Code: Select all
# This is a journal/guide for building a base system for High Performance Competitive
# Online Gaming With Gnu-Linux
Updated 4/21/24
# The Live CD(xfce) I used for the base install is from here.
#https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/
Code: Select all
# based on #https://itsfoss.com/compile-linux-kernel/
- [b]Dependencies for building the kernel[/b] -
sudo apt install bc binutils bison dwarves flex gcc git gnupg2 gzip libelf-dev libncurses5-dev libssl-dev make openssl perl-base rsync tar xz-utils pahole
# Grabbed the 6.1 lts kernel here. (which is similar to what bookworm uses: makes things easier, and more compatible)
#www.kernel.org
#https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.87.tar.xz
# Extracted it into my home directory
can do it with tar -xf linux-linux-6.1.87.tar.xz
or right click -> extract
#And moved into the directory
cd ~/linux-linux-6.1.87
# And copied the 6.1 default bullseye kernel .config from /boot
# into the now extracted source directory.
cp -v /boot/config-$(uname -r) .config
Code: Select all
su
make olddefconfig
make menuconfig
./scripts/config --file .config --disable MODULE_SIG
make -j$(nproc)
make modules -j$(nproc)
make modules_install -j$(nproc)
make headers_install
make install
sync
Code: Select all
# General Setup
Local Version -> Hyper^Linux
Auditing support -> disabled(have to come back around and set this after all)
## Timers subsystem
Timer tick handling -> Periodic timer ticks (constant rate)
High Resolution Timer Support -> disabled
Preemption Model -> Preemptible Kernel (Low Latency Desktop)
Preemption behavior defined on boot -> disabled
(core scheduling for SMT(amd cpu's) disabled for me(intel))
CPU/Task time and stats accounting -> all disabled
Numa Scheduler -> disabled
Profiling support -> disabled
# Processor Type and Features
(disabled options for amd, because I have intel cpu)
(also disabled NUMA options)
Linux guest support -> disabled
Cluster scheduler support -> disabled
Performance monitoring -> disabled
Software Guard eXtensions (SGX) -> disabled
Timer frequency -> 1000 HZ
Randomize The Address Of The Kernel Image (KASLR) -> disabled
Kernel Live Patching -> disabled
# Mitagations For Speculative Execution Vulnerabilities -> disabled
# Power Management and ACPI Options
Suspend to RAM and suspend -> disabled
Hibernate -> disabled
Energy Model for devices with DVFS -> disabled
## CPU Frequency Scaling
(disabled options for AMD)
Default CPUFreq Governor -> performance
## CPU Idle
Menu Governor -> disabled
# Virtualization -> disabled
# General Architecture Dependent Options
Stack Protector buffer overflow detector -> disabled
Use a virtually-mapped stack -> disabled
Support for randomizing kernel stack offset on syscall entry -> disabled
# Memory Management Options
## SLAB allocator options
Choose SLAB allocator -> SLAB
Randomize slab freelist -> disabled
harden slab freelist metadata -> disabled
Page allocator randomization -> disabled
Disable heap randomizationn -> enabled
Memory hotplug -> disabled
Enable KSM for page merging -> disabled
Transparent Hugepage Support -> disabled
# Networking support
Amateur Radio support -> disabled
# Device drivers
PCCard support -> disabled
Macintosh device drivers -> disabled
Virtualization drivers -> disabled
Virtio drivers -> disabled
VHOST drivers -> disabled
Microsoft Surface Drivers -> disabled
IOMMU Hardware Support -> disabled
# File Systems
( I chose to enable file systems I use, and disable ones I don't)
ext4 -> built in(*)
F2FS -> built in (*)
Network File Systems -> disabled
# Security Options
Harden memory copies between kernel and userspace -> disabled
Harden common str/mem functions against buffer overflows -> disabled
NSA SELinux Suport -> disabled
TOMOYO Linux Support -> disabled
AppArmor support -> disabled
Yama support -> disabled
Landlock support -> disabled
## Kernel hardening options
Initialize kernel stack variables at function entry -> no automatic stack variable initialization
