I'm trying to use the `installkernel` ebuild to generate a UKI for an aarch64 virtual machine. The VM is using virt-manager and qemu/kvm, nothing complicated just all default options in the setup wizard other than using uefi. The uefi implementation is able to load the systemd-boot efi stub bootloader without issue, and systemd-boot tries to load the kernel with an error like "Bad kernel image, load error". Watching the generation of the uki with `emerge --config gentoo-kernel` i see that it's picking up /usr/src/linux-6.1.69-gentoo-dist/arch/arm64/boot/Image.gz as the kernel image, but this bug report from systemd implies that compressed kernels are not supported on aarch64 by neither the kernel nor systemd https://github.com/systemd/systemd/issues/23788 Inspecting /usr/src/linux-6.1.69-gentoo-dist/arch/arm64/boot/ shows that there isn't an uncompressed kernel (e.g. vmlinuz or similar) just the Image.gz that the installkernel[systemd] program picked up. I'm not sure where the bug is. It could be in my own configuration files. I tried to follow https://wiki.gentoo.org/wiki/Unified_kernel_image as best I could. It could also be that the kernel for aarch64 needs to produce an uncompressed kernel, either by default, or with a config option added to /etc/kernel/, or maybe something is wrong with installkernel[systemd]. Reproducible: Always The image is built with this build script: https://github.com/GenPi64/Build.Dist/blob/master/config/pyconfig/GenPi64OsuoslConfig.py , the equivalent for x86_64 works fine, it's only aarch64 that isn't booting. i have versions: sys-kernel/gentoo-kernel: 6.1.69 sys-kernel/installkernel[systemd]: 16 sys-kernel/dracut: 060_pre20240104 sys-apps/systemd: 255.2-r2 emerge --info: Portage 3.0.61 (python 3.11.7-final-0, default/linux/arm64/17.0/systemd/merged-usr, gcc-13, glibc-2.38-r9, 6.6.5-gentoo aarch64) ================================================================= System uname: Linux-6.6.5-gentoo-aarch64-with-glibc2.38 KiB Mem: 131013460 total, 16064016 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Fri, 19 Jan 2024 01:33:19 +0000 Head commit of repository gentoo: 53bb5488137fb420ace22bd3333ab712614f006c sh bash 5.1_p16-r6 ld GNU ld (Gentoo 2.41 p2) 2.41.0 app-misc/pax-utils: 1.3.7::gentoo app-shells/bash: 5.1_p16-r6::gentoo dev-build/autoconf: 2.71-r6::gentoo dev-build/automake: 1.16.5-r1::gentoo dev-build/cmake: 3.27.9::gentoo dev-build/libtool: 2.4.7-r1::gentoo dev-build/make: 4.4.1-r1::gentoo dev-build/meson: 1.3.0-r2::gentoo dev-lang/perl: 5.38.2-r1::gentoo dev-lang/python: 3.11.7::gentoo, 3.12.1_p1::gentoo dev-lang/rust-bin: 1.74.1::gentoo sys-apps/baselayout: 2.14-r1::gentoo sys-apps/sandbox: 2.38::gentoo sys-apps/systemd: 255.2-r2::gentoo sys-devel/binutils: 2.41-r2::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/gcc: 13.2.1_p20230826::gentoo sys-devel/gcc-config: 2.11::gentoo sys-kernel/linux-headers: 6.1::gentoo (virtual/os-headers) sys-libs/glibc: 2.38-r9::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo priority: -1000 volatile: False sync-git-verify-commit-signature: true Binary Repositories: gentoobinhost priority: 1 sync-uri: https://gentoo.osuosl.org/releases/arm64/binpackages/17.0/arm64 ACCEPT_KEYWORDS="arm64" ACCEPT_LICENSE="@FREE" CBUILD="aarch64-unknown-linux-gnu" CFLAGS="-O2 -ftree-vectorize -O2 -pipe" CHOST="aarch64-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d" CXXFLAGS="-O2 -ftree-vectorize -O2 -pipe" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--jobs --newrepo --newuse --changed-use --changed-deps --changed-slot --deep --tree --unordered-display --nospinner --backtrack=3000 --complete-graph --with-bdeps=y --rebuild-if-new-rev --rebuild-if-new-ver --rebuild-if-unbuilt --rebuilt-binaries --binpkg-respect-use=y --binpkg-changed-deps=y --usepkg=y --buildpkg-exclude='virtual/*' --buildpkg-exclude='sys-kernel/*-sources' --buildpkg-exclude='*/*-bin' --buildpkg-exclude='acct-user/*' --buildpkg-exclude='acct-group/*' --buildpkg-exclude='dev-perl/*' --usepkg-exclude='virtual/*' --usepkg-exclude='sys-kernel/*-sources' --usepkg-exclude='*/*-bin' --usepkg-exclude='acct-user/*' --usepkg-exclude='acct-group/*' --usepkg-exclude='dev-perl/*' --usepkg-exclude='sys-apps/systemd'" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -ftree-vectorize -O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg buildpkg-live ccache clean-logs compress-build-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict news parallel-fetch parallel-install pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch usersync xattr" FFLAGS="-O2 -ftree-vectorize -O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="C.