/buildkernel-hjkl

Utility to facilitate the building and installation of EFI secure boot kernels under Gentoo Linux. Fork to use genkernel 4.1.2 + FlyingWaffle's plymouth patch, instead of genkernel-next.

Primary LanguageShellGNU General Public License v3.0GPL-3.0

buildkernel

A tool to build a secure-boot EFI stub kernel, and save it to the EFI system partition.

Originally written by sakaki to work with genkernel-next, a fork of genkernel. genkernel-next was removed from the Gentoo repository in August 2020, and sakaki stood down as maintainer of buildkernel in October 2020 (see here). This is hijackeel's fork of buildkernel, made to work with genkernel, which as of v4.3.7 has all of genkernel-next's features.

Description

buildkernel is a script that builds a Gentoo Linux EFI stub kernel which is suitable for booting from a USB key using UEFI (no additional bootloader required). It makes use of the initramfs creation tools (and early userspace init(8) script) provided by genkernel(8).

Specifically, the assumed use-case for buildkernel is where you are creating a kernel for use in a dual-factor-authenticated LVM-over-LUKS system, booting from an external USB key, with secure boot enabled (using UEFI), where you may (optionally) wish to use the plymouth(8) splash manager, and where the target (final) init system is systemd(1) or OpenRC(8).

buildkernel will automatically set the necessary kernel configuration parameters, including the command line, sign the resulting kernel if possible, then update the EFI boot list if required.

The buildkernel utility can be invoked in non-interactive (default) or interactive mode (see the --ask option, in the manpage). Non-interactive mode is suitable for use in a scripted invocation.

Certain key options can be specified via the configuration file, /etc/buildkernel.conf: see buildkernel.conf(5) for details.

Although buildkernel is targetted primarily at the use-case where the EFI system partition is on a removable USB key (for security), it can also be used with a system partition on a fixed drive.

Installation

buildkernel is best installed (on Gentoo) via its ebuild, available as part of the sakaki-tools-hjkl overlay. Full instructions are provided as part of the Sakaki's EFI Install Guide tutorial, on the Gentoo wiki.

In particular, see this section for a detailed description of what buildkernel does, and why.