overspend1/garnet-kernel-builder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Garnet kernel builder with Sukisu Ultra and SUSFS integration

Browse Source 
- Complete automated build script for Redmi Note 13 Pro 5G (garnet)
- Sukisu Ultra (KernelSU fork) integration with susfs-main branch
- SUSFS root hiding filesystem support
- AnyKernel3 flashable ZIP creation
- Multi-distro dependency checking (Arch/Debian/Ubuntu)
- Comprehensive error handling and verification
- Advanced kernel configurations for KPM, KALLSYMS, security features
This commit is contained in:
Wiktor
2025-07-01 23:28:15 +02:00
commit e1ef8ef973
5 changed files with 2277 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
.gitignore vendored Normal file
View File

@@ -0,0 +1,53 @@
# Build directories
garnet_kernel_build/
build/
out/
output/
# Build artifacts
*.zip
*.img
*.dtb
*.ko
*.o
*.log
# Kernel build files
.config
.config.old
System.map
vmlinux
*.cmd
.tmp_versions/
modules.builtin
modules.order
# Temporary files
*~
*.tmp
*.swp
*.swo
# IDE files
.vscode/
.idea/
*.sublime-*
# OS files
.DS_Store
Thumbs.db
# Android NDK
android-ndk*/
ndk-*/
# Toolchain
toolchain/
prebuilts/
# Git
.git/
# Backup files
*.bak
*.backup

1250
KERNEL_BUILD_DOCUMENTATION.md Normal file
View File

File diff suppressed because it is too large Load Diff

26
LICENSE Normal file
View File

@@ -0,0 +1,26 @@
MIT License
Copyright (c) 2025 Garnet Kernel Builder
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
SECURITY NOTICE:
This software is intended for educational and defensive security purposes only.
Users are responsible for compliance with local laws and regulations.
Flashing custom kernels may void device warranties and carries inherent risks.

197
README.md Normal file
View File

@@ -0,0 +1,197 @@
# Garnet Kernel Builder
Automated kernel build script for **Redmi Note 13 Pro 5G (garnet)** with integrated **Sukisu Ultra** (KernelSU fork) and **SUSFS** root hiding capabilities.
## Features
- 🔧 **Automated Build Process** - Complete kernel compilation with one command
-**Sukisu Ultra Integration** - Enhanced KernelSU fork with advanced features
- 🛡️ **SUSFS Root Hiding** - Filesystem-level root detection bypass
- 📦 **AnyKernel3 Packaging** - Ready-to-flash ZIP files
- 🎯 **Multiple Build Options** - Stock, KernelSU-only, SUSFS-only configurations
## Device Compatibility
- **Device**: Redmi Note 13 Pro 5G
- **Codename**: garnet
- **SoC**: SM7435 (Snapdragon 7s Gen 2)
- **Android**: 13, 14, 15
- **Architecture**: ARM64
## Quick Start
### Prerequisites
**Arch Linux:**
```bash
sudo pacman -S base-devel git bc bison flex openssl elfutils zip aarch64-linux-gnu-gcc
```
**Ubuntu/Debian:**
```bash
sudo apt install git make bc bison flex libssl-dev libelf-dev zip gcc-aarch64-linux-gnu
```
### Clone and Build
```bash
# Clone the repository
git clone https://github.com/overspend1/garnet-kernel-builder.git
cd garnet-kernel-builder
# Make executable
chmod +x build_garnet_kernel.sh
# Build with all features (recommended)
./build_garnet_kernel.sh
```
## Build Options
```bash
# Full build with Sukisu Ultra + SUSFS (default)
./build_garnet_kernel.sh
# Stock kernel without root features
./build_garnet_kernel.sh --stock
# KernelSU only (no SUSFS)
./build_garnet_kernel.sh --sukisu-only
# SUSFS only (no KernelSU)
./build_garnet_kernel.sh --susfs-only
# Skip AnyKernel3 ZIP creation
./build_garnet_kernel.sh --no-anykernel3
# Show help
./build_garnet_kernel.sh --help
