Step 5 : Build the Kernel ========================= .. tab-set:: .. tab-item:: Build the Kernel * In this program, you are going to learn .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow * How to ? .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`How to Build the Kernel ` .. _barelinux_x86-64_step4_0: .. tab-set:: .. tab-item:: Steps to Build the Kernel * Start building the kernel by running the following command: .. code-block:: c $ make * The process of building and compiling the Linux kernel takes some time to complete. * Meanwhile, you would see the following after giving make command: .. code-block:: c SYNC include/config/auto.conf.cmd HOSTCC scripts/kconfig/conf.o HOSTLD scripts/kconfig/conf SYSHDR arch/x86/include/generated/uapi/asm/unistd_32.h SYSHDR arch/x86/include/generated/uapi/asm/unistd_64.h SYSHDR arch/x86/include/generated/uapi/asm/unistd_x32.h SYSTBL arch/x86/include/generated/asm/syscalls_32.h SYSHDR arch/x86/include/generated/asm/unistd_32_ia32.h SYSHDR arch/x86/include/generated/asm/unistd_64_x32.h SYSTBL arch/x86/include/generated/asm/syscalls_64.h HYPERCALLS arch/x86/include/generated/asm/xen-hypercalls.h HOSTCC arch/x86/tools/relocs_32.o HOSTCC arch/x86/tools/relocs_64.o HOSTCC arch/x86/tools/relocs_common.o HOSTLD arch/x86/tools/relocs HOSTCC scripts/genksyms/genksyms.o YACC scripts/genksyms/parse.tab.[ch] HOSTCC scripts/genksyms/parse.tab.o LEX scripts/genksyms/lex.lex.c HOSTCC scripts/genksyms/lex.lex.o HOSTLD scripts/genksyms/genksyms HOSTCC scripts/selinux/genheaders/genheaders HOSTCC scripts/selinux/mdp/mdp HOSTCC scripts/bin2c HOSTCC scripts/kallsyms HOSTCC scripts/sorttable HOSTCC scripts/asn1_compiler HOSTCC scripts/sign-file HOSTCC scripts/insert-sys-cert * If you are compiling the kernel on Ubuntu, you may receive the following error that interrupts the building process: .. code-block:: c make[1]: *** No rule to make target "debian/canonical-certs.pem", needed by "certs/x509_certificate_list". Stop. * Disable the conflicting security certificates by executing the two commands below: .. code-block:: c $ scripts/config --disable SYSTEM_TRUSTED_KEYS $ scripts/config --disable SYSTEM_REVOCATION_KEYS * The commands return no output. Start the building process again with make, and press Enter repeatedly to confirm the default options for the generation of new certificates. .. code-block:: shell $ make SYNC include/config/auto.conf.cmd Restart config... Certificates for signature checking File name or PKCS#11 URI of module signing key (MODULE_SIG_KEY) [certs/signing_key.pem] certs/signing_key.pem Type of module signing key to be generated > 1. RSA (MODULE_SIG_KEY_TYPE_RSA) 2. ECDSA (MODULE_SIG_KEY_TYPE_ECDSA) choice[1-2?]: 1 Provide system-wide ring of trusted keys (SYSTEM_TRUSTED_KEYRING) [Y/?] y Additional X.509 keys for default system keyring (SYSTEM_TRUSTED_KEYS) [] (NEW) Reserve area for inserting a certificate without recompiling (SYSTEM_EXTRA_CERTIFICATE) [Y/n/?] y Number of bytes to reserve for the extra certificate (SYSTEM_EXTRA_CERTIFICATE_SIZE) [4096] 4096 Provide a keyring to which extra trustable keys may be added (SECONDARY_TRUSTED_KEYRING) [Y/n/?] y Provide system-wide ring of blacklisted keys (SYSTEM_BLACKLIST_KEYRING) [Y/n/?] y Hashes to be preloaded into the system blacklist keyring (SYSTEM_BLACKLIST_HASH_LIST) [] Provide system-wide ring of revocation certificates (SYSTEM_REVOCATION_LIST) [Y/n/?] y X.509 certificates to be preloaded into the system blacklist keyring (SYSTEM_REVOCATION_KEYS) [] (NEW) Allow root to add signed blacklist keys (SYSTEM_BLACKLIST_AUTH_UPDATE) [N/y/?] n CALL scripts/checksyscalls.sh CALL scripts/atomic/check-atomics.sh DESCEND objtool CHK include/generated/compile.h CHK kernel/kheaders_data.tar.xz HOSTCC certs/extract-cert CERT certs/x509_certificate_list COPY certs/x509.genkey GENKEY certs/signing_key.pem * Install the required modules with this command: .. code-block:: c $ sudo make modules_install * Finally, install the kernel by typing: .. code-block:: c $ sudo make install * The output shows done when finished