Ubuntu Real-time Kernel

This blog details how to install Ubuntu Real-time Kernel patches.

Ubuntu Real-time Kernel 是一种专为实时应用场景设计的内核版本，基于 Linux 内核并包含实时补丁 (PREEMPT_RT patches)。它的主要目标是提供低延迟、高确定性的系统响应能力，适用于工业控制、机器人、嵌入式系统和音视频处理等领域。

1. 主要特点

低延迟：优化任务调度，确保时间敏感任务的快速响应。
高确定性：减少任务执行的时间抖动，提供稳定的实时性能。
实时补丁支持：集成 PREEMPT_RT 补丁，增强线程优先级、锁机制和中断处理的实时特性。
与 Ubuntu 兼容：与标准 Ubuntu 软件生态兼容，易于部署和维护。

2. 实时核补丁安装

PREEMPT_RT与官方Nvidia图形显卡驱动无法共存，所以要先把Nvidia显卡驱动禁用，而使用X.Org X server - Nouveau display driver。在安装完实时核后，参考：https://github.com/2b-t/linux-realtime/blob/main/doc/NvidiaDriver.md 进行Nvidia驱动安装。其核心步骤是在安装Nvidia驱动前设置环境变量export IGNORE_PREEMPT_RT_PRESENCE=1，具体步骤：

% set the environment variable
export IGNORE_PREEMPT_RT_PRESENCE=1

% install by apt command lines
sudo -E apt install nvidia-driver-XXX # where XXX is the driver version e.g. 535

% or check and install from the Software & Updates/Additional Drivers menu

% or install from a *.run package
# 1. Download NVIDIA driver as a .run file

# 2. Stop X-Server
sudo service lightdm stop

# 3. Blacklist Nouveau driver
sudo nano /etc/modprobe.d/blacklist-nouveau.conf
# Insert into file:
#  blacklist nouveau
#  options nouveau modeset=0

# 4. Update kernel initramfs
sudo update-initramfs -u

# 5. Install driver!
bash <*>.run  # Insert downloaded .run file

# 6. Reboot
sudo reboot

2.1. Ubuntu 22.04及以上

登陆注册一个免费的Ubuntu Pro账号，使用Ubuntu Pro直接安装PREEMPT_RT：

sudo pro enable realtime-kernel

2.2. Ubuntu 20.04及以下

2.2.1. Install the necessary dependencies

sudo apt-get install build-essential bc curl ca-certificates gnupg2 libssl-dev lsb-release libelf-dev bison flex dwarves zstd libncurses-dev

2.2.2. Download real-time patches

For Ubuntu 20.04 tested with the kernel version 5.15.173-rt82:

curl -SLO https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.15.173.tar.xz
curl -SLO https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.15.173.tar.sign
curl -SLO https://www.kernel.org/pub/linux/kernel/projects/rt/5.15/patch-5.15.173-rt82.patch.xz
curl -SLO https://www.kernel.org/pub/linux/kernel/projects/rt/5.15/patch-5.15.173-rt82.patch.sign

2.2.3. Decompress patches

xz -d *.xz

2.2.4. Verifying file integrity

You can use gpg2 to verify the .tar archives:

gpg2 --verify linux-*.tar.sign
gpg2 --verify patch-*.patch.sign

If your output is similar to the following:

$ gpg2 --verify linux-*.tar.sign
gpg: assuming signed data in 'linux-4.14.12.tar'
gpg: Signature made Fr 05 Jan 2018 06:49:11 PST using RSA key xxxxxx
gpg: Can't check signature: No public key

You have to first download the public key of the person who signed the above file. As you can see from the above output, it has the ID xxxxxx. You can obtain it from the key server:

gpg2  --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys xxxxxx

Similarly for the patch:

gpg2 --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys xxxxxx

Note: keys for other kernel version might have different IDs, you will have to adapt accordingly.

Having downloaded the keys, you can now verify the sources. Here is an example of a correct output:

$ gpg2 --verify linux-*.tar.sign
gpg: assuming signed data in 'linux-4.14.12.tar'
gpg: Signature made Fr 05 Jan 2018 06:49:11 PST using RSA key ID 6092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
gpg:                 aka "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg:                 aka "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

2.2.5. Compiling the kernel

Once you are sure the files were downloaded properly, you can extract the source code and apply the patch:

tar xf linux-*.tar
cd linux-*/
patch -p1 < ../patch-*.patch

Next copy your currently booted kernel configuration as the default config for the new real time kernel:

cp -v /boot/config-$(uname -r) .config

Now you can use this config as the default to configure the build:

make olddefconfig
make menuconfig

The second command brings up a terminal user interface (TUI) in which you can configure the preemption model. Use the arrow keys to navigate through the options and make selections.

Navigate with the arrow keys to General Setup > Preemption Model > Fully Preemptible Kernel (Real-Time).

After that navigate to Cryptographic API > Certificates for signature checking (at the very bottom of the list) > Provide system-wide ring of trusted keys > Additional X.509 keys for default system keyring.

Remove the debian/canonical-certs.pem from the prompt and press Ok.

After that navigate to Cryptographic API > Certificates for signature checking (at the very bottom of the list) > Provide system-wide ring of revocation certificates > X.509 certificates to be preloaded into the system blacklist keyring

Remove the debian/canonical-revoked-certs.pem from the prompt and press Ok.

Save this configuration to .config and exit the TUI.

Afterwards, you are ready to compile the kernel. As this is a lengthy process, set the multithreading option -j to the number of your CPU cores:

make -j$(nproc) deb-pkg

Note: If any errors occur during the process, use make -j1 deb-pkg to rebuild it. This will provide more detailed output for debugging.

Finally, you are ready to install the newly created package. The exact names depend on your environment, but you are looking for headers and images packages without the dbg suffix. To install:

sudo dpkg -i ../linux-headers-*.deb ../linux-image-*.deb

2.2.6. Verifying the new kernel

• Restart your system.
• The Grub boot menu should now allow you to choose your newly installed kernel. It could be found at Advanced options for Ubuntu on the Grub.
• To see which one is currently being used, see the output of the uname -a command. It should contain the string PREEMPT RT and the version number you chose. Additionally, cat /sys/kernel/realtime should exist and contain the the number 1.

2.2.7. Allow a user to set real-time permissions for its processes

After the PREEMPT_RT kernel is installed and running, add a group named realtime and add the user controlling your robot to this group:

sudo addgroup realtime
sudo usermod -a -G realtime $(whoami)

3. 修改启动内核

• 开机或重启时，进入Grub中找到Advanced options for Ubuntu选项，选择想要启动的内核。
• 进入系统后，在终端输入sudo vim /etc/default/grub，把其中的GRUB_DEFAULT=0修改为GRUB_DEFAULT="Advanced options for Ubuntu" > "Ubuntu, with Linux 5.15.173-rt82"orGRUB_DEFAULT=1 > 0。
• 终端输入sudo update-grub生效后，重启。