手册:MIPS/安装/配置Linux内核
可选:安装固件和微代码
固件
Suggested: Linux Firmware
On many systems, non-FOSS firmware is required for certain hardware to function. The sys-kernel/linux-firmware package contains firmware for many, but not all, devices.
Most wireless cards and GPUs require firmware to function.
root #emerge --ask sys-kernel/linux-firmware安装某些固件软件包时,经常需要接受固件关联的许可证。有需要的话,访问手册的许可证处理章节有助于你接受许可证。
Firmware Loading
Firmware files are typically loaded when the associated kernel module is loaded. This means the firmware must be built into the kernel using CONFIG_EXTRA_FIRMWARE if the kernel module is set to Y instead of M. In most cases, building-in a module which required firmware can complicate or break loading.
{{#switch: mips | amd64 | x86 =
微码
除了独立显卡硬件和网络接口之外,CPU 可能也需要固件更新。通常这种固件被称为微码(microcode)。有时需要更新版本的微码来修补 CPU 硬件中的不稳定性、安全问题或其他复杂的错误。
AMD CPU 的微码更新在前面提到的 sys-kernel/linux-firmware 软件包内分发。Intel CPU 的微码可以在 sys-firmware/intel-microcode 包中找到,并且需要单独安装。更多有关如何更新微码的细节,请查看微码文章。
sys-kernel/installkernel
Installkernel may be used to automate the kernel installation, initramfs generation, unified kernel image generation and bootloader configuration, among other things. sys-kernel/installkernel implements two paths of achieving this: the traditional installkernel originating from Debian and systemd's kernel-install. Which one to choose depends, among other things, on the system's bootloader. By default, systemd's kernel-install is used on systemd profiles, while the traditional installkernel is the default for other profiles.
Bootloader
Now is the time to think about which bootloader the user wants for the system.
Only one selection is required in the following subsection, if unsure of which to use then go with the first listed for now. It's always possible to switch at a later date if required.
GRUB
Users of GRUB can use either systemd's kernel-install or the traditional Debian installkernel. The systemd USE flag switches between these implementations. To automatically run grub-mkconfig when installing the kernel, enable the grub USE flag.
GRUB requires kernels to be installed to /boot.
/etc/portage/package.use/installkernelsys-kernel/installkernel grub
root #emerge --ask sys-kernel/installkernelsystemd-boot requires kernels to be installed to /efi.
When app-emulation/virt-firmware is used to configure the UEFI ensure that the kernel-bootcfg-boot-successful service is enabled before attempting to install the kernel. This implementation of EFIstub booting is the default for systemd systems.
root #systemctl enable kernel-bootcfg-boot-successful.serviceEFIstub requires kernels to be installed to /efi.
Traditional layout, other bootloaders (e.g. (e)lilo, syslinux, etc.)
The traditional /boot layout (for e.g. (e)LILO, syslinux, etc.) is used by default if the grub, systemd-boot, efistub and uki USE flags are not enabled. No further action is required.
Initramfs
An initial ram-based file system, or initramfs, may be required for a system to boot. A wide of variety of cases may necessitate one, but common cases include:
- Kernels where storage/filesystem drivers are modules.
- Layouts with /usr/ or /var/ on separate partitions.
- Encrypted root filesystems.
Distribution kernels are designed to be used with an initramfs, as many storage and filesystem drivers are built as modules.
In addition to mounting the root filesystem, an initramfs may also perform other tasks such as:
- Running file system consistency check fsck, a tool to check and repair consistency of a file system in such events of uncleanly shutdown a system.
- Providing a recovery environment in the event of late-boot failures.
Installkernel can automatically generate an initramfs when installing the kernel if the dracut or ugrd USE flag is enabled:
/etc/portage/package.use/installkernelsys-kernel/installkernel dracut
Chroot detection
Bootloaders such as systemd-boot and EFI stub use the kernel arguments of the running system as set in /proc/cmdline by default. Because of the wide range of ways Gentoo can be installed users will randomly get tripped up by this.
To help solve any issues this may cause, sys-kernel/installkernel will check if it is running in a chroot and fail if the kernel command line is not explicitly configured. Otherwise the bootloader would use the install media's boot arguments which would lead to boot failure.