```
## Android NDK Support (Optional)
For optimal Android kernel compilation, use Android NDK:
```bash
# Set NDK path
export ANDROID_NDK_HOME=/path/to/android-ndk
# Build with NDK toolchain
./build_garnet_kernel.sh
```
## Output
Build artifacts are created in `garnet_kernel_build/output/`:
- `Image.gz-dtb` - Kernel with device tree (for fastboot)
- `*.dtb` - Individual device tree files
- `Garnet-Kernel-SukiSU-SUSFS-YYYYMMDD-HHMM.zip` - Flashable ZIP
## Installation
### Method 1: Custom Recovery (Recommended)
1. Boot into TWRP/custom recovery
2. Flash the generated ZIP file
3. Reboot system
### Method 2: Fastboot
```bash
fastboot flash boot Image.gz-dtb
fastboot reboot
```
## Post-Installation
1. **Install Sukisu Ultra Manager** APK
2. **Install SUSFS4KSU Module** for root hiding
3. **Configure root hiding** through the manager app
## Build Process Details
The script automatically:
1. **Dependency Verification** - Checks for required build tools
2. **Toolchain Setup** - Configures ARM64 cross-compilation
3. **Repository Management** - Clones/updates kernel sources
4. **Feature Integration** - Applies Sukisu Ultra and SUSFS patches
5. **Kernel Configuration** - Enables required features
6. **Compilation** - Parallel build using all CPU cores
7. **Package Creation** - Generates flashable ZIP files
## Advanced Configuration
### Kernel Features Enabled
- **KPM Support** - Kernel Patch Module for Sukisu Ultra
- **KALLSYMS** - Symbol resolution for KernelSU
- **Security Framework** - SELinux, LSM, audit support
- **Overlay Filesystem** - Required for SUSFS
- **Namespace Support** - Container isolation
- **Memory Protection** - Hardened security features
### Repositories Used
- **Kernel**: `garnet-random/android_kernel_xiaomi_sm7435`
- **Device Trees**: `garnet-random/android_kernel_xiaomi_sm7435-devicetrees`
- **Modules**: `garnet-random/android_kernel_xiaomi_sm7435-modules`
- **Sukisu Ultra**: `SukiSU-Ultra/SukiSU-Ultra`
- **SUSFS**: `sidex15/susfs4ksu-module`
## Troubleshooting
### Common Issues
**Build Failures:**
- Check `build.log` in kernel directory
- Verify all dependencies are installed
- Ensure sufficient disk space (>10GB)
**Missing Cross-Compiler:**
```bash
# Arch Linux
sudo pacman -S aarch64-linux-gnu-gcc
# Ubuntu/Debian
sudo apt install gcc-aarch64-linux-gnu
```
**Integration Failures:**
- Check `setup_sukisu.log` for Sukisu Ultra errors
- Verify internet connectivity for repository access
- Try manual integration fallback
### Build Time
- **First Build**: 20-40 minutes (downloads repositories)
- **Subsequent Builds**: 10-20 minutes (incremental)
- **Clean Build**: 15-30 minutes
## Security Notice
This script integrates defensive security tools:
- **KernelSU**: Provides root access management
- **SUSFS**: Enables root hiding from detection
- **Hardened Configuration**: Security-focused kernel options
## Contributing
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly
5. Submit a pull request
## License
This project is for educational and defensive security purposes only. Ensure compliance with local laws and device warranties.
## Support
- **Issues**: [GitHub Issues](https://github.com/overspend1/garnet-kernel-builder/issues)
- **Device**: Redmi Note 13 Pro 5G (garnet) only
- **Android**: Versions 13, 14, 15
---
**⚠️ Warning**: Flashing custom kernels can void warranties and potentially brick devices. Proceed at your own risk with proper backups.

