Building your own Edera zone kernel

⚠️

Advanced guide only
Most Edera users do not need to build their own kernel images. By default, Edera provides and maintains hardened kernel images that cover nearly all workloads.

Note that while you are welcome to use our public configs and CI templates to build our own kernel images, Edera only supports images built by Edera and signed by Edera’s production signing key. You are on your own with DIY builds.

This guide is for specialized cases such as:

  • Supply chain verification (reproducing our kernel builds yourself using our open-source repo and Github CI actions)

  • Custom hardware/silicon (adding out-of-tree Linux drivers you cannot share with us)

If you just need help or need support for official images, open a support ticket.

If you’re not already comfortable building and maintaining Linux kernels, stop here.

Minimum requirements

If you already know how to build a Linux kernel, these are the essentials your kernel must have to boot inside an Edera zone.

Guest/virt stack (required)

Edera maintains base config snippets you can use as references:

Artifacts (required in the OCI image)

Your kernel OCI image must include:

/kernel/vmlinuz
/kernel/config.gz
/kernel/addons.squashfs

System.map is optional but useful for debugging.

Container image

Use a scratch base and copy artifacts into /kernel/:

FROM scratch
COPY kernel/ /kernel/

Full build guide (using Edera’s tooling)

If you want to use our open-source build system (CI or local), follow the steps below.

Approach 1: Build locally (for debugging/iteration)

Step 1. Clone:

git clone https://github.com/edera-dev/linux-kernel-oci.git
cd linux-kernel-oci

Step 2. Edit config.yaml

Narrow architectures, flavors, and versions to reduce build time. Examples can be found in the linux-kernel-oci README.

Step 3. Customize configs in configs/. Step 4. Build:

./hack/build/docker-build.sh

Step 5. Use or push the image:

docker push ttl.sh/<user>/zone-kernel:6.6.15

Inspect it:

crane export ttl.sh/<user>/zone-kernel:6.6.15 - --platform=linux/amd64 | tar xf - -C ./output

Approach 2: Build with GitHub Actions

Step 1. Fork edera-dev/linux-kernel-oci
Step 2. Review .github/workflows/build.yaml
Step 3. Edit config.yaml to set your registry and configs
Step 4. Trigger the Build Kernels job in GitHub Actions

For the full instructions, see Building your own kernels with custom KConfig.

Example workflow input (for the Build Kernels job):

stable:flavor=zone,host

Build Kernels Example

Using your custom kernel

Launch a zone:

protect zone launch   --kernel ttl.sh/<user>/zone-kernel:6.6.15 ...

Or annotate in Kubernetes:

annotations:
  dev.edera/kernel: ttl.sh/<user>/zone-kernel:6.6.15

Summary

  • Most users: use Edera’s provided and supported kernel images.
  • Advanced users: either (1) meet the bare minimum requirements with your own build, or (2) use our tooling to reproduce/extend our builds.
  • Either way, kernels must be packaged as an OCI image with /kernel/vmlinuz, /kernel/config.gz, and /kernel/addons.squashfs.
Last updated on
Running Edera (no Kubernetes required)Building your own Edera host kernel