Linux FreeMGP-RT 内核下载与安装
https://mirrors.edge.kernel.org/pub/linux/kernel
https://www.kernel.org/pub/linux/kernel/projects/rt/
Fro Ubuntu 22.04 Tested with the kernel version 6.5.0
Verifying file integrity
Note
This step is optional but recommended!
The .sign files can be used to verify that the downloaded files were not corrupted or tampered with. The steps shown here are adapted from the Linux Kernel Archive , see the linked page for more details about the process.
You can use gpg2 to verify the .tar archives:
gpg2 --verify linux-*.tar.sign
gpg2 --verify patch-*.patch.sign
If your output is similar to the following:
$ gpg2 --verify linux-*.tar.sign gpg: assuming signed data in 'linux-4.14.12.tar' gpg: Signature made Fr 05 Jan 2018 06:49:11 PST using RSA key ID 6092693E gpg: Can't check signature: No public key
You have to first download the public key of the person who signed the above file. As you can see from the above output, it has the ID 6092693E. You can obtain it from the key server:
gpg2 --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 6092693E
Similarly for the patch:
gpg2 --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 2872E4CC
Note that keys for other kernel version might have different IDs, you will have to adapt accordingly.
Having downloaded the keys, you can now verify the sources. Here is an example of a correct output:
$ gpg2 --verify linux-*.tar.sign gpg: assuming signed data in 'linux-4.14.12.tar' gpg: Signature made Fr 05 Jan 2018 06:49:11 PST using RSA key ID 6092693E gpg: Good signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown] gpg: aka "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown] gpg: aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
See Linux Kernel Archive for more information about the warning.
Compiling the kernel
Once you are sure the files were downloaded properly, you can extract the source code and apply the patch:
tar xf linux-*.tar cd linux-*/ patch -p1 < ../patch-*.patch
Next copy your currently booted kernel configuration as the default config for the new real time kernel:
cp -v /boot/config-$(uname -r) .config
Now you can use this config as the default to configure the build:
make olddefconfig
make menuconfig
The second command brings up a terminal interface in which you can configure the preemption model. Navigate with the arrow keys to General Setup > Preemption Model and select Fully Preemptible Kernel (Real-Time).
After that navigate to Cryptographic API > Certificates for signature checking (at the very bottom of the list) > Provide system-wide ring of trusted keys > Additional X.509 keys for default system keyring
Remove the “debian/canonical-certs.pem” from the prompt and press Ok. Save this configuration to .config and exit the TUI.
Note
If you prefer GUIs over TUIs use make xconfig instead of make menuconfig
Afterwards, you are ready to compile the kernel. As this is a lengthy process, set the multithreading option -j to the number of your CPU cores:
make -j$(nproc) deb-pkg
Finally, you are ready to install the newly created package. The exact names depend on your environment, but you are looking for headers and images packages without the dbg suffix. To install:
sudo dpkg -i ../linux-headers-*.deb ../linux-image-*.deb
Verifying the new kernel
Restart your system. The Grub boot menu should now allow you to choose your newly installed kernel. To see which one is currently being used, see the output of the uname -a command. It should contain the string PREEMPT RT and the version number you chose. Additionally, /sys/kernel/realtime should exist and contain the the number 1.
Note
If you encounter errors that you fail to boot the new kernel see Cannot boot realtime kernel because of “Invalid Signature”
Allow a user to set real-time permissions for its processes
After the PREEMPT_RT kernel is installed and running, add a group named realtime and add the user controlling your robot to this group:
sudo addgroup realtime
sudo usermod -a -G realtime $(whoami)
Afterwards, add the following limits to the realtime group in /etc/security/limits.conf:
@realtime soft rtprio 99 @realtime soft priority 99 @realtime soft memlock 102400 @realtime hard rtprio 99 @realtime hard priority 99 @realtime hard memlock 102400
The limits will be applied after you log out and in again.