751
build_garnet_kernel.sh Executable file
View File

@@ -0,0 +1,751 @@
#!/bin/bash
set -e
# Android Kernel Build Script for Redmi Note 13 Pro 5G (garnet)
# Automatically builds kernel with Sukisu Ultra (KernelSU fork) and SUSFS root hiding
# Includes proper toolchain setup and automatic config prompt handling
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BUILD_DIR="${SCRIPT_DIR}/garnet_kernel_build"
KERNEL_DIR="${BUILD_DIR}/kernel"
DT_DIR="${BUILD_DIR}/devicetrees"
MODULES_DIR="${BUILD_DIR}/modules"
SUKISU_DIR="${BUILD_DIR}/sukisu-ultra"
SUSFS_DIR="${BUILD_DIR}/susfs"
# Feature flags (can be overridden by command line)
ENABLE_SUKISU_ULTRA=true
ENABLE_SUSFS=true
ENABLE_ANYKERNEL3=true
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if required tools are installed
check_dependencies() {
log_info "Checking build dependencies..."
local missing_deps=()
# Check for command-line tools
local tools=("git" "make" "bc" "bison" "flex" "zip")
for tool in "${tools[@]}"; do
if ! command -v "$tool" &> /dev/null; then
missing_deps+=("$tool")
fi
done
# Check for libraries based on distribution
if command -v pacman &> /dev/null; then
# Arch Linux
local arch_libs=("openssl" "elfutils")
for lib in "${arch_libs[@]}"; do
if ! pacman -Q "$lib" &> /dev/null; then
missing_deps+=("$lib")
fi
done
# Check for cross-compiler
if ! command -v aarch64-linux-gnu-gcc &> /dev/null && [ -z "$ANDROID_NDK_HOME" ]; then
log_warning "No ARM64 cross-compiler found"
log_info "Install with: sudo pacman -S aarch64-linux-gnu-gcc"
log_info "Or set ANDROID_NDK_HOME environment variable"
fi
if [ ${#missing_deps[@]} -ne 0 ]; then
log_error "Missing dependencies: ${missing_deps[*]}"
log_info "Install with: sudo pacman -S ${missing_deps[*]}"
exit 1
fi
elif command -v dpkg &> /dev/null; then
# Debian/Ubuntu
local deb_libs=("libssl-dev" "libelf-dev")
for lib in "${deb_libs[@]}"; do
if ! dpkg -l | grep -q "$lib"; then
missing_deps+=("$lib")
fi
done
if [ ${#missing_deps[@]} -ne 0 ]; then
log_error "Missing dependencies: ${missing_deps[*]}"
log_info "Install with: sudo apt install ${missing_deps[*]}"
exit 1
fi
else
log_warning "Unknown distribution - skipping library dependency checks"
log_info "Ensure you have OpenSSL and ELF development libraries installed"
fi
log_success "All dependencies satisfied"
}
# Setup cross-compilation toolchain
setup_toolchain() {
log_info "Setting up cross-compilation toolchain..."
# Check if Android NDK or prebuilt toolchain exists
if [ -n "$ANDROID_NDK_HOME" ] && [ -d "$ANDROID_NDK_HOME" ]; then
export CROSS_COMPILE="$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android-"
export CC="$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android29-clang"
log_success "Using Android NDK toolchain"
elif command -v aarch64-linux-gnu-gcc &> /dev/null; then
export CROSS_COMPILE="aarch64-linux-gnu-"
export CC="aarch64-linux-gnu-gcc"
log_success "Using system aarch64 toolchain"
else
log_error "No suitable cross-compilation toolchain found"
log_info "Install with: sudo apt install gcc-aarch64-linux-gnu"
log_info "Or set ANDROID_NDK_HOME environment variable"
exit 1
fi
export ARCH=arm64
export SUBARCH=arm64
}
# Clone repositories
clone_repositories() {
log_info "Cloning kernel repositories..."
