How to compile source code of new kernel specifically for my pc hardware with uefi secure boot.
Hi I am Rupesh from India and I have pc i3 processor and h510 motherboard It has uefi. I have installed open suse tumblewood and all the packages have been updated. As the default kernel provided by open suse tumblewood is not working properly I want to compile source code of new kernel which is obtained from kernel.org and the kernel source code present in /usr/src/linux*** but I can't. As the pc is uefi based I am getting lot of errors related to signing. I have installed all latest packages related to gcc, make, ctags, cscope, open ssh, open SSL, auto make, auto conf, cmake etc.,. I have created the config file from the existing configuration of system using the following command make localmodconfig I have succeeded in compiling source code of new kernel using make command but when I execute the command make install I am getting error as " certificate must have code signing extended key usage defined for secure boot ". After some time vmlinux, initrd files are created but when I try to boot the newly compiled kernel from grub I am getting errors as "bad shim signature" "you need to load the kernel first" I have tried a number of ways to compile successfully such as disabling secure boot in yast boot loader, selecting load all modules by verifying signature etc.,. Currently my .config file consists of the following lines containing the word sig [CODE] CONFIG_SIGNALFD=y CONFIG_KEXEC_SIG=y CONFIG_KEXEC_SIG_FORCE=y CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y # CONFIG_STRICT_SIGALTSTACK_SIZE is not set CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL=38 CONFIG_OLD_SIGSUSPEND3=y CONFIG_COMPAT_OLD_SIGACTION=y CONFIG_DYNAMIC_SIGFRAME=y CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_FORCE=y CONFIG_MODULE_SIG_ALL=y # CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set CONFIG_MODULE_SIG_SHA256=y # CONFIG_MODULE_SIG_SHA384 is not set # CONFIG_MODULE_SIG_SHA512 is not set CONFIG_MODULE_SIG_HASH="sha256" CONFIG_TCP_MD5SIG=y CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y # DesignWare PCI Core Support # end of DesignWare PCI Core Support CONFIG_I2C_DESIGNWARE_CORE=y # CONFIG_I2C_DESIGNWARE_SLAVE is not set CONFIG_I2C_DESIGNWARE_PLATFORM=y CONFIG_I2C_DESIGNWARE_BAYTRAIL=y # CONFIG_I2C_DESIGNWARE_PCI is not set # CONFIG_SPI_DESIGNWARE is not set # CONFIG_SND_HDA_CODEC_SIGMATEL is not set # CONFIG_USB_ISIGHTFW is not set CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y CONFIG_INTEGRITY_SIGNATURE=y # CONFIG_IMA_SIG_TEMPLATE is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_SIGNED_PE_FILE_VERIFICATION=y # Certificates for signature checking CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_MODULE_SIG_KEY_TYPE_RSA=y # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set # end of Certificates for signature checking CONFIG_CHECK_SIGNATURE=y CONFIG_SIGNATURE=y [/CODE] Kindly try to suggest how to compile the source code of kernel for uefi system with automatic key singing and how to boot the compiled kernel from grub2. Regards, Rupesh. ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
macro arg reuse warnings, howto fix ?
so, in this patchset : https://patchwork.freedesktop.org/series/100289/ I get a macro warning I cannot solve with the usual local/auto variable declaration (the 2nd line in this macro) #define DEFINE_DYNAMIC_DEBUG_CLASSBITS(_fsname, _var, _flgs, desc, ...) \ __typeof__ (_fsname) fsname = _fsname; \ MODULE_PARM_DESC(fsname, desc); \ static struct dyndbg_classbits_param ddcats_##_var = { \ .bits = &(_var), \ .flags = _flgs, \ .classes = { __VA_ARGS__, _DPRINTK_SITE_UNCLASSED } \ }; \ module_param_cb(fsname, ¶m_ops_dyndbg_classbits, \ &ddcats_##_var, 0644) without that 2nd line, patchwork's checker gives me this: -:164: CHECK:MACRO_ARG_REUSE: Macro argument reuse 'fsname' - possible side-effects? #164: FILE: include/linux/dynamic_debug.h:291: +#define DEFINE_DYNAMIC_DEBUG_CLASSBITS(fsname, _var, _flgs, desc, ...) \ + MODULE_PARM_DESC(fsname, desc); \ + static struct dyndbg_classbits_param ddcats_##_var = { \ + .bits = &(_var), \ + .flags = _flgs, \ + .classes = { __VA_ARGS__, _DPRINTK_SITE_UNCLASSED } \ + }; \ + module_param_cb(fsname, ¶m_ops_dyndbg_classbits, \ + &ddcats_##_var, 0644) with it I get compile err - suggesting this was a terrible guess at a fix. from /home/jimc/projects/lx/wk-next/drivers/gpu/drm/drm_print.c:28: /home/jimc/projects/lx/wk-next/drivers/gpu/drm/drm_print.c:57:32: error: ‘debug’ undeclared here (not in a function); did you mean ‘_ddebug’? 57 | DEFINE_DYNAMIC_DEBUG_CLASSBITS(debug, __drm_debug, "p", |^ /home/jimc/projects/lx/wk-next/include/linux/dynamic_debug.h:283:21: note: in definition of macro ‘DEFINE_DYNAMIC_DEBUG_CLASSBITS’ 283 | __typeof__ (_fsname) fsname = _fsname; \ | ^~~ make[3]: *** [/home/jimc/projects/lx/wk-next/scripts/Makefile.build:288: drivers/gpu/drm/drm_print.o] that patchset has another case, similarly confusing: #define __dynamic_func_call_cls(id, cls, fmt, func, ...) do { \ DEFINE_DYNAMIC_DEBUG_METADATA_CLS(id, cls, fmt); \ if (DYNAMIC_DEBUG_BRANCH(id)) \ func(&id, ##__VA_ARGS__); \ } while (0) that macro is a simple extension of an existing macro, which also would suffer this warning. if I insert this at line 2: __typeof__ (id) __id = (id); \ I get this: | ^~~~ /home/jimc/projects/lx/linux.git/include/linux/dynamic_debug.h:230:25: note: previous definition of ‘__id’ with type ‘int’ 230 | __typeof__ (id) __id = (id);\ | ^~~~ /home/jimc/projects/lx/linux.git/include/linux/dynamic_debug.h:260:9: note: in expansion of macro ‘__dynamic_func_call_cls’ 260 | __dynamic_func_call_cls(__UNIQUE_ID(ddebug), cls, fmt, func, ##__VA_ARGS__) | ^~~ one side thinks its an int, other side sees a struct _ddebug * pointer any hints on how to fix these so patchset it submittable ? thanks jimc ___ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies