On Thu, 16 Jul 2020 11:02:02 -0400
Steve Grubb <sgrubb(a)redhat.com> wrote:
What is the best way to build an official Fedora kernel SRPM with
KASAN=y?
This is the official documentation for building a custom kernel.
https://fedoraproject.org/wiki/Building_a_custom_kernel
It might already be set in the stock Fedora kernel. You could go into
/boot and run
grep -i kasan on one of the configuration files. All my kernels are
custom builds, so I can't check the stock setting, but mine have it
turned on.
I use rpmbuild because I've been building custom kernels from the
srpm for a long time, but that is now deprecated in favor of fedpkg or
mock, I think.
If you want to run a custom kernel in uefi secure mode, you will have
to generate a local key pair, and sign the custom kernel with pesign.
If you don't have the rh-test-cert installed in the efi key database,
you will have to remove it from the kernel binary using pesign, as well,
or it won't be found on boot.