mkdir -p "$BUILD_DIR"
cd "$BUILD_DIR"
# Clone main kernel
if [ ! -d "$KERNEL_DIR" ]; then
log_info "Cloning main kernel repository..."
git clone https://github.com/garnet-random/android_kernel_xiaomi_sm7435.git kernel
else
log_info "Updating main kernel repository..."
cd "$KERNEL_DIR" && git pull && cd "$BUILD_DIR"
fi
# Clone device trees
if [ ! -d "$DT_DIR" ]; then
log_info "Cloning device trees repository..."
git clone https://github.com/garnet-random/android_kernel_xiaomi_sm7435-devicetrees.git devicetrees
else
log_info "Updating device trees repository..."
cd "$DT_DIR" && git pull && cd "$BUILD_DIR"
fi
# Clone modules
if [ ! -d "$MODULES_DIR" ]; then
log_info "Cloning modules repository..."
git clone https://github.com/garnet-random/android_kernel_xiaomi_sm7435-modules.git modules
else
log_info "Updating modules repository..."
cd "$MODULES_DIR" && git pull && cd "$BUILD_DIR"
fi
log_success "Repository cloning/updating completed"
}
# Clone and integrate Sukisu Ultra (KernelSU fork)
setup_sukisu_ultra() {
if [ "$ENABLE_SUKISU_ULTRA" != "true" ]; then
log_info "Sukisu Ultra integration disabled"
return 0
fi
log_info "Setting up Sukisu Ultra (KernelSU fork)..."
cd "$BUILD_DIR"
# Clone Sukisu Ultra if not exists
if [ ! -d "$SUKISU_DIR" ]; then
log_info "Cloning Sukisu Ultra repository..."
git clone https://github.com/SukiSU-Ultra/SukiSU-Ultra.git sukisu-ultra
else
log_info "Updating Sukisu Ultra repository..."
cd "$SUKISU_DIR" && git pull && cd "$BUILD_DIR"
fi
# Integrate Sukisu Ultra into kernel
log_info "Integrating Sukisu Ultra into kernel..."
cd "$KERNEL_DIR"
# Run Sukisu Ultra setup script with comprehensive error handling
if [ -f "$SUKISU_DIR/kernel/setup.sh" ]; then
log_info "Running Sukisu Ultra setup script with susfs-main branch..."
if bash "$SUKISU_DIR/kernel/setup.sh" susfs-main 2>&1 | tee setup_sukisu.log; then
log_success "Sukisu Ultra integration completed successfully"
# Verify integration
if [ -d "drivers/kernelsu" ] && [ -f "drivers/kernelsu/Makefile" ]; then
log_success "KernelSU drivers successfully integrated"
else
log_warning "KernelSU drivers not found after setup script - attempting manual integration"
manual_sukisu_integration
fi
else
log_error "Sukisu Ultra setup script failed (exit code: $?)"
log_info "Check setup_sukisu.log for details. Attempting manual integration..."
manual_sukisu_integration
fi
else
log_warning "Sukisu Ultra setup script not found, attempting manual integration"
manual_sukisu_integration
fi
}
# Manual Sukisu Ultra integration function
manual_sukisu_integration() {
if [ -d "$SUKISU_DIR/kernel" ]; then
log_info "Attempting manual Sukisu Ultra integration..."
