This is an updated and simplified version of my project klude[1]
This repo supports / tested on the following distros for the loader:
- Ubuntu 22.04
- Ubuntu 24.04
- Fedora 40
- Upstream Custom Built kernels
I have tested the resulting kSHELFs on various kernel versions built with easylkb[2]. Only thing to note in that case is be aware of kernel changes, i.e vmalloc becoming a macro in 6.10, etc.
This is used in my project skp and as the payload for my UEFI bootkit.
Check out my article in tmp.0ut #4 for an explainer on how this works.
First, we need to get a copy of the kallsyms from the target kernel:
mkdir ./artifacts/
cp /proc/kallsyms ./artifacts/
It doesn't need to be up to date, just needs to have the symbols you want to
link against in it.
You can use a tool like vmlinux-to-elf[3] to extract kallsyms from the kernel
bzImage you are targeting.
Then just do the following to copy it to /tmp on a target host:
just all-distro ubuntu-2404 6.8.0-106-generic
just copy ubuntu-24.04-testing.vm # your host
If you are doing development work, run just setup DISTRO_CONTAINER KVERSION
instead, then build each time with just build-distro DISTRO_CONTAINER KVERSION
to save recreating the container.
The ubuntu-2404 argument is the container to use in /build-system, and there
is also:
- ubuntu-2204
- fedora-40
- and a custom one which requires the
all-pathandbuild-pathjust commands instead to use. Please pass the full path, not relative to these commands, and have a System.map in the directory of the kernel.
The default payload is in /samples/ftrace-basic, but you can swap that out by passing a
directory to a custom one by just appending the directory of your payload to the
just build commands.
GPL2.
Some code in /samples/ftrace-basic is derived from xcellerator's tutorial series [4],
which the code is also under GPL2.