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" MAKEOPTS="-j4 -l4" PKGDIR="/var/cache/binpkgs" PORTAGE_COMPRESS="zstd" PORTAGE_COMPRESS_FLAGS="-15" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl arm64 bindist boot bzip2 cli crypt dri fortran gdbm gnuefi iconv ipv6 kernel-install libtirpc ncurses nls openmp pam pcre readline seccomp ssl systemd test-rust udev unicode xattr zlib" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_ARM="edsp v8 vfp vfp-d32 vfpv3 vfpv4" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SHELL, SIZE, STRINGS, STRIP, YACC, YFLAGS
I can provide a copy of the virtual machine's disk image on request, it's built with a script so it has no personal configuration or data.
Is the UKI being generated with dracut or with ukify? I suspect the issue is that the krnel version you are using does not have CONFIG_EFI_ZBOOT. If this option is set the built kernel image will be vmlinuz.efi instead of Image.gz. Could you retry with the 6.6 series? These version have this config option enabled by default.
(In reply to Andrew Ammerlaan from comment #2) > Is the UKI being generated with dracut or with ukify? dracut. > I suspect the issue is that the krnel version you are using does not have > CONFIG_EFI_ZBOOT. If this option is set the built kernel image will be > vmlinuz.efi instead of Image.gz. Could you retry with the 6.6 series? These > version have this config option enabled by default. Ok, i will try that, thank you.
Sadly that didn't seem to be the trick to it. Here's emerge --config gentoo-kernel with a 6.6 kernel. emerge --config gentoo-kernel Configuring pkg... Warning: ccache requested but no masquerade dir can be found in /usr/lib*/ccache/bin * Your boot partition was detected as being mounted at /boot. * Files will be installed there for gentoo-kernel to function correctly. * Installing the kernel via installkernel ... Loading /etc/kernel/install.conf… layout=uki set via /etc/kernel/install.conf INITRD_GENERATOR (dracut) set via /etc/kernel/install.conf. UKI_GENERATOR (dracut) set via /etc/kernel/install.conf. Loaded /etc/kernel/install.conf. MACHINE_ID=b45911259b79b01e08fe894a65a15cfa set via /etc/machine-id. Found container virtualization systemd-nspawn. Using XBOOTLDR partition at /boot as $BOOT_ROOT. Using entry token: b45911259b79b01e08fe894a65a15cfa kernel version (6.6.12-gentoo-dist) set via command line. kernel image file (/usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz) set via command line. File lacks MZ executable header. Using ENTRY_DIR=/boot/b45911259b79b01e08fe894a65a15cfa/6.6.12-gentoo-dist Using plugins: /usr/lib/kernel/install.d/00-00machineid-directory.install /usr/lib/kernel/install.d/10-copy-prebuilt.install /usr/lib/kernel/install.d/50-depmod.install /usr/lib/kernel/install.d/50-dracut.install /usr/lib/kernel/install.d/51-dracut-rescue.install /usr/lib/kernel/install.d/90-loaderentry.install /usr/lib/kernel/install.d/90-uki-copy.install Plugin environment: LC_COLLATE=C.UTF-8 KERNEL_INSTALL_VERBOSE=1 KERNEL_INSTALL_IMAGE_TYPE=unknown KERNEL_INSTALL_MACHINE_ID=b45911259b79b01e08fe894a65a15cfa KERNEL_INSTALL_ENTRY_TOKEN=b45911259b79b01e08fe894a65a15cfa KERNEL_INSTALL_BOOT_ROOT=/boot KERNEL_INSTALL_LAYOUT=uki KERNEL_INSTALL_INITRD_GENERATOR=dracut KERNEL_INSTALL_UKI_GENERATOR=dracut KERNEL_INSTALL_STAGING_AREA=/tmp/kernel-install.staging.AAr5Ic Plugin arguments: add 6.6.12-gentoo-dist /boot/b45911259b79b01e08fe894a65a15cfa/6.6.12-gentoo-dist /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz Successfully forked off '(sd-exec-strv)' as PID 