# Copy KernelSU source files with verification
if [ -d "$SUKISU_DIR/kernel/drivers/kernelsu" ]; then
mkdir -p drivers/kernelsu
if cp -r "$SUKISU_DIR/kernel/drivers/kernelsu"/* drivers/kernelsu/ 2>/dev/null; then
log_success "KernelSU drivers copied successfully"
# Verify critical files exist
local required_files=("drivers/kernelsu/Makefile" "drivers/kernelsu/core_hook.c" "drivers/kernelsu/ksu.c")
for file in "${required_files[@]}"; do
if [ ! -f "$file" ]; then
log_warning "Critical KernelSU file missing: $file"
fi
done
else
log_error "Failed to copy KernelSU drivers"
return 1
fi
else
log_error "KernelSU drivers directory not found in Sukisu Ultra repository"
return 1
fi
# Apply patches with better error handling
local patch_count=0
local failed_patches=0
if [ -d "$SUKISU_DIR/kernel/patches" ]; then
for patch in "$SUKISU_DIR/kernel/patches"/*.patch; do
if [ -f "$patch" ]; then
patch_count=$((patch_count + 1))
log_info "Applying patch: $(basename "$patch")"
if patch -p1 --dry-run < "$patch" &>/dev/null; then
if patch -p1 < "$patch" &>/dev/null; then
log_success "Patch $(basename "$patch") applied successfully"
else
log_warning "Patch $(basename "$patch") failed to apply"
failed_patches=$((failed_patches + 1))
fi
else
log_warning "Patch $(basename "$patch") would fail - skipping"
failed_patches=$((failed_patches + 1))
fi
fi
done
if [ $patch_count -gt 0 ]; then
log_info "Applied $((patch_count - failed_patches))/$patch_count patches successfully"
fi
else
log_info "No patches directory found - proceeding without patches"
fi
# Copy additional integration files if they exist
if [ -d "$SUKISU_DIR/kernel/include" ]; then
cp -r "$SUKISU_DIR/kernel/include"/* include/ 2>/dev/null || true
log_info "Copied additional include files"
fi
if [ -d "$SUKISU_DIR/kernel/fs" ]; then
cp -r "$SUKISU_DIR/kernel/fs"/* fs/ 2>/dev/null || true
log_info "Copied additional filesystem files"
fi
log_success "Manual Sukisu Ultra integration completed"
return 0
else
log_error "Sukisu Ultra kernel directory not found"
return 1
fi
}
# Clone and integrate SUSFS (root hiding filesystem)
setup_susfs() {
if [ "$ENABLE_SUSFS" != "true" ]; then
log_info "SUSFS integration disabled"
return 0
fi
log_info "Setting up SUSFS (root hiding filesystem)..."
cd "$BUILD_DIR"
# Clone SUSFS module if not exists
if [ ! -d "$SUSFS_DIR" ]; then
log_info "Cloning SUSFS repository..."
# Use the main SUSFS repository that works with KernelSU
git clone https://github.com/sidex15/susfs4ksu-module.git susfs
else
log_info "Updating SUSFS repository..."
cd "$SUSFS_DIR" && git pull && cd "$BUILD_DIR"
fi
# Integrate SUSFS into kernel
log_info "Integrating SUSFS into kernel..."
cd "$KERNEL_DIR"
# Check if SUSFS kernel patches exist
if [ -d "$SUSFS_DIR/kernel_patches" ]; then
log_info "Applying SUSFS kernel patches..."
for patch in "$SUSFS_DIR/kernel_patches"/*.patch; do
if [ -f "$patch" ]; then
log_info "Applying SUSFS patch: $(basename "$patch")"
patch -p1 < "$patch" || log_warning "SUSFS patch $(basename "$patch") failed to apply"
fi
done
fi
# Copy SUSFS filesystem code if available
if [ -d "$SUSFS_DIR/ksu_module_susfs" ]; then
log_info "Integrating SUSFS filesystem code..."
