Here's my contribution to the project. On my GitHub account, I've now got branches tracking kernels from 4.4 all the way to 4.10. My intent is to keep them up-to-date with upstream as much as possible, but all I can really test is to see is if they still compile and/or install/boot. If there are any issues with new versions, let me know, but I make no guarantees that I can actually *fix* any regressions that may be introduced by upstream. That said, if some people want to compile the latest kernel in a supported branch themselves on their own schedules optimized for their specific hardware setups, I hope this makes things a little easier you.
https://github.com/rtiangha/qubes-linux-kernel/ HOWTO: - You'll need at least 4GB of free space in /home for each kernel you hope to compile. - In a Fedora TemplateVM matching the version running in your dom0, install git and the qubes-kernel-vm-support package: sudo dnf install git qubes-kernel-vm-support I believe that should pull in everything you need to compile a kernel. At the moment, if you want to build a kernel higher than 4.8, you'll need to temporarily enable the current-testing repository since the version that's in stable right now is too old to work with kernels 4.9 and above. That'll probably change eventually. - Download sources: git clone https://github.com/rtiangha/qubes-linux-kernel.git - Enter directory: cd qubes-linux-kernel - Switch to the branch that you'd like to compile. For example, to switch to the 4.4 branch: git checkout stable-4.4 You can also choose from devel-4.8, stable-4.9, and devel-4.10. - Compile rpms: make rpms - The rpms will be stored in the rpms/x86_64 directory. Copy those to dom0 using these instructions: https://www.qubes-os.org/doc/copy-from-dom0/ - Install rpms. In dom0, run: dnf install kernel-<version>.rpm kernel-qubes-vm-<version>.rpm - Reboot and see if it works TIPS: By default, the kernel configuration is set up for a very generic build to work with a variety of hardware. If you're going to go through the hassle of compiling your own kernels, you might as well optimize for your particular hardware configuration. For example, if all you have are AMD machines and no Intel machines, rather than compiling a kernel for a generic x86_64 CPU, you can set the kernel to optimize for AMD CPUs specifically and you may net some performance improvements as a result. - To do this, first download the kernel sources (make rpms automatically does this for you): make get-sources - Then extract the source files: tar Jxf linux-<version>.tar.xz - Move into the directory: cd linux-<version>.tar.xz - Copy the default Qubes kernel configuration into the directory: cp ../config .config - Now, sometimes new drivers or kernel options will be introduced in-between kernel versions. It is always useful to check for that and to merge in anything new that you may find desirable. To do so, first run: make oldconfig What that will do is check the current kernel configuration file against what's available in the new kernel version. If there's nothing new, then it will exit gracefully. If there are some new things, it'll prompt you on whether or not you want to include them. If you have no idea what to do, you can probably just accept the default choices or just say No and still be safe if the current kernel configuration works for you. - Customize your kernel: make menuconfig - You'll be presented with a menu with a whole lot of options. The easiest ones to play with if you're just starting out is the Processor Type; if you compile for your specific CPU rather than a generic one, you may notice some performance improvements. Navigate to: Processor type and features -> Processor family And choose the Processor Family that best meets the machine you're compiling for. In my case, I've got machines based on an Intel Core 2 Quad Q6600, an Intel Core i7-980x, and an Intel Core i7-2720M that I run Qubes on, and I install these kernels on all of them, so I select the "Core 2/new Xeon" option when I compile kernels for myself. There are many kernel options that you can toggle, so if you want to go further, I *highly* suggest reading up on the ArchLinux or Gentoo kernel docs as they go more in depth on how to work with kernel options. Some interesting things to try would be to disable any hardware drivers for hardware you don't have, don't use, or will never use. Not only will that cut down on the attack surface, but it'll also save you on compilation time, RAM usage and disk space, which may result in some performance improvements too. Just make sure not to disable a driver for hardware that you actually have, and make sure you have a working dom0 kernel installed already to boot back into, just in case the one you created doesn't work. - When you're done, keep hitting ESC until you're asked if you want to exit and save your work. Select "Yes". Then, copy back your work back to the main directory: cp .config ../config - And then you can test your new configuration by compiling it with make rpms. If you ever need to start over, run: make clean and it'll delete all of the directories with compiled stuff in it (it won't touch the rpm directory though so your output will still be saved). Compiling and customizing Linux kernels isn't too difficult. The main costs are in disk space and compilation time, especially if you're working with older or slower hardware. But once you're empowered to do this on your own, you'll be able to compile and install kernels at your leisure as well as keep up with upstream, rather than having to wait for newer versions of the official ones to be released. Hope this helps! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ocr3um%24tjl%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
