> ## Documentation Index > Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt > Use this file to discover all available pages before exploring further. # Adding a Kernel Module > Create a system extension that includes kernel modules. export const VersionWarningBanner = () => { const latestVersion = "v1.13"; const [latestUrl, setLatestUrl] = useState(null); const [currentVersion, setCurrentVersion] = useState(null); const [isBeta, setIsBeta] = useState(false); const parseVersion = v => v.replace("v", "").split(".").map(Number); const isGreaterVersion = (a, b) => { const [aMajor, aMinor] = parseVersion(a); const [bMajor, bMinor] = parseVersion(b); if (aMajor > bMajor) return true; if (aMajor === bMajor && aMinor > bMinor) return true; return false; }; useEffect(() => { if (typeof window === "undefined") return; const {pathname, hash, search} = window.location; const match = pathname.match(/\/talos\/(v\d+\.\d+)\//); if (!match) return; const detectedVersion = match[1]; if (detectedVersion === latestVersion) return; setCurrentVersion(detectedVersion); if (isGreaterVersion(detectedVersion, latestVersion)) { setIsBeta(true); } const newPath = pathname.replace(`/talos/${detectedVersion}/`, `/talos/${latestVersion}/`); setLatestUrl(`${newPath}${search}${hash}`); }, []); if (!latestUrl || !currentVersion) return null; return
{isBeta ? <> ⚠️ You are viewing a beta version of Talos ({currentVersion}). This version may be unstable. View latest stable version {latestVersion} → : <> ⚠️ You are viewing an older version of Talos ({currentVersion}). View the latest version {latestVersion} → }
; }; [System extensions](./system-extensions) in Talos provide ways to add files to the root filesystem and make it possible to run privileged containers as services. But Talos still requires that kernel modules be signed with a trusted signing key to be loaded at run time. To add a kernel module to Talos you will need to create a system extension that is built with the kernel and signed by the same signing key. System extensions without kernel modules work without this requirement, but there are a couple extra steps needed when adding kernel modules. ## Create a package hello Talos is built from the [pkgs](https://github.com/siderolabs/pkgs/) repo and the first step will be to add your custom package to that repo to be built with Talos. You can look at other packages in that repository for examples of what should be included. The only file required to create a package is a `pkg.yaml` file in a folder. Let's create an example package to walk through each step. Clone the repo and create a folder. ```bash theme={null} git clone https://github.com/siderolabs/pkgs.git cd pkgs mkdir my-module ``` Now add the package to the `.kres.yaml` file in the root of the repository. We use this file for templating and generating Makefiles. Put your out-of-tree kernel module below the comment for dependent packages. ```yaml theme={null} spec: targets: ... # - kernel & dependent packages (out of tree kernel modules) # kernel first, then packages in alphabetical order ... - my-module-pkg ... ``` Run the following command to generate a new Makefile. ```bash theme={null} make rekres ``` Now you have a `make` target to build your module and a directory to store your module configuration. The next step is to create a `pkg.yaml` file to tell [`bldr`](https://github.com/siderolabs/bldr) how to create a container with the files you need. The `bldr` tool has assumptions about directory structure and steps you can read about in the GitHub repo. This example does not build a kernel module, but it can be used as a basis for your own packages. Please also see existing `pkg.yaml` files in [the pkgs repo](https://github.com/siderolabs/pkgs) ```bash theme={null} name: my-module-pkg # name of your package variant: scratch # base container for environment (e.g. alpine, scratch) shell: /bin/sh # shell to use to execute commands in steps dependencies: # other steps required before building package - stage: base steps: # steps needed to build package container - sources: # download source files - url: https://example.com/source.tar.gz destination: my-module.tar.gz sha256: 1234abcd... sha521: abcd1234... prepare: # create directories and untar - tar -xzf my-module.tar.gz --strip-components=1 build: # compiling software - make -j $(nproc) install: # move compiled software to correct directory - make DESTDIR=/rootfs install test: # validate software - fhs-validator /rootfs finalize: # copy directory structure from source to destination - from: /rootfs to: / ``` ## Build the package and kernel After you've created a `pkg.yaml` file you can test building your package with the make target you generated earlier. Because Talos requires kernel modules to be signed with a signing key only available during the Talos kernel build process we need to build the kernel and package at the same time. We also need a container registry available to store the built assets. Follow the steps in [developing Talos](./developing-talos#prepare) to create a docker builder and run a local container registry before running this command. ```bash theme={null} make kernel my-module-pkg REGISTRY=127.0.0.1:5005 \ PLATFORM=linux/amd64 \ PUSH=true ``` If this is successful it should output two pieces of information we need to collect for the next steps. We need to save the kernel and package images. The output will look something like this: ```bash theme={null} => => pushing manifest for 127.0.0.1:5005/user/kernel:v1.11.0-alpha.0... ... => => pushing manifest for 127.0.0.1:5005/user/my-module-pkg:v1.11.0-alpha.0... ``` For easier reference in this guide I will save these images as `$KERNEL_IMAGE` and `$PKG_IMAGE` variables. ## Create an extension System extensions are the way to add software and files to a Talos Linux root filesystem. Just like packages they are built as