One way to satisfy sys-kernel/installkernel is by using Dracut's config file to set the root partition UUID as shown below, or alternatively for more information on what this check helps with and different ways to configure it, see Installkernel#Install_chroot_check.
root #mkdir /etc/dracut.conf.droot #blkid/dev/sda3: UUID="2122cd72-94d7-4dcc-821e-3705926deecc"
In the above example, the root partition is /dev/sda3 and the UUID is 2122cd72-94d7-4dcc-821e-3705926deecc. The dracut config file would then look like:
/etc/dracut.conf.d/00-installkernel.confkernel_cmdline=" root=UUID=2122cd72-94d7-4dcc-821e-3705926deecc " # Note leading and trailing spaces
root #emerge --ask sys-kernel/installkernel内核配置和编译
It can be a wise move to use the dist-kernel on the first boot as it provides a very simple method to rule out system issues and kernel config issues. Always having a known working kernel to fallback on can speed up debugging and alleviate anxiety when updating that your system will no longer boot.
A common misconception is that a manually compiled kernel will use a lot less RAM than a pre configured distribution kernel. Due to the modular nature of the Linux kernel, only what is needed by the system is loaded and in most cases resulting in similar memory usage.
Only one selection is required in the following subsection, if unsure of which to use then go with the first listed for now. It's always possible to switch at a later date if required.
由操作最少到操作最多排序:
- 全自动方法:Distribution 内核
- Distribution 内核用来配置、自动构建安装 Linux 内核、相关模块和 initramfs 文件(可选,但是默认启用)。将来内核就像其他的系统软件包一样,通过使用包管理器全自动升级。如果需要定制内核,它可以提供自定义内核配置文件。这种过程操作最少,并且非常适合新 Gentoo 用户,因为它开箱即用,并且系统管理员最少参与。
- 混合方法:Genkernel
- 通过系统包管理器安装新内核源代码。系统管理员可以使用 Gentoo 的 genkernel 工具的配置,构建和安装 Linux 内核、相关模块和 initramfs 文件(可选,但默认不 启用)。如果要自定义内核,它可以提供自定义内核配置文件。将来每次更新内核配置、编译和安装都需要系统管理员运行 eselect kernel,genkernel和其他可能的命令。
- 全手动方法
- 通过系统包管理器安装新的内核源代码。使用 eselect kernel 和一大堆 make 命令手动配置、构建和安装内核。将来内核升级需要重复手动配置、构建和安装内核文件的过程。这是操作做多的过程,但是在内核更新过程提供最大程度控制。
Linux内核是所有发行版的核心。它位于用户程序和系统硬件之间。尽管手册提供给用户一些可选的内核源码,但是在内核概述页面有更全面的列表,上面有着更多的细节描述。
Kernel installation tasks such as copying the kernel image to /boot or the EFI System Partition, generating an initramfs and/or Unified Kernel Image, updating bootloader configuration, can be automated with installkernel. Users may wish to configure and install sys-kernel/installkernel before proceeding. See the Kernel installation section below for more more information.
可选:手动配置
安装内核源码
当为基于 mips 的系统安装和编译内核时,Gentoo 推荐使用 sys-kernel/mips-sources 软件包。
选择一个合适的内核并使用 emerge 来安装它。
root #emerge --ask sys-kernel/mips-sources这将在 /usr/src/ 中安装路径中特定版本的 Linux 内核源码。如果没有在所选内核源码包内启用 USE=symlink,它将不会自行创建符号链接。
我们习惯性的维护 /usr/src/linux 符号链接。这样,它指向与当前运行的内核相对应的源代码。然而,默认情况下不会创建这个符号链接。有一个简单创建符号链接的方法是利用 eselect 的内核模块。
更多有关符号链接的信息以及如何管理符号链接,请参考升级内核。
首先,列出所有已安装的内核:
root #eselect kernel listAvailable kernel symlink targets: [1] linux-6.19.1-gentoo
要创建一个名为 linux 的符号链接,使用:
root #eselect kernel set 1root #ls -l /usr/src/linuxlrwxrwxrwx 1 root root 12 Oct 13 11:04 /usr/src/linux -> linux-6.19.1-gentoo
Manually configuring a kernel is commonly seen as one of the most difficult procedures a system administrator has to perform. Nothing is less true - after configuring a few kernels no one remembers that it was difficult! There are two ways for a Gentoo user to manage a manual kernel system, both of which are listed below:
Only one selection is required in the following subsection, if unsure of which to use then go with the first listed for now. It's always possible to switch at a later date if required.