# This would typically be integrated as a kernel module
# The exact integration depends on the SUSFS implementation
mkdir -p fs/susfs
if [ -d "$SUSFS_DIR/ksu_module_susfs/jni" ]; then
cp -r "$SUSFS_DIR/ksu_module_susfs/jni"/* fs/susfs/ 2>/dev/null || true
fi
fi
log_success "SUSFS integration completed"
}
# Setup kernel configuration
setup_kernel_config() {
log_info "Setting up kernel configuration..."
cd "$KERNEL_DIR"
# Look for garnet-specific defconfig
local defconfig_file=""
if [ -f "arch/arm64/configs/garnet_defconfig" ]; then
defconfig_file="garnet_defconfig"
elif [ -f "arch/arm64/configs/sm7435_defconfig" ]; then
defconfig_file="sm7435_defconfig"
elif [ -f "arch/arm64/configs/vendor/garnet_defconfig" ]; then
defconfig_file="vendor/garnet_defconfig"
else
log_warning "No specific garnet defconfig found, using generic defconfig"
defconfig_file="defconfig"
fi
log_info "Using defconfig: $defconfig_file"
make O=out ARCH=arm64 "$defconfig_file"
# Enable additional configs for Sukisu Ultra and SUSFS
if [ "$ENABLE_SUKISU_ULTRA" == "true" ] || [ "$ENABLE_SUSFS" == "true" ]; then
log_info "Enabling additional kernel configurations for root features..."
# Create additional config file
cat >> out/.config << EOF
# KernelSU / Sukisu Ultra configurations
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9
CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256
# Enable loadable module support for KernelSU
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
# Enable overlayfs for SUSFS
CONFIG_OVERLAY_FS=y
CONFIG_OVERLAY_FS_REDIRECT_DIR=y
CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
CONFIG_OVERLAY_FS_INDEX=y
CONFIG_OVERLAY_FS_NFS_EXPORT=y
CONFIG_OVERLAY_FS_XINO_AUTO=y
CONFIG_OVERLAY_FS_METACOPY=y
# Advanced SUSFS filesystem configurations
CONFIG_FUSE_FS=y
CONFIG_CUSE=y
CONFIG_PROC_FS=y
CONFIG_PROC_SYSCTL=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_TMPFS_XATTR=y
# Advanced security features for SUSFS root hiding
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
CONFIG_SLUB_DEBUG=y
# Memory protection for SUSFS
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_STRICT_MODULE_RWX=y
CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_RETPOLINE=y
CONFIG_SLS=y
# Additional mount and filesystem features for SUSFS
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
CONFIG_QUOTA=y
CONFIG_QFMT_V2=y
CONFIG_QUOTACTL=y
# Enable namespace support for root hiding
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_CGROUP_NS=y
# Enable file capabilities
CONFIG_SECURITY_FILE_CAPABILITIES=y
# Enable audit for security monitoring
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
# KPM (Kernel Patch Module) support for Sukisu Ultra
CONFIG_KPM=y
# KALLSYMS support required for Sukisu Ultra
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
CONFIG_KALLSYMS_BASE_RELATIVE=y
EOF
# Regenerate config to resolve dependencies
make O=out ARCH=arm64 olddefconfig
log_success "Additional kernel configurations enabled"
fi
log_success "Kernel configuration completed"
}
# Build kernel with automatic config answers
build_kernel() {
log_info "Starting kernel build..."
cd "$KERNEL_DIR"
# Create output directory
mkdir -p out
# Answer common config questions automatically
export KCONFIG_NOTIMESTAMP=1
# Build with automatic yes to new config options
log_info "Building kernel (this may take a while)..."
make O=out ARCH=arm64 -j$(nproc) 2>&1 | tee build.log
if [ ${PIPESTATUS[0]} -eq 0 ]; then
log_success "Kernel build completed successfully!"
