General Debian • How I built the Hyper^Linux Kernel(6.1) for Debian Bookworm(12.5) (Tiny edition!)

Code:

# This is a journal/guide for building a base system for High Performance Competitive# Online Gaming With Gnu-Linux Updated 4/21/24# The Live CD(xfce) I used for the base install is from here.#https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/

Code:

# based on #https://itsfoss.com/compile-linux-kernel/- [b]Dependencies for building the kernel[/b] -sudo apt install bc binutils bison dwarves flex gcc git gnupg2 gzip libelf-dev libncurses5-dev libssl-dev make openssl perl-base rsync tar xz-utils pahole# Grabbed the 6.1 lts kernel here. (which is similar to what bookworm uses: makes things easier, and more compatible)#www.kernel.org#https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.87.tar.xz# Extracted it into my home directorycan do it with tar -xf linux-linux-6.1.87.tar.xzor right click -> extract#And moved into the directorycd ~/linux-linux-6.1.87# And copied the 6.1 default bullseye kernel .config from /boot# into the now extracted source directory.cp -v /boot/config-$(uname -r) .config

Code:

sumake olddefconfigmake menuconfig ./scripts/config --file .config --disable MODULE_SIGmake -j$(nproc)make modules -j$(nproc)make modules_install -j$(nproc)make headers_installmake installsync

Code:

# General SetupLocal Version -> Hyper^LinuxAuditing support -> disabled(have to come back around and set this after all)## Timers subsystemTimer tick handling -> Periodic timer ticks (constant rate)High Resolution Timer Support -> disabledPreemption Model -> Preemptible Kernel (Low Latency Desktop)Preemption behavior defined on boot -> disabled(core scheduling for SMT(amd cpu's) disabled for me(intel))CPU/Task time and stats accounting -> all disabledNuma Scheduler -> disabledProfiling support -> disabled# Processor Type and Features(disabled options for amd, because I have intel cpu)(also disabled NUMA options)Linux guest support -> disabledCluster scheduler support -> disabledPerformance monitoring -> disabledSoftware Guard eXtensions (SGX) -> disabledTimer frequency -> 1000 HZRandomize The Address Of The Kernel Image (KASLR) -> disabledKernel Live Patching -> disabled# Mitagations For Speculative Execution Vulnerabilities -> disabled# Power Management and ACPI OptionsSuspend to RAM and suspend -> disabledHibernate -> disabledEnergy Model for devices with DVFS -> disabled## CPU Frequency Scaling (disabled options for AMD)Default CPUFreq Governor -> performance## CPU IdleMenu Governor -> disabled# Virtualization -> disabled# General Architecture Dependent OptionsStack Protector buffer overflow detector -> disabledUse a virtually-mapped stack -> disabledSupport for randomizing kernel stack offset on syscall entry -> disabled # Memory Management Options## SLAB allocator optionsChoose SLAB allocator -> SLABRandomize slab freelist -> disabledharden slab freelist metadata -> disabledPage allocator randomization -> disabledDisable heap randomizationn -> enabledMemory hotplug -> disabledEnable KSM for page merging -> disabledTransparent Hugepage Support -> disabled# Networking supportAmateur Radio support -> disabled# Device driversPCCard support -> disabledMacintosh device drivers -> disabledVirtualization drivers -> disabledVirtio drivers -> disabledVHOST drivers -> disabledMicrosoft Surface Drivers -> disabledIOMMU Hardware Support -> disabled# File Systems( I chose to enable file systems I use, and disable ones I don't)ext4 -> built in(*)F2FS -> built in (*) Network File Systems -> disabled# Security OptionsHarden memory copies between kernel and userspace -> disabledHarden common str/mem functions against buffer overflows -> disabledNSA SELinux Suport -> disabledTOMOYO Linux Support -> disabledAppArmor support -> disabledYama support -> disabledLandlock support -> disabled## Kernel hardening optionsInitialize kernel stack variables at function entry -> no automatic stack variable initializationmemory initialization -> enable heap memory zeroing -> disabled# Kernel HackingTracers -> disabledsave -> .config -> enter -> exit

Code:

# Before using Hyper^Linux we have to prepare the graphics driver for it,# so before rebooting follow the instructions for installing nvidia,# after installing nvidia Hyper^Linux is ready to be booted normally : D## Also a final note, I tried to keep this journal/guide simple for others to easily# follow along, the purpose of this build is to improve upon it in the future!# I got the 550 driver from here(I leave this in my home folder and keep it there)https://www.nvidia.com/Download/driverR ... 426/en-us/# It has a readme herehttp://us.download.nvidia.com/XFree86/L ... index.html# Adding 32bit library supportsudo dpkg --add-architecture i386 && sudo apt update# Have to install something with 32bit libraries so the nvidia installer# can figure out where to install it's own 32bit stuffsudo apt install steam# Rebooted into run level 3 to install the driver (a terminal)# from the grub menu at startup pressed e after selecting the Hyper^linux kernel# then after the line where it says vmlinuz....root=....ro...# added the number 3# and pressed f10 to boot it# (this is how you edit the kernel command line temporarily)# installed it's dependencies like thissudo apt install pkg-config libglvnd-dev -y# and ran the installer paying attention to it's promptssudo sh ./NVIDIA-Linux-x86_64-550.67.run# (yes install 32bit library support, yes rebuild initramfs, yes update x-config, reboot)

