By PrimeGoat
Hello,
I’m trying to compile a Linux kernel with a grsecurity patch on Debian 10.3. The compilation works, the package installs, but upon trying to boot to it, it reboots as soon as it says “Booting from Hark Disk”.
I’m using the following kernel, which is a 4.9.74 patched with the last publicly-available grsecurity patch. Note that even though grsecurity went private, this isn’t piracy, as grsecurity is licensed under the GPL (and they violated the license by going private).
The sources for the kernel I’m compiling are here: https://github.com/minipli/linux-unofficial_grsec
Commands run:
$ sudo apt-get install build-essential linux-source bc kmod cpio flex cpio libncurses5-dev libssl-dev git libelf-dev binutils-dev gcc-8-plugin-dev paxtest paxctl
$ git clone --single-branch --branch=linux-4.9.x-unofficial_grsec git://github.com/minipli/linux-unofficial_grsec.git
$ cd linux-unofficial_grsec
$ cp /boot/config-4.19.0-8-cloud-amd64 ./.config
$ make menuconfig
I then configured it as needed. .config file is available here: https://pastebin.com/81GMuR9U
I had to do a few fixes to get it to compile, using the following information: https://github.com/torvalds/linux/commit/ad343a98e74e85aa91d844310e797f96fee6983b https://lore.kernel.org/patchwork/patch/934722/ https://unix.stackexchange.com/questions/293642/attempting-to-compile-kernel-yields-a-certification-error
I then compiled with this command: $ make deb-pkg
After compilation, I then installed the .deb files with dpkg -i.
I then attached a kvm console to the droplet and rebooted it. I chose the new kernel in the grub menu and it wouldn’t boot. It tries to load the kernel and sayd “Booting from Hark Disk” and then reboots back to the grub menu without any visible error messages.
Any suggestions? I need grsecurity as part of my server hardening strategy and am really bothered that I’m running without grsecurity. Hope someone can help.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
Just came across this answer and decided to write some general guidelines for anyone who comes across this in the future despite the old question.
Based on the information you’ve shared, it indeed seems like a challenging situation. One possibility might be an issue with the kernel configuration or the patch itself. Applying patches and customizing the kernel can sometimes result in unexpected behaviors and can be quite complex.
You can also try debugging the boot process to gain more information about what’s causing the reboot.
For future reference, we do have general guidelines to compile a Linux kernel on Ubuntu 18.04. Given the similarities, these might be useful to you.
Sorry I couldn’t provide a direct solution in this case, your issue seems to be highly specific and beyond DigitalOcean’s direct support scope. Kernel parameters are very system-specific and need to be debugged on a case-by-case basis.
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.