# Check for output files
if [ -f "out/arch/arm64/boot/Image" ]; then
log_success "Kernel Image created: $KERNEL_DIR/out/arch/arm64/boot/Image"
fi
if [ -f "out/arch/arm64/boot/Image.gz" ]; then
log_success "Compressed kernel Image created: $KERNEL_DIR/out/arch/arm64/boot/Image.gz"
fi
if [ -f "out/arch/arm64/boot/Image.gz-dtb" ]; then
log_success "Kernel with DTB created: $KERNEL_DIR/out/arch/arm64/boot/Image.gz-dtb"
fi
# Build modules
log_info "Building kernel modules..."
make O=out ARCH=arm64 modules -j$(nproc)
if [ $? -eq 0 ]; then
log_success "Kernel modules built successfully!"
else
log_warning "Kernel modules build had issues (check build.log)"
fi
else
log_error "Kernel build failed! Check build.log for details"
exit 1
fi
}
# Create flashable output
create_output() {
log_info "Creating flashable output..."
local output_dir="${BUILD_DIR}/output"
mkdir -p "$output_dir"
cd "$KERNEL_DIR"
# Copy kernel images
if [ -f "out/arch/arm64/boot/Image.gz-dtb" ]; then
cp "out/arch/arm64/boot/Image.gz-dtb" "$output_dir/"
log_success "Copied Image.gz-dtb to output directory"
elif [ -f "out/arch/arm64/boot/Image.gz" ]; then
cp "out/arch/arm64/boot/Image.gz" "$output_dir/"
log_success "Copied Image.gz to output directory"
elif [ -f "out/arch/arm64/boot/Image" ]; then
cp "out/arch/arm64/boot/Image" "$output_dir/"
log_success "Copied Image to output directory"
fi
# Copy DTB files if they exist separately
if [ -d "out/arch/arm64/boot/dts" ]; then
find out/arch/arm64/boot/dts -name "*.dtb" -exec cp {} "$output_dir/" \;
log_success "Copied DTB files to output directory"
fi
# Create AnyKernel3 flashable ZIP if enabled
if [ "$ENABLE_ANYKERNEL3" == "true" ]; then
create_anykernel3_zip "$output_dir"
log_success "Output files created in: $output_dir"
log_info "Flash the AnyKernel3 ZIP using TWRP/custom recovery"
else
log_success "Output files created in: $output_dir"
log_info "You can flash these files using fastboot or your preferred method"
fi
}
# Create AnyKernel3 flashable ZIP
create_anykernel3_zip() {
local output_dir="$1"
log_info "Creating AnyKernel3 flashable ZIP..."
local ak3_dir="${BUILD_DIR}/AnyKernel3"
local zip_name="Garnet-Kernel-SukiSU-SUSFS-$(date +%Y%m%d-%H%M).zip"
# Clone AnyKernel3 if not exists
if [ ! -d "$ak3_dir" ]; then
log_info "Cloning AnyKernel3 repository..."
cd "$BUILD_DIR"
git clone https://github.com/osm0sis/AnyKernel3.git
else
log_info "Updating AnyKernel3 repository..."
cd "$ak3_dir" && git pull && cd "$BUILD_DIR"
fi
cd "$ak3_dir"
# Clean previous builds
rm -f *.zip Image* dtb *.dtbo
# Copy kernel image
if [ -f "$output_dir/Image.gz-dtb" ]; then
cp "$output_dir/Image.gz-dtb" .
kernel_image="Image.gz-dtb"
elif [ -f "$output_dir/Image.gz" ]; then
cp "$output_dir/Image.gz" .
kernel_image="Image.gz"
elif [ -f "$output_dir/Image" ]; then
cp "$output_dir/Image" .
