Linux/Tipps/Gentoo/Kernel: Unterschied zwischen den Versionen
Linux/Tipps/Gentoo/Kernel (Quelltext anzeigen)
Version vom 9. Oktober 2023, 05:42 Uhr
, 9. Oktober 2023→Mit genkernel
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
(18 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 19: | Zeile 19: | ||
===Mit genkernel=== | ===Mit genkernel=== | ||
Auf Basis der Config des laufenden Kernels: | Auf Basis der Config des laufenden Kernels: | ||
genkernel all | genkernel --microcode --kernel-config=.config --no-clean --makeopts=-j5 all | ||
Mit völlig neuer generischer Config: | Mit völlig neuer generischer Config: | ||
genkernel --kernel-config=/usr/share/genkernel/x86/kernel-config-2.6 all | genkernel --microcode --kernel-config=/usr/share/genkernel/x86/kernel-config-2.6 --makeopts=-j5 all | ||
===Ohne genkernel=== | ===Ohne genkernel=== | ||
Zeile 33: | Zeile 33: | ||
* per Hand/Editor oder "make menuconfig" und anschließend "genkernel --no-clean all" | * per Hand/Editor oder "make menuconfig" und anschließend "genkernel --no-clean all" | ||
oder | oder | ||
* genkernel --no-clean --menuconfig all | * genkernel --kernel-config=.config --no-clean --menuconfig all | ||
Wenn ein Splashscreen verwendet wird, muss auch noch "--splash=<THEME>" und optional "--splash-res=1024x768" angegeben werden. | Wenn ein Splashscreen verwendet wird, muss auch noch "--splash=<THEME>" und optional "--splash-res=1024x768" angegeben werden. | ||
Zeile 55: | Zeile 55: | ||
====Mit genkernel==== | ====Mit genkernel==== | ||
make oldconfig | make oldconfig | ||
genkernel --no-clean all | genkernel --kernel-config=.config --no-clean all | ||
Mir | Mir 4 CPUs: | ||
genkernel --no-clean --makeopts=- | genkernel --kernel-config=.config --no-clean --makeopts=-j5 all | ||
Wenn ein Splashscreen verwendet wird, muss auch noch "--splash=<THEME>" und optional "--splash-res=1024x768" angegeben werden. | Wenn ein Splashscreen verwendet wird, muss auch noch "--splash=<THEME>" und optional "--splash-res=1024x768" angegeben werden. | ||
Zeile 243: | Zeile 243: | ||
* CONFIG_EXTRA_FIRMWARE: '''Device Drivers -> Generic Driver Options -> External firmware blobs to build into the kernel binary''' = rtl_nic/rtl8168e-3.fw | * CONFIG_EXTRA_FIRMWARE: '''Device Drivers -> Generic Driver Options -> External firmware blobs to build into the kernel binary''' = rtl_nic/rtl8168e-3.fw | ||
* CONFIG_EXTRA_FIRMWARE_DIR: '''Device Drivers -> Generic Driver Options -> Firmware blobs root directory''' = /lib/firmware | * CONFIG_EXTRA_FIRMWARE_DIR: '''Device Drivers -> Generic Driver Options -> Firmware blobs root directory''' = /lib/firmware | ||
==Logitech Unifying Receiver== | |||
* CONFIG_USB_HIDDEV: '''Device Drivers -> HID Devices -> /dev/hiddev raw HID device support''' = y | |||
'''oder''' | |||
* CONFIG_HIDRAW: '''Device Drivers -> HID Devices -> /dev/hidraw raw HID device support''' = y | |||
Außerdem: | |||
* CONFIG_HID_LOGITECH: '''Device Drivers -> HID Devices -> Special HID drivers -> Logitech devices''' = y | |||
* CONFIG_HID_LOGITECH: '''Device Drivers -> HID Devices -> Special HID drivers -> Logitech Unifying receivers full support''' = m | |||
==PAE (Physical Address Extension)== | |||
* CONFIG_HIGHMEM64G: '''Processor type and features -> High Memory Support 64GB''' = y | |||
* CONFIG_X86_PAE: '''Processor type and features -> PAE (Physical Address Extension) Support''' = y | |||
==Namespaces (benötigt für die Sandbox von Chrome/Chromium)== | |||
* CONFIG_NAMESPACES: '''General setup -> Namespaces support''' = y | |||
* PID_NS: '''General setup -> Namespaces support -> PID Namespaces''' = y | |||
* NET_NS: '''General setup -> Namespaces support -> Network namespace''' = y | |||
==High Resolution Timer== | |||
* CONFIG_HIGH_RES_TIMERS: '''General setup -> Timers subsystem -> High Resolution Timer Support''' = y | |||
==Crypto XTS support == | |||
* CRYPTO_XTS: '''Cryptographic API -> XTS support''' = y | |||
== Microcode patches for Spectre == | |||
See also https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre and https://wiki.gentoo.org/wiki/Intel_microcode and https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html. | |||
Check processor and microcode version (before and after changes): | |||
dmesg | grep microcode | |||
Install microcode and tool: | |||
emerge --ask --noreplace sys-firmware/intel-microcode sys-apps/iucode_tool | |||
Generate microcode for kernel (do after each update of intel-microcode): | |||
iucode_tool -S --overwrite --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/* | |||
Enable kernel options: | |||
* CONFIG_BLK_DEV_INITRD: '''General setup -> Initial RAM filesystem and RAM disk (initramfs/initrd) support''' = y | |||
* CONFIG_MICROCODE: '''Processor type and features -> CPU microcode loading support''' = y | |||
* CONFIG_MICROCODE_INTEL: '''Processor type and features -> Intel microcode loading support''' = y | |||
Need newer genkernel for '''--microcode''' option, so have to add this to '''/etc/portage/package.keywords''': | |||
=sys-kernel/genkernel-3.5.1.1 | |||
Install newer genkernel: | |||
emerge --ask genkernel | |||
Create new kernel with microcode update: | |||
genkernel '''--microcode''' --kernel-config=.config --no-clean --makeopts=-j5 all |