Linux is a monolith kernel, a big one ! Visit Linux Libre and Linux Non-Libre pages for more links and information.
Spectre-meltdown checker;
https://github.com/speed47/spectre-meltdown-checker/
Download Linux Source from linux libre, or using the port system;
$ mkdir ~/kernel
$ cd ~/kernel
$ cd linux-4.9.86/
Gcc graysky2 kernel_gcc_patch (master.zip) that adds more cpu options (FLAGS) for native builds. Check Pkgfile for instructions how linux-gnu port is built.
Check version on Makefile;
VERSION = 4
PATCHLEVEL = 9
SUBLEVEL = 86
EXTRAVERSION = -gnu
NAME = Roaring Lionus
Change cpu optimization patch;
depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
to;
depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
Apply additional cpu optimizations patch;
$ patch -p1 < ../enable_additional_cpu_optimizations_for_gcc_v4.9%2B_kernel_v3.15%2B.patch
Cleaning targets:
clean - Remove most generated files but keep the config and
enough build support to build external modules
mrproper - Remove all generated files + config + various backup files
distclean - mrproper + remove editor backup and patch files
Prepare sources for configuration;
$ make distclean
Port linux-gnu port comes with default configuration file that is a good starting point to tune kernel according to your needs. To automatically configure kernel with support to your hardware based on modules loaded by current kernel run.
$ make localmodconfig
To get more information about the hardware, for example information about which graphic module (driver) is in use as root run;
# lspci -nnk | grep -i vga -A3 | grep 'in use'
Kernel driver in use: i915
Make configuration targets;
config - Update current config utilising a line-oriented program
nconfig - Update current config utilising a ncurses menu based program
menuconfig - Update current config utilising a menu based program
xconfig - Update current config utilising a Qt based front-end
gconfig - Update current config utilising a GTK+ based front-end
oldconfig - Update current config utilising a provided .config as base
localmodconfig - Update current config disabling modules not loaded
localyesconfig - Update current config converting local mods to core
silentoldconfig - Same as oldconfig, but quietly, additionally update deps
defconfig - New config with default from ARCH supplied defconfig
savedefconfig - Save current config as ./defconfig (minimal config)
allnoconfig - New config where all options are answered with no
allyesconfig - New config where all options are accepted with yes
allmodconfig - New config selecting modules when possible
alldefconfig - New config with all symbols set to default
randconfig - New config with random answer to all options
listnewconfig - List new options
olddefconfig - Same as silentoldconfig but sets new symbols to their default value
kvmconfig - Enable additional options for kvm guest kernel support
xenconfig - Enable additional options for xen dom0 and guest kernel support
tinyconfig - Configure the tiniest possible kernel
Following configuration try's to be generic about the hardware support while addressing the requirements of applications such as qemu, docker, etc. For more information about hardening options read kernsec.org. Configure kernel using ncurses;
$ make nconfig
//: A simple memory allocator to create space for new variables at runtime.
:(scenarios run)
:(scenario "new")
# call new two times with identical arguments; you should get back different results
recipe main [
1:address:integer/raw <- new integer:type
2:address:integer/raw <- new integer:type
3:boolean/raw <- equal 1:address:integer/raw, 2:address:integer/raw
]
+mem: storing 0 in location 3
:(before "End Globals")
const size_t Alloc_init = 1000;
:(before "End routine Fields")
size_t alloc;
:(replace{} "routine::routine(recipe_number r)")
routine::routine(recipe_number r) :alloc(Alloc_init) {
calls.push(call(r));
}
//: first handle 'type' operands
:(before "End Mu Types Initialization")
Type_number["type"] = 0;
:(after "Per-recipe Transforms")
// replace type names with type_numbers
if (inst.operation == Recipe_number["new"]) {
// first arg must be of type 'type'
assert(inst.ingredients.size() >= 1);
//? cout << inst.ingredients[0].to_string() << '\n'; //? 1
assert(isa_literal(inst.ingredients[0]));
if (inst.ingredients[0].properties[0].second[0] == "type") {
inst.ingredients[0].set_value(Type_number[inst.ingredients[0].name]);
}
trace("new") << inst.ingredients[0].name << " -> " << inst.ingredients[0].value;