125. PR_SET_MM_ARG_START failed, attempting PR_SET_MM_ARG_END hack: Invalid argument PR_SET_MM_ARG_END hack failed, proceeding without: Invalid argument About to execute /usr/lib/kernel/install.d/00-00machineid-directory.install add 6.6.12-gentoo-dist /boot/b45911259b79b01e08fe894a65a15cfa/6.6.12-gentoo-dist /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz Successfully forked off '(direxec)' as PID 127. /usr/lib/kernel/install.d/00-00machineid-directory.install succeeded. About to execute /usr/lib/kernel/install.d/10-copy-prebuilt.install add 6.6.12-gentoo-dist /boot/b45911259b79b01e08fe894a65a15cfa/6.6.12-gentoo-dist /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz Successfully forked off '(direxec)' as PID 131. /usr/lib/kernel/install.d/10-copy-prebuilt.install succeeded. About to execute /usr/lib/kernel/install.d/50-depmod.install add 6.6.12-gentoo-dist /boot/b45911259b79b01e08fe894a65a15cfa/6.6.12-gentoo-dist /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz Successfully forked off '(direxec)' as PID 138. +depmod -a 6.6.12-gentoo-dist /usr/lib/kernel/install.d/50-depmod.install succeeded. About to execute /usr/lib/kernel/install.d/50-dracut.install add 6.6.12-gentoo-dist /boot/b45911259b79b01e08fe894a65a15cfa/6.6.12-gentoo-dist /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz Successfully forked off '(direxec)' as PID 142. dracut[I]: Executing: /usr/bin/dracut -f --noimageifnotneeded --verbose --kernel-image /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz --uefi --kver 6.6.12-gentoo-dist /tmp/kernel-install.staging.AAr5Ic/uki.efi dracut[I]: Module 'dash' will not be installed, because command 'dash' could not be found! dracut[I]: Module 'mksh' will not be installed, because command 'mksh' could not be found! dracut[I]: Module 'systemd-integritysetup' will not be installed, because command '/usr/lib/systemd/systemd-integritysetup' could not be found! dracut[I]: Module 'systemd-integritysetup' will not be installed, because command '/usr/lib/systemd/system-generators/systemd-integritysetup-generator' could not be found! dracut[I]: Module 'systemd-pcrphase' will not be installed, because command '/usr/lib/systemd/systemd-pcrphase' could not be found! dracut[I]: Module 'systemd-pcrphase' will not be installed, because command '/usr/lib/systemd/systemd-pcrextend' could not be found! dracut[I]: Module 'systemd-veritysetup' will not be installed, because command '/usr/lib/systemd/systemd-veritysetup' could not be found! dracut[I]: Module 'systemd-veritysetup' will not be installed, because command '/usr/lib/systemd/system-generators/systemd-veritysetup-generator' could not be found! dracut[I]: Module 'modsign' will not be installed, because command 'keyctl' could not be found! dracut[I]: Module 'busybox' will not be installed, because command 'busybox' could not be found! dracut[I]: Module 'dbus-broker' will not be installed, because command 'dbus-broker' could not be found! dracut[I]: Module 'rngd' will not be installed, because command 'rngd' could not be found! dracut[I]: Module 'connman' will not be installed, because command 'connmand' could not be found! dracut[I]: Module 'connman' will not be installed, because command 'connmanctl' could not be found! dracut[I]: Module 'connman' will not be installed, because command 'connmand-wait-online' could not be found! dracut[I]: Module 'network-legacy' will not be installed, because command 'dhclient' could not be found! dracut[I]: Module 'network-manager' will not be installed, because command 'NetworkManager' could not be found! dracut[I]: 62bluetooth: Could not find any command of '/usr/lib/bluetooth/bluetoothd /usr/libexec/bluetooth/bluetoothd'! dracut[I]: Module 'lvmmerge' will not be installed, because command 'lvm' could not be found! dracut[I]: Module 'lvmthinpool-monitor' will not be installed, because command 'lvm' could not be found! dracut[I]: Module 'btrfs' will not be installed, because command 'btrfs' could not be found! dracut[I]: 90crypt: Could not find any command of '/usr/lib/systemd/systemd-cryptsetup cryptsetup'! dracut[I]: Module 'dm' will not be