How to compile&install an AppVM custom kernel in Qubes OS? (Fedora 28)

asked 2018-08-18 13:57:00 -0500

constantoverride gravatar image

updated 2018-08-25 10:16:13 -0500

tl;dr: I want to recompile a QubesOS R4.0 AppVM's kernel, compile it inside (the same or different) AppVM (but not inside dom0), and have the AppVM use this new kernel on its next start.

In QubesOS R4.0, using a Fedora28 AppVM, I want to recompile its kernel and change a few .config options (such as turn off swap). The kernel is Qubes-specific (eg. 4.14.57-1.pvops.qubes.x86_64) so I can't use generic Fedora kernel-building instructions.
After recompiling the kernel, I expect to be able to tell that AppVM which kernel to use on next startup (the old kernel, or the newly recompiled one), so please include instructions on how to do this also.

The following is all the info that I have found so far(but they are for Qubes R3.2 ? instead of R4.0), but haven't yet tested: https://github.com/0spinboson/qubes-d...
Hopefully that gives some idea of the kind of answer that I'm expecting.

Thanks.

EDIT: I'm keeping track of my progress in this github gist

edit retag flag offensive close merge delete

Comments

1

I don't see why Fedora's kernel-building instructions don't apply. Just take Qubes' .spec file instead of the Fedora one.

Anyway, if you go further these questions are too Qubes-specific to be answered here.

genodeftest gravatar imagegenodeftest ( 2018-08-20 09:00:53 -0500 )edit

Thanks, I'm able to compile and get 3 rpms, none of which install inside the AppVM due to eg. 

Error: 
 Problem: conflicting requests
  - nothing provides qubes-core-dom0 needed by kernel-latest-qubes-vm-1000:4.17.9-2.pvops.qubes.x86_64

That qubes-core-dom0 is only found in dom0 which is kinda confusing since I'm trying to install the kernel inside the VM only! Even those 0spinboson instructions say I should be doing it inside dom0. There's a make rpms-vm which is empty(does nothing) inside the Makefile. Which kinda tells me that spec file repo is for dom0 only? I'm confused.

constantoverride gravatar imageconstantoverride ( 2018-08-20 14:11:11 -0500 )edit

wow the vm kernels are actually residing in dom0 - i did not expect that!

$ ls -l /var/lib/qubes/vm-kernels/4.14.57-1/
total 326016
-rw-r--r-- 1 root root   6898801 Jul 23 18:44 initramfs
drwxr-xr-x 4 root root      4096 Aug 11 11:04 modules
-rw-r--r-- 1 root root 524288000 Aug 11 11:04 modules.img
-rw-r--r-- 1 root root   6146368 Jul 23 18:30 vmlinuz

So, I guess I'm stuck having to install the rpms in dom0 then, where I get:

Error: nothing provides libcrypto.so.1.1()(64bit) needed by kernel-latest-qubes-vm-1000:4.17.9-2.pvops.qubes.x86_64
constantoverride gravatar imageconstantoverride ( 2018-08-20 23:26:58 -0500 )edit

Thinking about it, this makes sense: The AppVMs need to get started somewhere. As they should reside in a trustworthy (i.e. signed and encrypted) filesystem, they need to be on the host. Especially if you don't want to introduce another boot manager such as grub.

genodeftest gravatar imagegenodeftest ( 2018-08-21 14:52:51 -0500 )edit
1

@genodeftest I'd make this an answer instead of comments; it's pretty comprehensive!

abadrinath gravatar imageabadrinath ( 2018-08-22 00:23:24 -0500 )edit
see more comments