}
:(before "End Primitive Recipe Declarations")
NEW,
:(before "End Primitive Recipe Numbers")
Recipe_number["new"] = NEW;
:(before "End Primitive Recipe Implementations")
case NEW: {
vector<int> result;
trace("mem") << "new alloc: " << Current_routine->alloc;
result.push_back(Current_routine->alloc);
write_memory(instructions[pc].products[0], result);
vector<int> types;
types.push_back(instructions[pc].ingredients[0].value);
if (instructions[pc].ingredients.size() > 1) {
// array
vector<int> capacity = read_memory(instructions[pc].ingredients[1]);
trace("mem") << "array size is " << capacity[0];
Memory[Current_routine->alloc] = capacity[0];
Current_routine->alloc += capacity[0]*size_of(types);
}
else {
// scalar
Current_routine->alloc += size_of(types);
}
break;
}
:(scenario "new_array")
recipe main [
1:address:array:integer/raw <- new integer:type, 5:literal
2:address:integer/raw <- new integer:type
3:integer/raw <- subtract 2:address:integer/raw, 1:address:array:integer/raw
]
+run: instruction main/0
+mem: array size is 5
+run: instruction main/1
+run: instruction main/2
+mem: storing 5 in location 3
//: vim: ft=cpp
sifier
* MD4 digest algorithm * MD5 digest algorithm * SHA1 digest algorithm * Blowfish cipher algorithm * AES cipher algorithms * CAST5 (CAST-128) cipher algorithm * CAST6 (CAST-256) cipher algorithm * Deflate compression algorithm
Make targets;
Other generic targets:
all - Build all targets marked with [*]
* vmlinux - Build the bare kernel
* modules - Build all modules
(default: ./usr)
Documentation targets:
Linux kernel internal documentation in different formats (Sphinx):
htmldocs - HTML
latexdocs - LaTeX
pdfdocs - PDF
epubdocs - EPUB
xmldocs - XML
cleandocs - clean all generated files
make SPHINXDIRS="s1 s2" [target] Generate only docs of folder s1, s2
valid values for SPHINXDIRS are: development-process media gpu 80211
make SPHINX_CONF={conf-file} [target] use *additional* sphinx-build
configuration. This is e.g. useful to build with nit-picking config.
Linux kernel internal documentation in different formats (DocBook):
htmldocs - HTML
pdfdocs - PDF
psdocs - Postscript
xmldocs - XML DocBook
mandocs - man pages
installmandocs - install man pages generated by mandocs
cleandocs - clean all generated DocBook files
Architecture specific targets (x86):
* bzImage - Compressed kernel image (arch/x86/boot/bzImage)
install - Install kernel using
(your) ~/bin/installkernel or
(distribution) /sbin/installkernel or
install to $(INSTALL_PATH) and run lilo
fdimage - Create 1.4MB boot floppy image (arch/x86/boot/fdimage)
fdimage144 - Create 1.4MB boot floppy image (arch/x86/boot/fdimage)
fdimage288 - Create 2.8MB boot floppy image (arch/x86/boot/fdimage)
isoimage - Create a boot CD-ROM image (arch/x86/boot/image.iso)
bzdisk/fdimage*/isoimage also accept:
FDARGS="..." arguments for the booted kernel
FDINITRD=file initrd for the booted kernel
i386_defconfig - Build for i386
x86_64_defconfig - Build for x86_64
make V=0|1 [targets] 0 => quiet build (default), 1 => verbose build
make V=2 [targets] 2 => give reason for rebuild of target
make O=dir [targets] Locate all output files in "dir", including .config
make C=1 [targets] Check all c source with $CHECK (sparse by default)
make C=2 [targets] Force check of all c source with $CHECK
make RECORDMCOUNT_WARN=1 [targets] Warn about ignored mcount sections
make W=n [targets] Enable extra gcc checks, n=1,2,3 where
1: warnings which may be relevant and do not occur too often
2: warnings which occur quite often but may still be relevant
3: more obscure warnings, can most likely be ignored
Multiple levels can be combined with W=12 or W=123
$ make -j $(nproc) bzImage modules
modules_install - Install all modules to INSTALL_MOD_PATH (default: /)
firmware_install- Install all firmware to INSTALL_FW_PATH
(default: $(INSTALL_MOD_PATH)/lib/firmware)
modules_prepare - Set up for building external modules
headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH
$ sudo make modules_install
$ sudo cp arch/x86/boot/bzImage /boot/vmlinuz-4.9.86-gnu
$ sudo cp System.map /boot/System.map-4.9.86-gnu
Update grub;
# grub-mkconfig -o /boot/grub/grub.cfg
$ sudo rm -r /lib/modules/4.9.86-gnu
$ sudo rm /boot/vmlinuz-4.9.86-gnu
$ sudo rm /boot/System.map-4.9.86-gnu
Core OS Index
This is part of the Hive System Documentation. Copyright (C) 2018 Hive Team. See the file Gnu Free Documentation License for copying conditions.