bottlerocket-os · mgsharm · Feb 10, 2026 · Mar 2, 2026 · Feb 15, 2026 · Mar 4, 2026
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -5,11 +5,14 @@ members = [
     "packages/grub",
     "packages/kernel-6.1",
     "packages/kernel-6.12",
+    "packages/kernel-6.18",
     "packages/kmod-6.1-efa",
     "packages/kmod-6.1-nvidia-r580",
     "packages/kmod-6.12-amdgpu",
     "packages/kmod-6.12-efa",
     "packages/kmod-6.12-nvidia-r580",
+    "packages/kmod-6.18-efa",
+    "packages/kmod-6.18-nvidia-r580",
     "packages/nvidia-migmanager",
     "packages/nvlsm",
     "packages/linux-firmware",

diff --git a/kits/bottlerocket-kernel-kit/Cargo.toml b/kits/bottlerocket-kernel-kit/Cargo.toml
@@ -15,11 +15,14 @@ path = "../kit.rs"
 grub = { path = "../../packages/grub" }
 kernel-6_1 = { path = "../../packages/kernel-6.1" }
 kernel-6_12 = { path = "../../packages/kernel-6.12" }
+kernel-6_18 = { path = "../../packages/kernel-6.18" }
 kmod-6_1-efa = { path = "../../packages/kmod-6.1-efa" }
 kmod-6_1-nvidia-r580 = { path = "../../packages/kmod-6.1-nvidia-r580" }
 kmod-6_12-amdgpu = { path = "../../packages/kmod-6.12-amdgpu" }
 kmod-6_12-efa = { path = "../../packages/kmod-6.12-efa" }
 kmod-6_12-nvidia-r580 = { path = "../../packages/kmod-6.12-nvidia-r580" }
+kmod-6_18-efa = { path = "../../packages/kmod-6.18-efa" }
+kmod-6_18-nvidia-r580 = { path = "../../packages/kmod-6.18-nvidia-r580" }
 nvidia-migmanager = { path = "../../packages/nvidia-migmanager" }
 nvlsm = { path = "../../packages/nvlsm" }
 linux-firmware = { path = "../../packages/linux-firmware" }

diff --git a/packages/kernel-6.18/.gitignore b/packages/kernel-6.18/.gitignore
@@ -0,0 +1 @@
+*.rpm
diff --git a/packages/kernel-6.18/1001-Makefile-add-prepare-target-for-external-modules.patch b/packages/kernel-6.18/1001-Makefile-add-prepare-target-for-external-modules.patch
@@ -0,0 +1,57 @@
+From b02fff2860bda89df8f36c326f953c73c1c8a2b1 Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Thu, 5 Mar 2026 05:49:59 +0000
+Subject: [PATCH] Makefile: add prepare target for external modules
+
+We need to ensure that native versions of programs like `objtool` are
+built before trying to build out-of-tree modules, or else the build
+will fail.
+
+Unlike other distributions, we cannot include these programs in our
+kernel-devel archive, because we rely on cross-compilation: these are
+"host" programs and may not match the architecture of the target.
+
+Ideally, out-of-tree builds would run `make prepare` first, so that
+these programs could be compiled in the normal fashion. We ship all
+the files needed for this to work. However, this requirement is
+specific to our use case, and DKMS does not support it.
+
+Adding a minimal prepare target to the dependency graph causes the
+programs to be built automatically and improves compatibility with
+existing solutions.
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
+[mgsharm: adjust context for 6.18]
+Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
+---
+ Makefile | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index c9d35f016..17683c0f5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1936,6 +1936,19 @@ filechk_kernel.release = echo $(KERNELRELEASE)
+ KBUILD_BUILTIN :=
+ KBUILD_MODULES := y
+
++PHONY += modules_prepare
++modules_prepare:
++	$(PREPARE) $(Q)$(MAKE) -C $(abs_srctree) $(build)=scripts/basic
++	$(PREPARE) $(Q)$(MAKE) -C $(abs_srctree) $(build)=scripts/dtc
++	$(PREPARE) $(Q)$(MAKE) -C $(abs_srctree) $(build)=scripts/mod
++	$(PREPARE) $(Q)$(MAKE) -C $(abs_srctree) $(build)=scripts
++
++ifdef CONFIG_OBJTOOL
++prepare: tools/objtool
++endif
++
++prepare: modules_prepare
++
+ build-dir := .
+
+ clean-dirs := .
+-- 
+2.50.1
+
diff --git a/packages/kernel-6.18/1002-Revert-kbuild-hide-tools-build-targets-from-external.patch b/packages/kernel-6.18/1002-Revert-kbuild-hide-tools-build-targets-from-external.patch
@@ -0,0 +1,53 @@
+From 2c7096f7159205698d574fbf8325020d9db4b567 Mon Sep 17 00:00:00 2001
+From: Arnaldo Garcia Rincon <agarrcia@amazon.com>
+Date: Wed, 22 Jun 2022 19:26:43 +0000
+Subject: [PATCH] Revert "kbuild: hide tools/ build targets from external
+ module builds"
+
+This reverts commit 1bb0b18a06dceee1fdc32161a72e28eab6f011c4 in which
+the targets to build "tools/*" were hidden for external modules, but
+they are required by the kmod kit since the 'tools/*' binaries are not
+distributed as part of the archive.
