)

Most systems also have multiple cores at their disposal, so it is important to activate Symmetric multi-processing support (CONFIG_SMP):

Processor type and features  --->
  [*] Symmetric multi-processing support

If any USB input devices (like keyboard or mouse) or other USB devices will be used, do not forget to enable those as well (CONFIG_HID_GENERIC and CONFIG_USB_HID, CONFIG_USB_SUPPORT, CONFIG_USB_XHCI_HCD, CONFIG_USB_EHCI_HCD, CONFIG_USB_OHCI_HCD):

Device Drivers --->
  HID support  --->
    -*- HID bus support
    <*>   Generic HID driver
    [*]   Battery level reporting for HID devices
      USB HID support  --->
        <*> USB HID transport layer
  [*] USB support  --->
    <*>   xHCI HCD (USB 3.0) support
    <*>   EHCI HCD (USB 2.0) support
    <*>   OHCI HCD (USB 1.1) support

For graphics output, enable the hardware specific drivers. In many cases it is also necessary to select Enable legacy fbdev support for your modesetting driver (CONFIG_DRM_FBDEV_EMULATION):

Device Drivers --->
  Graphics support  --->
    [*] Direct Rendering Manager (XFree86 4.1.0 and higher DRI support)  --->
      [*]   Enable legacy fbdev support for your modesetting driver

Do not forget to include support in the kernel for the network (Ethernet or wireless) adapter.

Also select System V IPC, Control Group support, UTS namespace, IPC namespace, PID namespace and Network namespace, which are features required for Portage to work (CONFIG_SYSVIPC, CONFIG_CGROUPS, CONFIG_UTS_NS, CONFIG_IPC_NS, CONFIG_PID_NS, and CONFIG_NET_NS):

General setup --->
  [*] System V IPC
  [*] Control Group support
  [*] Namespaces support --->
      [*] UTS namespace
      [*] IPC namespace
      [*] PID namespace
      [*] Network namespace

{{Handbook:Zulu Foxtrott/Blocks/Kernel}}

Optional: Activating required options for LUKS encryption

If the main partition has been encrypted, an initial RAM file system (initramfs) needs to be created. It provides a minimal root filesystem and some tools (applications) to the kernel and takes care of making the "real" root filesystem accessible (it unlocks the encrypted partition). To keep its size small, it can be compressed. In this document gzip will be used as an example.

To have the kernel support a gzip compressed initramfs select Initial RAM filesystem and RAM disk (initramfs/initrd) support and Support initial ramdisk/ramfs compressed using gzip"" (CONFIG_BLK_DEV_INITRD and CONFIG_RD_GZIP):

General setup  --->
    [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
    [*]   Support initial ramdisk/ramfs compressed using gzip

As LUKS relies on the dm-crypt disk encryption system, which is part of the kernel's device mapper subsystem, also select Device mapper support and Crypt target support (CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT):

[*] Enable loadable module support
Device Drivers --->
    [*] Multiple devices driver support (RAID and LVM) --->
        <*> Device mapper support
        <*>   Crypt target support

Last but not least, the kernel needs built-in support for the ciphers, keys and hashes used to encrypt the storage device. (CONFIG_CRYPTO_XTS, CONFIG_CRYPTO_SHA512, CONFIG_CRYPTO_AES, CONFIG_CRYPTO_USER_API_HASH and CONFIG_CRYPTO_USER_API_SKCIPHER)

[*] Cryptographic API --->
    <*> XTS support
    <*> SHA384 and SHA512 digest algorithms
    <*> AES cipher algorithms
    <*> User-space interface for hash algorithms
    <*> User-space interface for symmetric key cipher algorithms

Do not skip the following section and build an initramfs now.

Optional: Building an initramfs

If the main partition has been encrypted, building an initial RAM file system (initramfs) is required.

Another common reason for building an initramfs is when important file system locations (like /usr/ or /var/) are on separate partitions.

As outlined in the section before an initramfs provides a minimal root filesystem and some tools (applications) to the kernel. It usually takes care of making the "real" root filesystem accessible. Depending on the tools included, different tasks can be performed. Thus it's possible to configure it not only to mount separate partitions or decrypt devices but also to do something else.

First, create a directory for the initramfs:

Creating the intiramfs filesystem structure

Create a minimal root filesystem structure in that directory, using mkdir with the command line argument -p to allow that all necessary parent directories are created as well:

TODO: compare

Creating necessary device nodes

The initramfs' /dev directory needs to be populated with the necessary device nodes. Device nodes are block or character special files - files that can generate or receive data. They can be created with the mknod command. The argument -m followed by the file permissions allows to set these correctly (in the example the numeric notation is used). Following that is the name of the new device node before its type (c for character devices and b for block devices) is defined. This is concluded by the major and minor device numbers. (The major number identifies the device type and thus the driver and the minor number identifies the device served by the driver.)

Create the required character device nodes:

After creating the tty device node, its group ownership should be changed:

This is not necessary for the console device node, but its file permissions are more restricted:

Finally create the required block device node with the correct permissions and adjust the group ownership as recommended:

Now that all necessary device nodes have been created, it is time to add some tools so the initramfs can actually serve its purpose.

Adding tools (applications)

Any application that needs to be executed before the "real" root filesystem is available to the kernel must be present on the initramfs. In the best case these tools are included in the stage tarball that has been downloaded and unpacked earlier in the installation process. Sometimes, however, when this is not the case, it may become necessary to be creative. If the host system's and the target system's architecture are identical they could be installed on the host system and copied from there, for instance. In any case the simplest approach is to use only statically linked binaries, which means only one file will have to be copied over to the initramfs instead of many files to different directories of the initramfs.

busybox cryptsetup

script

kernel compilation still difficult?

The initramfs will be stored in /boot/. The resulting file can be found by simply listing the files starting with initramfs:

{{Handbook:Parts/Navigator|Prev=Handbook:Zulu Foxtrott/Installation/Base|Next=Handbook:Zulu Foxtrott/Installation/System}}