Code:

# Linux gaming essentially revolves around the three pillars of the linux kernel,# graphics drivers, and wine. Make sure to use the wine repositories they actually make available# for debian based distributions, as well as others, to get their upstream packages,# for the best gaming support, similarly to getting newer graphics drivers.# Install instructions, for it's apt repository are here...use the stable branch#https://wiki.winehq.org/Debian

Code:

# Follow the instructions here to add the Firefox apt repository,# update apt, install the real Firefox, and remove Debian's "FirefoxESR"#https://mozilla.org#https://support.mozilla.org/en-US/kb/install-firefox-linux?utm_source=www.mozilla.org&utm_medium=referral&utm_campaign=firefox-download-thanks#w_install-firefox-deb-package-for-debian-based-distributionssudo apt remove firefox-esr# at the very least use the no-script extension for firefox and get a good ad-blocker# which defend against typical medium's for malware, but this is not good enough either## Online exploitation is highly sophisticated in 2024 and conventional methods do not work.# Just the simple act of browsing and downloading, whatsoever, is extremely dangerous.## Not only are there highly advanced criminal organizations seeking to exploit # us via the internet, and our web browsers, but major technological organizations# are similarly dangerous.

Code:

#https://www.kernel.org/doc/html/v6.1/#https://www.kernel.org/doc/html/v6.1/admin-guide/kernel-parameters.html

Code:

# This build is specifically meant for improving performance for online competitive gaming,# and that requires a system with standard security mitigations disabled in order to # achieve greater overall performance. I recommend using a different system, such as with# a dual boot, or a different computer, for tasks that require security such as even browsing# the internet, which is dangerous in itself. I am in the process of developing unique # security mitigations to be used with this build, but since we are stuck with programs# like firefox which are extremely dangerous, and don't have the benefit of virtualization# with a build like this, it will never be a secure system ultimately, and should be reserved# for it's intended purpose: High Performance Competitive Online Gaming(with Linux^tm).# Use a firewall (not good enough by itself)sudo apt install gufwsudo systemctl enable --now ufwsudo ufw enable# Mask sshsudo systemctl mask sshd.servicesudo systemctl mask sshd.socket# Deny hostssudo mousepad /etc/hosts.denyALL: ALL# Consider disabling Ipv6# can do it within networkmanager settings# Disable Debian's sources when not in use (comment out Debian's sources)#deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware#deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware#deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware#deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware#deb http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware#deb-src http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware#deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware#deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware# The major security risks stem from advanced-exploitation# that we are exposed to naturally when using a web browser# primarily, and that includes all browsing and downloading.

Code:

sucd /bootrm *Hyper*exitsudo update-grub

Code:

# Can use "Help" from make menuconfig to learn about every option## The source file where the kernel build takes place is necessary# to keep for when the nvidia driver is built(it needs the headers there)## So I leave the source folder in place in my home directory, and it makes# doing rebuilds easier too for reoptimizing it, or adding patches## I also leave the nvidia installer, the nvidia.run file, in my home directoy# which is necessary when using different kernels or installing new kernels,# to run again.# # Always keep a live iso, installed properly on a usb with the dd command# and using sudo sync command afterwards, incase things are broken, and# you just need a basic system to access the internet or fix things ## These instructions will also work with not only Bookworm Debian,# but Bullseye and Trixie too with slight modification## If you have nvidia problems, the nvidia installer from nvidia's website is actually# super useful, and will do everything for you automatically if you just keep booting# into runlevel 3 and running the installer repeatedly: such as blacklisting the nouveau# module for you, uninstalling nvidia for you, reinstalling nvidia for you, and resolving# your missing 32 bit libraries if needed by reinstalling itself## sudo sh ./NVIDIA-Linux-x86_64-550.67.run## If you want to revert back to the default kernel you will have to deal with# the configuration files that break your nouveau driver from working with it.*## sudo mv /etc/modprobe.d/nvidia-installer-disable-nouveau.conf ~/nvidia-installer-disable-nouveau.conf.old# sudo mv /usr/lib/modprobe.d/nvidia-installer-disable-nouveau.conf ~/usrlibnvidia-installer-disable-nouveau.conf.old# sudo mv /etc/X11/xorg.conf ~/xorg.conf.old## (this way to revert back you can replace these files to their original positions)## The last guide I made for bullseye debian is here https://forums.debian.net/viewtopic.php?t=158899# and has more useful information about my overall build. Just try to ignore the harassers...#

Code:

# Continue to develop unique security mitigations that even benefit performance!# Continue to destroy all automation that taxes our processing time! (cpu time)# Recompile the Wine Kernel for Hyper Speed! (Hyper^Wine)# Replace the now super vulnerable Firefox(FireD0x) with a secure webbrowser...# Asterisks* are a personal note for myself to fix things later# zero dead one sources two new# [spoiler="{SIMPLETEXT}"]{TEXT}[/spoiler]# [hide] [/hide]# I think debian forums doesn't have support for spoiler tags so it's going to look ugly# no matter what I do because we have limited options for formatting...# and continue to work against the social harassment that is endemic in *Linux Communities* everywhere!