Option 2 - Assisted manual process
This method allows a user to have full control of how their kernel is built with as minimal help from outside tools as they wish. Some could consider this as making it hard for the sake of it.
无论如何,有一件事是真实的:当手动配置内核时,了解(硬件)系统是至关重要的。大多数信息可以通过安装包含lspci命令的sys-apps/pciutils来收集:
root #emerge --ask sys-apps/pciutils在chroot中,可以安全的忽略任何lspci可能抛出的关于pcilib的警告(比如pcilib: cannot open /sys/bus/pci/devices)。
另一个系统信息来源是运行lsmod来查看安装CD使用什么内核模块,它可能对启用什么提供了一个好的暗示。
现在进入内核源码目录并执行make menuconfig。这将启动一个菜单驱动的配置屏幕。
root #cd /usr/src/linux
root #make menuconfig
To view the full list of make arguments available for the kernel, run
make help.The kernel has a method of autodetecting the modules currently being used on the installcd which will give a great starting point to allow a user to configure their own. This can be called by using:
root #make localmodconfigManually configuring should not be needed at this point, but if a user wish to check:
root #make nconfigNow it's time to decide if modules signing is required in the steps listed in here
If not, proceed to building described here
Option 3 - Configuring by hand
The Linux kernel configuration has many, many sections and as configuring a kernel by hand is rarely needed thanks to the two tools listed above. The steps to do it by hand are now included at Kernel/Gentoo_Kernel_Configuration_Guide
Optional: Signed kernel modules
To automatically sign the kernel modules enable CONFIG_MODULE_SIG_ALL:
[*] Enable loadable module support
-*- Module signature verification
[*] Automatically sign all modules
Which hash algorithm should modules be signed with? (Sign modules with SHA-512) --->
Optionally change the hash algorithm if desired.
To enforce that all modules are signed with a valid signature, enable CONFIG_MODULE_SIG_FORCE as well:
[*] Enable loadable module support
-*- Module signature verification
[*] Require modules to be validly signed
[*] Automatically sign all modules
Which hash algorithm should modules be signed with? (Sign modules with SHA-512) --->
To use a custom key, specify the location of this key in CONFIG_MODULE_SIG_KEY. If unspecified, the kernel build system will generate a key. It is recommended to generate one manually instead. This can be done with:
root #openssl req -new -nodes -utf8 -sha256 -x509 -outform PEM -out kernel_key.pem -keyout kernel_key.pemOpenSSL will ask some questions about the user generating the key, it is recommended to fill in these questions as detailed as possible.
Store the key in a safe location, at the very least the key should be readable only by the root user. Verify this with:
root #ls -l kernel_key.pem-r-------- 1 root root 3164 Jan 4 10:38 kernel_key.pem
If this outputs anything other then the above, correct the permissions with:
root #chown root:root kernel_key.pem
root #chmod 400 kernel_key.pem
-*- Cryptographic API --->
Certificates for signature checking --->
(/path/to/kernel_key.pem) File name or PKCS#11 URI of module signing key
To also sign external kernel modules installed by other packages via linux-mod-r1.eclass, enable the modules-sign USE flag globally:
/etc/portage/make.confEnable module signingUSE="modules-sign"
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
# Optionally, when using custom signing keys.
MODULES_SIGN_KEY="/path/to/kernel_key.pem"
MODULES_SIGN_CERT="/path/to/kernel_key.pem" # Only required if the MODULES_SIGN_KEY does not also contain the certificate
MODULES_SIGN_HASH="sha512" # Defaults to sha512
MODULES_SIGN_KEY and MODULES_SIGN_CERT may point to different files. For this example, the pem file generated by OpenSSL includes both the key and the accompanying certificate, and thus both variables are set to the same value.
Handbook:MIPS/Blocks/Kernel/zh-cn
继续到配置系统来安装。