Unable to qubes-prepare-vm-kernel - Help Required

User Support
#1

Trying again to get a custom kernel working, without any luck still.

I did the following:

  1. Grab the config from sys-net
  2. Modify the config in my dev vm
  3. Make a kernel from this modified config & 5.10.111 linux kernel
  4. Copy the vmlinuz file to dom0
  5. Attempt to qubes-prepare-vm-kernel
    Result:
    ERROR kernel version [] not installed

Where am I going wrong here? (I also tried qubes-prepare-vm-kernel with the initrd.img file).
Tried setting sys-net kernel to the 5.10.111 but it says initramfs not found…

I see that

if [ ! -r /boot/vmlinuz-$1 -o ! -d /lib/modules/$1 ]; then
    echo "ERROR: Kernel version $1 not installed" >&2
    exit 1
fi

Is the logic. Do we have to manually copy file by file the modules files created in dev qube to dom0??? And what about initramfs, systemmap and config files in /boot in dom0 ???
I don’t know hot to copy multiple files at once into dom0, and this seems wrong. Documentation points that sudo qubes-prepare-kernel should just work…

Help appreciated.

CC @qubes-team

#2

@unman You previously asked:

  1. What modifications do you want to make, and why?
  2. You can always get the config in the qube, and use that as a starting point
    for your changes, but I’m guessing you already know this?

  1. To achieve the following:
    Remove everything unecessary from each respective vm-kernel, with a custom vm-kernel for each vm (e.g. sys-net, sys-usb, etc) - to reduce attack surface.
    Ability to choose my own kernel version, such that I can apply custom security patches etc - again, reducing vulnerabilities.

  2. I have done so, see above. I’m having real headaches getting a custom vm-kernel stored in dom0, and I cannot find any useful documentation. I looked on the mailing lists and the most detail I got was that somebody else had a problem loading custom vm-kernel from dom0, and instead set virt_mode to HVM and loaded a custom kernel from inside the VM.

@Sven @Demi I am tagging you as I believe you may be able to assist also.

If bumping threads in this manner is verboten, please let me know. I am doing so because I cannot find any more detailed documentation and this post is now 5 days old with no replies.

#3

This what I’ve done to make it work (no you don’t need to copy the modules file by file):
qvm-run --pass-io <vm-name> 'cat /boot/<vmlinuz-file>' > <vmlinuz-file>
qvm-run -u root <vm-name> 'tar -czvf /tmp/modules.tar.gz <modules-path>'
qvm-run --pass-io <vm-name> 'cat /tmp/modules.tar.gz' > modules.tar.gz
Then (in dom0) move <vmlinuz-file> to /boot, decompress modules.tar.gz (tar xvf modules.tar.gz) and move the folder to /lib/modules.
Now you should be able to use qubes-prepare-vm-kernel, if you aren’t let me know I’ll try my best to help you out.