memory initialization -> enable heap memory zeroing -> disabled
# Kernel Hacking
Tracers -> disabled
save -> .config -> enter -> exit
Code: Select all
# Before using Hyper^Linux we have to prepare the graphics driver for it,
# so before rebooting follow the instructions for installing nvidia,
# after installing nvidia Hyper^Linux is ready to be booted normally : D
#
# Also a final note, I tried to keep this journal/guide simple for others to easily
# follow along, the purpose of this build is to improve upon it in the future!
# I got the 550 driver from here(I leave this in my home folder and keep it there)
https://www.nvidia.com/Download/driverR ... 426/en-us/
# It has a readme here
http://us.download.nvidia.com/XFree86/L ... index.html
# Adding 32bit library support
sudo dpkg --add-architecture i386 && sudo apt update
# Have to install something with 32bit libraries so the nvidia installer
# can figure out where to install it's own 32bit stuff
sudo apt install steam
# Rebooted into run level 3 to install the driver (a terminal)
# from the grub menu at startup pressed e after selecting the Hyper^linux kernel
# then after the line where it says vmlinuz....root=....ro...
# added the number 3
# and pressed f10 to boot it
# (this is how you edit the kernel command line temporarily)
# installed it's dependencies like this
sudo apt install pkg-config libglvnd-dev -y
# and ran the installer paying attention to it's prompts
sudo sh ./NVIDIA-Linux-x86_64-550.67.run
# (yes install 32bit library support, yes rebuild initramfs, yes update x-config, reboot)
Code: Select all
# Linux gaming essentially revolves around the three pillars of the linux kernel,
# graphics drivers, and wine. Make sure to use the wine repositories they actually make available
# for debian based distributions, as well as others, to get their upstream packages,
# for the best gaming support, similarly to getting newer graphics drivers.
# Install instructions, for it's apt repository are here...use the stable branch
#https://wiki.winehq.org/Debian
Code: Select all
# Follow the instructions here to add the Firefox apt repository,
# update apt, install the real Firefox, and remove Debian's "FirefoxESR"
#https://mozilla.org
#https://support.mozilla.org/en-US/kb/install-firefox-linux?utm_source=www.mozilla.org&utm_medium=referral&utm_campaign=firefox-download-thanks#w_install-firefox-deb-package-for-debian-based-distributions
sudo apt remove firefox-esr
# at the very least use the no-script extension for firefox and get a good ad-blocker
# which defend against typical medium's for malware, but this is not good enough either
#
# Online exploitation is highly sophisticated in 2024 and conventional methods do not work.
# Just the simple act of browsing and downloading, whatsoever, is extremely dangerous.
#
# Not only are there highly advanced criminal organizations seeking to exploit
# us via the internet, and our web browsers, but major technological organizations
# are similarly dangerous.
Code: Select all
#https://www.kernel.org/doc/html/v6.1/
#https://www.kernel.org/doc/html/v6.1/admin-guide/kernel-parameters.html
Code: Select all
# This build is specifically meant for improving performance for online competitive gaming,
# and that requires a system with standard security mitigations disabled in order to
# achieve greater overall performance. I recommend using a different system, such as with
# a dual boot, or a different computer, for tasks that require security such as even browsing
# the internet, which is dangerous in itself. I am in the process of developing unique
# security mitigations to be used with this build, but since we are stuck with programs
# like firefox which are extremely dangerous, and don't have the benefit of virtualization
# with a build like this, it will never be a secure system ultimately, and should be reserved
# for it's intended purpose: High Performance Competitive Online Gaming(with Linux^tm).
# Use a firewall (not good enough by itself)
sudo apt install gufw
sudo systemctl enable --now ufw
sudo ufw enable
# Mask ssh
sudo systemctl mask sshd.service
sudo systemctl mask sshd.socket
# Deny hosts
sudo mousepad /etc/hosts.deny
ALL: ALL
# Consider disabling Ipv6
# can do it within networkmanager settings
# Disable Debian's sources when not in use (comment out Debian's sources)
#deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
#deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
#deb http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
#deb-src http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
#deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
# The major security risks stem from advanced-exploitation
# that we are exposed to naturally when using a web browser
# primarily, and that includes all browsing and downloading.
Code: Select all
su
cd /boot
rm *Hyper*
exit
sudo update-grub
Code: Select all
# Can use "Help" from make menuconfig to learn about every option
#
# The source file where the kernel build takes place is necessary
# to keep for when the nvidia driver is built(it needs the headers there)
#
# So I leave the source folder in place in my home directory, and it makes
# doing rebuilds easier too for reoptimizing it, or adding patches
#
# I also leave the nvidia installer, the nvidia.run file, in my home directoy
# which is necessary when using different kernels or installing new kernels,
# to run again.
#
# Always keep a live iso, installed properly on a usb with the dd command
# and using sudo sync command afterwards, incase things are broken, and
# you just need a basic system to access the internet or fix things
#
# These instructions will also work with not only Bookworm Debian,
# but Bullseye and Trixie too with slight modification
#
# If you have nvidia problems, the nvidia installer from nvidia's website is actually
# super useful, and will do everything for you automatically if you just keep booting
# into runlevel 3 and running the installer repeatedly: such as blacklisting the nouveau
# module for you, uninstalling nvidia for you, reinstalling nvidia for you, and resolving
# your missing 32 bit libraries if needed by reinstalling itself
#
# sudo sh ./NVIDIA-Linux-x86_64-550.67.run
#
# If you want to revert back to the default kernel you will have to deal with
# the configuration files that break your nouveau driver from working with it.*
#
# sudo mv /etc/modprobe.d/nvidia-installer-disable-nouveau.conf ~/nvidia-installer-disable-nouveau.conf.old
# sudo mv /usr/lib/modprobe.d/nvidia-installer-disable-nouveau.conf ~/usrlibnvidia-installer-disable-nouveau.conf.old
# sudo mv /etc/X11/xorg.conf ~/xorg.conf.old
#
# (this way to revert back you can replace these files to their original positions)
#
# The last guide I made for bullseye debian is here https://forums.debian.net/viewtopic.php?t=158899
# and has more useful information about my overall build. Just try to ignore the harassers...
#
Code: Select all
# Continue to develop unique security mitigations that even benefit performance!
# Continue to destroy all automation that taxes our processing time! (cpu time)
# Recompile the Wine Kernel for Hyper Speed! (Hyper^Wine)
# Replace the now super vulnerable Firefox(FireD0x) with a secure webbrowser...
# Asterisks* are a personal note for myself to fix things later
# zero dead one sources two new
# [spoiler="{SIMPLETEXT}"]{TEXT}[/spoiler]
# [hide] [/hide]
# I think debian forums doesn't have support for spoiler tags so it's going to look ugly
# no matter what I do because we have limited options for formatting...
# and continue to work against the social harassment that is endemic in *Linux Communities* everywhere!