| View previous topic :: View next topic |
| Author |
Message |
Muldakmens
n00b
Joined: 12 Dec 2024
Posts: 2
|
 Posted: Thu Dec 12, 2024 3:36 pm Post subject: Cannot compile the CachyOS kernel |
 |
|
Hi,
This is my first time ever manually configuring and compiling the kernel, and I seem to get in trouble due to unwanted secure boot features.
| Code: | koknese /usr/src/linux # make -j9 && make modules_install && make install
mkdir -p /usr/src/linux-6.12.4-cachyos-6.12.4/tools/objtool && make O=/usr/src/linux-6.12.4-cachyos-6.12.4 subdir=tools/objtool --no-print-directory -C objtool
mkdir -p /usr/src/linux-6.12.4-cachyos-6.12.4/tools/bpf/resolve_btfids && make O=/usr/src/linux-6.12.4-cachyos-6.12.4 subdir=tools/bpf/resolve_btfids --no-print-directory -C bpf/resolve_btfids
INSTALL libsubcmd_headers
CALL scripts/checksyscalls.sh
INSTALL libsubcmd_headers
make[3]: *** No rule to make target '/var/tmp/portage/sys-kernel/gentoo-kernel-6.12.3/temp/kernel_key.pem', needed by 'certs/signing_key.x509'. Stop.
make[2]: *** [scripts/Makefile.build:478: certs] Error 2
make[2]: *** Waiting for unfinished jobs....
CHK kernel/kheaders_data.tar.xz
make[1]: *** [/usr/src/linux-6.12.4-cachyos-6.12.4/Makefile:1948: .] Error 2
make: *** [Makefile:224: __sub-make] Error 2 |
I have also disabled this in the kernel config
| Code: |
-*- Module signature verification
│ │ [ ] Require modules to be validly signed
│ │ [ ] Automatically sign all modules
|
yet, to no avail. Is there a way I can disable Secure Boot related features and continue compiling? |
|
| Back to top |
|
 |
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1828
Location: South America
|
| Posted: Thu Dec 12, 2024 4:54 pm Post subject: |
|
|
This looks like something related to CONFIG_SYSTEM_TRUSTED_KEYRING and CONFIG_MODULE_SIG_KEY; it will be easier to help you if you put the .config file in a pastebin site and post a link.
_________________
| NeddySeagoon wrote: | I'm not a witch, I'm a retired electronics engineer  |
| Ionen wrote: | | As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though |
|
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 31499
Location: here
|
| Posted: Thu Dec 12, 2024 6:02 pm Post subject: |
|
|
Moved from Kernel & Hardware to Unsupported Software.
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
Muldakmens
n00b
Joined: 12 Dec 2024
Posts: 2
|
| Posted: Thu Dec 12, 2024 7:32 pm Post subject: |
|
|
| GDH-gentoo wrote: | | This looks like something related to CONFIG_SYSTEM_TRUSTED_KEYRING and CONFIG_MODULE_SIG_KEY; it will be easier to help you if you put the .config file in a pastebin site and post a link. |
https://0x0.st/XF8w.old
I have tried setting CONFIG_MODULE_SIG_KEY to n in the config file, however to no avail. |
|
| Back to top |
|
|
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1828
Location: South America
|
| Posted: Thu Dec 12, 2024 9:36 pm Post subject: |
|
|
First, just in case: don't edit the .config file. Modify the kernel's configuration by invoking make with a suitable configuration target, such as make menuconfig or make nconfig.
Second: this kernel has enabled at least one option that will require you to provide suitable signing keys: CONFIG_IMA_APPRAISE_MODSIG ("Support module-style signatures for appraisal" in the "Security options" menu).
_________________
| NeddySeagoon wrote: | | I'm not a witch, I'm a retired electronics engineer |
| Ionen wrote: | | As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though |
|
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5439
Location: Bavaria
|
|
| Back to top |
|
|
|
Unsupported Software
