Compiling the kernel 5.11.11

In ubuntu 20.04 LTS; I was compiling the latest kernel 5.11.11 after adding a new system call, during the execution of make command I got this error:

make[1]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'.  Stop.
make: *** [Makefile:1809: certs] Error 2

If someone can help I would really appreciate it, Thank you.

In your kernel configuration file you will find this line:

CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"

Change it to this:

CONFIG_SYSTEM_TRUSTED_KEYS=""

Depending on your source structure you might be able to do it via command line. Examples:

scripts/config --disable SYSTEM_TRUSTED_KEYS

or

scripts/config --set-str SYSTEM_TRUSTED_KEYS ""

EDIT: Another key has been added to the default Canonical kernel configuration since this answer was posted:

CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"

So, it also needs to be dealt with for user kernel compiles to complete:

scripts/config --disable SYSTEM_REVOCATION_KEYS

See also git based mainline kernel compile notes.

Well, I just generated a self-signed x509 certificate with a common name as my name, put the key and certificate in the same file and pointed both lines to the file. Compiles perfectly and security should be intact. I assume it's used to sign kernel binary and you can whitelist your certificate in a secure boot to allow your kernel to boot.

openssl req -x509 -newkey rsa:4096 -keyout certs/mycert.pem -out certs/mycert.pem -nodes -days 3650

CONFIG_MODULE_SIG_KEY="certs/mycert.pem"
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="certs/mycert.pem"
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""