installed, because command 'dmsetup' could not be found! dracut[I]: Module 'dmraid' will not be installed, because command 'dmraid' could not be found! dracut[I]: Module 'dmsquash-live-ntfs' will not be installed, because command 'ntfs-3g' could not be found! dracut[I]: Module 'lvm' will not be installed, because command 'lvm' could not be found! dracut[I]: Module 'mdraid' will not be installed, because command 'mdadm' could not be found! dracut[I]: Module 'multipath' will not be installed, because command 'multipath' could not be found! dracut[I]: Module 'pcsc' will not be installed, because command 'pcscd' could not be found! dracut[I]: Module 'tpm2-tss' will not be installed, because command 'tpm2' could not be found! dracut[I]: Module 'cifs' will not be installed, because command 'mount.cifs' could not be found! dracut[I]: Module 'fcoe' will not be installed, because command 'dcbtool' could not be found! dracut[I]: Module 'fcoe' will not be installed, because command 'fipvlan' could not be found! dracut[I]: Module 'fcoe' will not be installed, because command 'lldpad' could not be found! dracut[I]: Module 'fcoe' will not be installed, because command 'fcoemon' could not be found! dracut[I]: Module 'fcoe' will not be installed, because command 'fcoeadm' could not be found! dracut[I]: Module 'fcoe-uefi' will not be installed, because command 'dcbtool' could not be found! dracut[I]: Module 'fcoe-uefi' will not be installed, because command 'fipvlan' could not be found! dracut[I]: Module 'fcoe-uefi' will not be installed, because command 'lldpad' could not be found! dracut[I]: Module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found! dracut[I]: Module 'iscsi' will not be installed, because command 'iscsiadm' could not be found! dracut[I]: Module 'iscsi' will not be installed, because command 'iscsid' could not be found! dracut[I]: Module 'nbd' will not be installed, because command 'nbd-client' could not be found! dracut[I]: 95nfs: Could not find any command of 'rpcbind portmap'! dracut[I]: Module 'nvmf' will not be installed, because command 'nvme' could not be found! dracut[I]: Module 'nvmf' will not be installed, because command 'jq' could not be found! dracut[I]: Module 'biosdevname' will not be installed, because command 'biosdevname' could not be found! dracut[I]: Module 'memstrack' will not be installed, because command 'memstrack' could not be found! dracut[I]: memstrack is not available dracut[I]: If you need to use rd.memdebug>=4, please install memstrack and procps-ng dracut[I]: Module 'squash' will not be installed, because command 'mksquashfs' could not be found! dracut[I]: Module 'squash' will not be installed, because command 'unsquashfs' could not be found! dracut[I]: *** Including module: systemd *** dracut[I]: *** Including module: systemd-initrd *** dracut[I]: *** Including module: systemd-journald *** dracut[I]: *** Including module: systemd-pstore *** dracut[I]: *** Including module: systemd-repart *** dracut[I]: *** Including module: systemd-sysusers *** dracut[I]: *** Including module: systemd-tmpfiles *** dracut[I]: *** Including module: systemd-udevd *** dracut[I]: *** Including module: i18n *** dracut[I]: *** Including module: kernel-modules *** dracut[I]: *** Including module: kernel-modules-extra *** dracut[D]: kernel-modules-extra: configuration source "/run/depmod.d" does not exist dracut[D]: kernel-modules-extra: configuration source "/etc/depmod.d" does not exist dracut[D]: kernel-modules-extra: configuration source "/lib/depmod.d" does not exist dracut[I]: *** Including module: nvdimm *** dracut[I]: *** Including module: qemu *** dracut[I]: *** Including module: qemu-net *** dracut[I]: *** Including module: lunmask *** dracut[I]: *** Including module: resume *** dracut[I]: *** Including module: rootfs-block *** dracut[I]: *** Including module: terminfo *** dracut[I]: *** Including module: udev-rules *** dracut[I]: *** Including module: virtiofs *** dracut[I]: *** Including module: dracut-systemd *** dracut[I]: *** Including module: usrmount *** dracut[I]: *** Including module: base *** dracut[I]: *** Including