Misc technical notes
Building ChromeOS 3.4 Exynos kernel from git
# Define helper variables
CHROME_KERNEL=/var/tmp/chromiumos/3.4
VERSION='-fedora-remix'
# Make sure the working directory exists.
mkdir -p $CHROME_KERNEL &>/dev/null
cd $CHROME_KERNEL
# Clone ChromeOS kernel 3.4 into the working directory
git clone --branch chromeos-3.4 https://git.chromium.org/git/chromiumos/third_party/kernel.git $CHROME_KERNEL
# Prepare the ChromeOS default kernel config
${CHROME_KERNEL}/chromeos/scripts/prepareconfig chromeos-exynos5
##
## Configure to taste
##
# LOCALVERSION string
sed -i -e 's|\(CONFIG_LOCALVERSION\)=".*"|\1="-fedora-remix"|' ${CHROME_KERNEL}/.config
# Auditing support.
# Enable system-call auditing support.
# Make audit loginuid immutable.
sed -i -e 's/# \(CONFIG_AUDIT\) is not set/\1=y/' \
-e '/CONFIG_AUDIT=y/a\CONFIG_AUDITSYSCALL=y' \
${CHROME_KERNEL}/.config
# NSA SELinux Support
cat <<-EOF >> ${CHROME_KERNEL}/.config
CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_DEFAULT_SECURITY_SELINUX=y
CONFIG_DEFAULT_SECURITY="selinux"
EOF
# Disable chromiumOS security
sed -i -e 's|^\(CONFIG_SECURITY_CHROMIUMOS\).*|\1=n|' ${CHROME_KERNEL}/.config
# Control Groups and misc systemd requirements
sed -i -e 's|# \(CONFIG_CGROUP_CPUACCT\) is not set|\1=y|' \
-e 's|# \(CONFIG_CGROUP_DEVICE\) is not set|\1=y|' \
-e 's|# \(CONFIG_CGROUP_PERF\) is not set|\1=y|' \
-e 's|# \(CONFIG_CPUSETS\) is not set|\1=y|' \
-e 's|# \(CONFIG_RESOURCE_COUNTERS\) is not set|\1=y|' \
-e 's|# \(CONFIG_FHANDLE\) is not set|\1=y|' \
-e 's|# \(CONFIG_AUTOFS4_FS\) is not set|\1=y|' \
-e 's|# \(CONFIG_SCHED_DEBUG\) is not set|\1=y|' \
${CHROME_KERNEL}/.config
#CONFIG_PROC_PID_CPUSET=y
#CONFIG_NETFILTER_XT_TARGET_AUDIT=m
# run the kernel conf script
make oldconfig
# build the kernel
make -j2
# install the kernel & modules
sudo make modules_install install
# The zImage
sudo cp ${CHROME_KERNEL}/arch/arm/boot/zImage /boot/zImage-3.4.0-fedora-remix
# The device tree blob
make exynos5250-snow.dtb
sudo cp ${CHROME_KERNEL}/arch/arm/boot/exynos5250-snow.dtb /boot/.
# save a copy of the kernel config
sudo cp ${CHROME_KERNEL}/.config /boot/config-3.4.0-fedora-remix
# generate a suitable Flattened uImage Tree (aka image tree source) file
cat <<-EOF > /boot/fedora-remix.its
/dts-v1/;
/ {
description = "Fedora Remix 3.4.0 exynos kernel with initrd and DTB";
#address-cells = <1>;
images {
kernel@1{
description = "kernel3.4.0-fedora-remix";
data = /incbin/("/boot/zImage-3.4.0-fedora-remix");
type = "kernel_noload";
arch = "arm";
os = "linux";
compression = "none";
load = <0>;
entry = <0>;
};
fdt@1{
description = "exynos5250-snow.dtb";
data = /incbin/("/boot/exynos5250-snow.dtb");
type = "flat_dt";
arch = "arm";
compression = "none";
};
};
configurations {
default = "conf@1";
conf@1{
description = "Fedora Remix Kernel";
kernel = "kernel@1";
ramdisk = "ramdisk@1";
fdt = "fdt@1";
};
};
};
EOF
# Create the uImage binary file
sudo mkimage -vf /boot/fedora-remix.it{s,b}
#cp /boot/fedora-remix.itb /boot/vmlinux-3.4.0-fedora-remix.uimg
# Pack and sign the kernel
sudo vbutil_kernel --pack /boot/kernel-3.4.0-fedora-remix.img \
--keyblock /boot/fedora-19.keyblock \
--signprivate /boot/fedora-19.vbprivk \
--config /boot/kcmdline \
--vmlinuz /boot/fedora-remix.itb \
--arch arm --version 1
sudo dd if=/boot/kernel-3.4.0-fedora-remix.img \
of=/dev/mmcblk1p1 bs=4M
sync
#THE END