You are not logged in.
Hi all,
I tried to compile my own kernel following the instruction in Kernel/Arch Build System.
For the first trial I did not change any config options. I just changed the name of the package in PKGBUILD:
pkgbase=linux-custom
I build the initramfs with a custom preset file /etc/mkinitcpio.d/linux-custom.preset:
ALL_kver="/boot/vmlinuz-linux-custom"
PRESETS=('default')
default_config="/etc/mkinitcpio.conf"
default_image="/boot/initramfs-linux-custom.img"
And run mkinitcpio -p linux-custom.
When I boot the kernel load, I see logs showing that udev is loaded, etc... but it seems it does not find the root UUID, that should be decrypted. I tried to get a shell with busybox but when I press keyboard nothing happen, it is as if my keyboard were not plugged.
So I tried an other way. I just changed nothing in the package, not even the package name. I compiled this home built linux package and replaced the upstream package by this one. With this home built kernel everything run fine but I get tens of messages
PKCS#7 signature not signed with a trusted key
during the boot process.
[SOLVED]
Last edited by OlivK (2019-01-29 09:32:13)
Offline
Offline
According to what I had read the key is automatically generated, and modules signed with it.
Maybe mkinitcpio does not load the modules built with the custom kernel? I could I check it?
Offline
You could check with modinfo if the modules have been signed.
Offline
They all have a signature... and whatever the build, the signature is always the same.
Offline
I do not understand, whatever the module the command `modinfo module_file_name` showes the same signature.
Offline
I can't believe it, all the modules are signed with a private key that is publicly available on the git source directory!
Offline
I can't believe it, all the modules are signed with a private key that is publicly available on the git source directory!
Where do you get that idea? The key is only generated locally in your build directory.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
I got this idea while I was looking at the output of `modinfo <module_file_name>` all modules have the same signature, for all builds. What is that signature?
Last edited by OlivK (2019-01-28 20:13:21)
Offline
Was the src directory cleaned between builds?
Offline
As long as you reuse the source directory from the last build without cleaning it up, the key stays the same.
Edit: Forgot to reload ...
Last edited by progandy (2019-01-28 20:31:31)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Yes I erase all directories loaded during the makepkg process before recompiling.
Actually I had checked only the first bytes of the signature. I am sorry, I would like to understand why those first bytes are always the same, but whatsoever this is not the problem.
I checked the signature of few installed modules using the script in https://unix.stackexchange.com/question … -signature, and actualy every signature are fine (also in the extracted initramfs). Actualy the trouble came from a customization of mine. I have changed /etc/mkinitcpio.d/linux.preset and when I reinstalled my own linux package, this file was override, and the image was not placed in the expected directory. So I used the wrong init ram disk. So I fixed the last problem which was that when I compile myself the linux package I had this signature error message.
But I still have trouble with my original problem which is that the boot process start but it cannot find my root device if I compile use a package named linux-custom. So I am rebuilding the package linux-custom and I am going to retry from start. I will make a new post when I will have finished that.
Offline
Finaly I was using the wrong kernel image when building the efi file.
Thank you for your help.
Offline