module: fs-lib *** dracut[I]: *** Including module: shutdown *** dracut[I]: *** Including modules done *** dracut[I]: *** Installing kernel module dependencies *** dracut[I]: *** Installing kernel module dependencies done *** dracut[I]: *** Resolving executable dependencies *** dracut[I]: *** Resolving executable dependencies done *** dracut[I]: *** Hardlinking files *** dracut[D]: Mode: real dracut[D]: Method: sha256 dracut[D]: Files: 2493 dracut[D]: Linked: 4 files dracut[D]: Compared: 0 xattrs dracut[D]: Compared: 404 files dracut[D]: Saved: 6.9 KiB dracut[D]: Duration: 0.021532 seconds dracut[I]: *** Hardlinking files done *** dracut[I]: *** Generating early-microcode cpio image *** dracut[I]: *** Store current command line parameters *** dracut[I]: *** Stripping files *** dracut[I]: *** Stripping files done *** dracut[I]: *** Creating image file '/tmp/kernel-install.staging.AAr5Ic/uki.efi' *** dracut[I]: Using auto-determined compression method 'gzip'
The error message in the uefi bootloader looks to be roughly the same.
Right, that is my mistake, I forgot we only enable CONFIG_EFI_ZBOOT if USE=secureboot is enabled. The kernel image file is still in the Image.gz format: > kernel image file (/usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz) Could you try enabling USE+secureboot or overriding CONFIG_EFI_ZBOOT=y via /etc/kernel/config,d? You should see the name of the kernel image change to vmlinuz.efi. Alternatively, for a quick test you can try gentoo-kernel-bin, those images are built with USE=secureboot enabled. If it still does not work you could try generating the UKI with ukify instead of dracut, I haven't looked into the details but as I understand it ukify generates a slightly different UKI.
(In reply to Andrew Ammerlaan from comment #6) > Right, that is my mistake, I forgot we only enable CONFIG_EFI_ZBOOT if > USE=secureboot is enabled. The kernel image file is still in the Image.gz > format: > > > kernel image file (/usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot/Image.gz) > > Could you try enabling USE+secureboot or overriding CONFIG_EFI_ZBOOT=y via > /etc/kernel/config,d? You should see the name of the kernel image change to > vmlinuz.efi. > > Alternatively, for a quick test you can try gentoo-kernel-bin, those images > are built with USE=secureboot enabled. > > If it still does not work you could try generating the UKI with ukify > instead of dracut, I haven't looked into the details but as I understand it > ukify generates a slightly different UKI. I dropped a new config file /etc/kernel/config.d/EFI_ZBOOT.config with contents ``` CONFIG_EFI_ZBOOT=n ``` e.g. drive /usr/src/linux-6.6.12-gentoo-dist # cat /etc/kernel/config.d/EFI_ZBOOT.config CONFIG_EFI_ZBOOT=n and then emerge -C gentoo-kernel emerge gentoo-kernel I checked the resulting .config file drive /usr/src/linux-6.6.12-gentoo-dist # grep EFI_ZBOOT -r .config # CONFIG_EFI_ZBOOT is not set but it looks like it still is producing the Image.gz drive /usr/src/linux-6.6.12-gentoo-dist/arch/arm64/boot # ls Image.gz Makefile dts Did I perhaps have something wrong with my EFI_ZBOOT.config file?
Ah i tried with secureboot and signed-modules, but don't have a signing key, so it failed out.
It should be =y instead of =n. We need to *enable* this option so the kernel builds its own decompressor (zboot) and the (stub) bootloader is no longer responsible for decompressing the kernel image.
Ah, ok, thanks for the correction. Changing to =y allowed me to boot with the resulting UKI. Will this only work on 6.6? or will the stable 6.1 work with this config option?
(In reply to Michael Jones from comment #10) > Ah, ok, thanks for the correction. > > Changing to =y allowed me to boot with the resulting UKI. Great! > Will this only work on 6.6? or will the stable 6.1 work with this config > option? This config option was added in 6.1 so it should work, though we have only tried this in I think 6.3 and up. That being said, 6.6 is stable now. Closing this, I think there's nothing we can do here other then document this requirement on the wiki (which I will do now).