kernel_image="Image"
else
log_error "No kernel image found to package"
return 1
fi
# Copy DTB files if they exist
find "$output_dir" -name "*.dtb" -exec cp {} . \; 2>/dev/null || true
# Create/update anykernel.sh configuration
cat > anykernel.sh << 'EOF'
# AnyKernel3 Ramdisk Mod Script
# osm0sis @ xda-developers
## AnyKernel setup
# begin properties
properties() { '
kernel.string=Garnet Kernel with SukiSU Ultra & SUSFS
do.devicecheck=1
do.modules=0
do.systemless=1
do.cleanup=1
do.cleanuponabort=0
device.name1=garnet
device.name2=2404CPCFG
device.name3=23127PC33G
device.name4=2404CPX3G
device.name5=24069PC21G
supported.versions=13-15
supported.patchlevels=
'; } # end properties
# shell variables
block=/dev/block/bootdevice/by-name/boot;
is_slot_device=1;
ramdisk_compression=auto;
patch_vbmeta_flag=auto;
## AnyKernel methods (DO NOT CHANGE)
# import patching functions/variables - see for reference
. tools/ak3-core.sh;
## AnyKernel file attributes
# set permissions/ownership for included ramdisk files
set_perm_recursive 0 0 755 644 $ramdisk/*;
set_perm_recursive 0 0 750 750 $ramdisk/init* $ramdisk/sbin;
## AnyKernel boot install
dump_boot;
# begin ramdisk changes
# init.rc
if [ -f $ramdisk/init.rc ]; then
backup_file init.rc;
fi;
# end ramdisk changes
write_boot;
## end boot install
EOF
# Create ZIP package
log_info "Packaging AnyKernel3 ZIP: $zip_name"
zip -r9 "$zip_name" * -x .git README.md *placeholder
# Move ZIP to output directory
mv "$zip_name" "$output_dir/"
log_success "AnyKernel3 ZIP created: $output_dir/$zip_name"
}
# Main execution
main() {
log_info "Starting Android Kernel Build for Redmi Note 13 Pro 5G (garnet)"
log_info "Features: Sukisu Ultra ($ENABLE_SUKISU_ULTRA) | SUSFS ($ENABLE_SUSFS)"
log_info "Build directory: $BUILD_DIR"
check_dependencies
setup_toolchain
clone_repositories
setup_sukisu_ultra
setup_susfs
setup_kernel_config
build_kernel
create_output
log_success "Kernel build process completed!"
log_info "Check $BUILD_DIR/output/ for flashable files"
}
# Handle script interruption
trap 'log_error "Build interrupted by user"; exit 130' INT
# Parse command line arguments
parse_args() {
while [[ $# -gt 0 ]]; do
case $1 in
--no-sukisu)
ENABLE_SUKISU_ULTRA=false
log_info "Sukisu Ultra disabled"
;;
--no-susfs)
ENABLE_SUSFS=false
log_info "SUSFS disabled"
;;
--no-anykernel3)
ENABLE_ANYKERNEL3=false
log_info "AnyKernel3 ZIP creation disabled"
;;
--sukisu-only)
ENABLE_SUKISU_ULTRA=true
ENABLE_SUSFS=false
log_info "Building with Sukisu Ultra only"
;;
--susfs-only)
ENABLE_SUKISU_ULTRA=false
ENABLE_SUSFS=true
log_info "Building with SUSFS only"
;;
--stock)
ENABLE_SUKISU_ULTRA=false
ENABLE_SUSFS=false
log_info "Building stock kernel without root features"
;;
--help|-h)
show_help
exit 0
;;
*)
log_error "Unknown option: $1"
show_help
exit 1
;;
esac
shift
done
}
# Show help information
show_help() {
cat << EOF
Android Kernel Build Script for Redmi Note 13 Pro 5G (garnet)
Builds kernel with Sukisu Ultra (KernelSU fork) and SUSFS root hiding
Usage: $0 [OPTIONS]
Options:
--no-sukisu Disable Sukisu Ultra integration
--no-susfs Disable SUSFS integration
--no-anykernel3 Disable AnyKernel3 ZIP creation
--sukisu-only Build with Sukisu Ultra only (no SUSFS)
--susfs-only Build with SUSFS only (no Sukisu Ultra)
--stock Build stock kernel without root features
--help, -h Show this help message
Default: Builds with both Sukisu Ultra and SUSFS enabled
Examples:
$0 # Build with all features
$0 --stock # Build stock kernel
$0 --sukisu-only # Build with KernelSU only
$0 --no-anykernel3 # Build without creating flashable ZIP
EOF
}
# Run main function
parse_args "$@"
main