containers and then layered with Talos to create a bootable squashfs image. The only unique thing about building a system extension with a kernel module is we need to build it against the kernel we just built in the previous step. If we don't do this then our kernel module won't be signed and cannot be loaded at runtime. The process is very similar to creating a package. Start by cloning the extensions repo: ```bash theme={null} git clone https://github.com/siderolabs/extensions.git cd extensions mkdir my-module ``` Add your extension to the `.kres.yaml` file. ```yaml theme={null} --- kind: pkgfile.Build spec: targets: ... - my-module ... ``` Then generate a new Makefile with additional target. ```bash theme={null} make rekres ``` Now create the `manifest.yaml` file for the metadata of your extension in the my-module folder. ```yaml theme={null} version: v1alpha1 # version of manifest.yaml metadata: name: my-module version: 0.1 author: me description: | An extension that adds a kernel module compatibility: talos: version: ">= v1.10.0" # what version of Talos is supported ``` Create a `pkg.yaml` file in the my-module folder which works similarly to our `pkg.yaml` file for our package, but this time starts from the base image we built in the first step. The local directory is mounted into the container at `/pkg` so we can copy files from that directory. ```yaml theme={null} name: my-module variant: scratch shell: /bin/sh dependencies: - stage: base - image: "${PKG_IMAGE}" # the image we built in the first step steps: - install: - mkdir -p /rootfs/usr/lib/modules - cp -R /usr/lib/modules/* /rootfs/usr/lib/modules/ finalize: - from: /rootfs to: /rootfs - from: /pkg/manifest.yaml # make sure you add the metadata file to: / ``` Lastly create a `vars.yaml` file to store a version variable in the my-module folder. This isn't strictly required, but it is a convention used which will let the automated build work. ```bash theme={null} echo 'VERSION: "0.1"' > vars.yaml ``` ## Build extension You now have a complete extension config and can build it with the kernel from your previous pkg build. ```bash theme={null} make my-module REGISTRY=127.0.0.1:5005 \ PLATFORM=linux/amd64 \ PUSH=true ``` This will create a system extension image and push it to your local registry. Copy the image that get's pushed and save it as `${EXTENSION_IMAGE}`. ```bash theme={null} export EXTENSION_IMAGE='127.0.0.1:5005/jgarr/my-module:0.1@sha256:e8f3352...' ``` ## Test the extension Now we need to create installation media to boot Talos. We will build and use [imager](../../platform-specific-installations/boot-assets) to include our extension. Clone the Talos repo. ```bash theme={null} git clone https://github.com/siderolabs/talos cd talos ``` Build the installer, and remember to use the kernel image from the first step. ```bash theme={null} make installer-base imager PLATFORM=linux/amd64 \ INSTALLER_ARCH=amd64 \ REGISTRY=127.0.0.1:5005 \ PKG_KERNEL=${KERNEL_IMAGE} \ PUSH=true ``` This will create two images - installer-base and imager and push them to your local registry. Export the installer-base image and save it as `$BASE_INSTALLER_IMAGE`. Create an installer image from your extension and the installer-base you just created with the following command. ```bash theme={null} make image-installer \ REGISTRY=127.0.0.1:5005 \ IMAGER_ARGS="--base-installer-image=${BASE_INSTALLER_IMAGE} \ --system-extension-image=${EXTENSION_IMAGE}" ``` We'll have a new container image tar file in the `_out/` folder of our repository. Load and push the container image to a registry with [crane](https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md). Make sure you replace `$REGISTRY`, `$USER`, and `$TAG` with the values you want. ```bash theme={null} crane push _out/installer-amd64.tar $REGISTRY/$USER/installer:$TAG ``` And if you don't have `crane`: ```bash theme={null} docker load -i _out/installer-amd64.tar # note down sha256 or the image tag output from above command docker tag $SHA256_OR_IMAGE_TAG $REGISTRY/$USER/installer:$TAG docker push $REGISTRY/$USER/installer:$TAG ``` ## Test the installer with fresh install Now you can boot a machine from generic Talos installation media. This is only used to get access to the API so we can apply a configuration that will use our installer image. We'll assume this machine has an IP address of 192.168.100.100 Generate a configuration that uses your installer image. ```bash theme={null} talosctl gen config --install-image $REGISTRY/$USER/installer:$TAG \ test https://192.168.100.100:6443 # cluster name and endpoint ``` Now create a configuration patch that loads your kernel module by name. This should be the name of the `.ko` file you built in the package and put in the `/modules` directory. ```yaml theme={null} # my-module.yaml machine: kernel: modules: - name: my-module ``` Apply the machine config and patch to your test machine. ```bash theme={null} talosctl apply -f controlplane.yaml -i -p '@my-module.yaml' -n 192.168.100.100 ``` The machine will reboot as Talos is installed. When the machine boots you should see logs that the module was loaded from dmesg. ```bash theme={null} 192.168.100.100: kern: warning: my-module: loading out-of-tree module taints kernel. 192.168.100.100: kern: info: Loading my-module driver module v0.1 ``` ## Test installer with existing machine If you already have Talos running on a machine you can apply the installer during an upgrade to have the extension installed. ```bash theme={null} talosctl upgrade -i $REGISTRY/$USER/installer:$TAG ``` Make sure you still create a patch to load the kernel module and apply it to the machine. ```yaml theme={null} # my-module.yaml machine: kernel: modules: - name: my-module ``` Apply the machine config and patch to your test machine. ```bash theme={null} talosctl apply -f controlplane.yaml -p '@my-module.yaml' ```