On Thu, 16 Jul 2020 11:02:02 -0400 Steve Grubb <sgrubb(a)redhat.com&gt; wrote: This is the official documentation for building a custom kernel. https://fedoraproject.org/wiki/Building_a_custom_kernel It might already be set in the stock Fedora kernel. You could go into /boot and run grep -i kasan on one of the configuration files. All my kernels are custom builds, so I can't check the stock setting, but mine have it turned on. I use rpmbuild because I've been building custom kernels from the srpm for a long time, but that is now deprecated in favor of fedpkg or mock, I think. If you want to run a custom kernel in uefi secure mode, you will have to generate a local key pair, and sign the custom kernel with pesign. If you don't have the rh-test-cert installed in the efi key database, you will have to remove it from the kernel binary using pesign, as well, or it won't be found on boot.