+
+Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
+---
+ Makefile | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index cdf29031f..c1b31f753 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1440,14 +1440,6 @@ ifneq ($(wildcard $(resolve_btfids_O)),)
+ 	$(Q)$(MAKE) -sC $(srctree)/tools/bpf/resolve_btfids O=$(resolve_btfids_O) clean
+ endif
+
+-tools/: FORCE
+-	$(Q)mkdir -p $(objtree)/tools
+-	$(Q)$(MAKE) O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/
+-
+-tools/%: FORCE
+-	$(Q)mkdir -p $(objtree)/tools
+-	$(Q)$(MAKE) O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/ $*
+-
+ # ---------------------------------------------------------------------------
+ # Kernel selftest
+
+@@ -2147,6 +2139,14 @@ kernelversion:
+ image_name:
+ 	@echo $(KBUILD_IMAGE)
+
++tools/: FORCE
++	$(Q)mkdir -p $(objtree)/tools
++	$(Q)$(MAKE) O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/
++
++tools/%: FORCE
++	$(Q)mkdir -p $(objtree)/tools
++	$(Q)$(MAKE) O=$(abspath $(objtree)) subdir=tools -C $(srctree)/tools/ $*
++
+ PHONY += run-command
+ run-command:
+ 	$(Q)$(KBUILD_RUN_COMMAND)
+-- 
+2.50.1
+
diff --git a/packages/kernel-6.18/1003-initramfs-unlink-INITRAMFS_FORCE-from-CMDLINE_-EXTEN.patch b/packages/kernel-6.18/1003-initramfs-unlink-INITRAMFS_FORCE-from-CMDLINE_-EXTEN.patch
@@ -0,0 +1,50 @@
+From ad5267161a6294f3dc5b64319a85ca435a3058d5 Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Tue, 18 Oct 2022 22:24:52 +0000
+Subject: [PATCH] initramfs: unlink INITRAMFS_FORCE from CMDLINE_{EXTEND,FORCE}
+
+The motivation given in cff75e0b6fe83 for tying INITRAMFS_FORCE to
+either of CMDLINE_{EXTEND,FORCE} was that these options imply an
+inflexible bootloader, and that overriding the initramfs image would
+also only be necessary for inflexible bootloaders.
+
+However, with the advent of Boot Config support, distributions that do
+not normally use an initramfs may still want to allow an "initrd" to be
+passed by the bootloader in order to accept boot configuration data. In
+such cases, the CMDLINE_{EXTEND,FORCE} options are not desired because
+the bootloader is actually expected to control the kernel command line.
+
+Unlinking the INITRAMFS_FORCE config option allows Boot Config data to
+be passed by the bootloader while still preventing an unexpected
+initramfs from overriding the built-in initramfs (if any).
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+---
+ usr/Kconfig | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/usr/Kconfig b/usr/Kconfig
+index 9279a2893..753840aba 100644
+--- a/usr/Kconfig
++++ b/usr/Kconfig
+@@ -24,7 +24,7 @@ config INITRAMFS_SOURCE
+
+ config INITRAMFS_FORCE
+ 	bool "Ignore the initramfs passed by the bootloader"
+-	depends on CMDLINE_EXTEND || CMDLINE_FORCE
++	default n
+ 	help
+ 	  This option causes the kernel to ignore the initramfs image
+ 	  (or initrd image) passed to it by the bootloader. This is
+@@ -32,6 +32,8 @@ config INITRAMFS_FORCE
+ 	  and is useful if you cannot or don't want to change the image
+ 	  your bootloader passes to the kernel.
+
++	  If unsure, say N.
++
+ config INITRAMFS_ROOT_UID
+ 	int "User ID to map to 0 (user root)"
+ 	depends on INITRAMFS_SOURCE!=""
+-- 
+2.50.1
+
diff --git a/packages/kernel-6.18/1004-af_unix-increase-default-max_dgram_qlen-to-512.patch b/packages/kernel-6.18/1004-af_unix-increase-default-max_dgram_qlen-to-512.patch
@@ -0,0 +1,47 @@
+From da6d593a54cf7311332427d06f6cfec913c24097 Mon Sep 17 00:00:00 2001
+From: Markus Boehme <markubo@amazon.com>
+Date: Tue, 23 May 2023 17:16:44 +0000
+Subject: [PATCH] af_unix: increase default max_dgram_qlen to 512
+
+The net.unix.max_dgram_qlen sysctl has been defined with a default value of
+10 since before the current Git history started in 2005. Systems have more
+resources these days, and while the default values for other sysctls like
+net.core.somaxconn have been adapted, max_dgram_qlen never was.
+
+Increase the default value for max_dgram_qlen to 512. A large number of
+hosts effectively already run with this or a larger value, since systemd
+has been making sure it is set to at least 512 since 2015.
+
+Signed-off-by: Markus Boehme <markubo@amazon.com>
+---
+ Documentation/networking/ip-sysctl.rst | 2 +-
+ net/unix/af_unix.c                     | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
+index a06cb99d6..0c37ce24b 100644
+--- a/Documentation/networking/ip-sysctl.rst
++++ b/Documentation/networking/ip-sysctl.rst
+@@ -3726,5 +3726,5 @@ l3mdev_accept - BOOLEAN
+ max_dgram_qlen - INTEGER
+ 	The maximum length of dgram socket receive queue
+
+-	Default: 10
++	Default: 512
+
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
+index c634a7fc8..8e6a9a25b 100644
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -3832,7 +3832,7 @@ static int __net_init unix_net_init(struct net *net)
+ {
+ 	int i;
+
+-	net->unx.sysctl_max_dgram_qlen = 10;
++	net->unx.sysctl_max_dgram_qlen = 512;
+ 	if (unix_sysctl_register(net))
+ 		goto out;
+
+-- 
+2.50.1
+
diff --git a/packages/kernel-6.18/1005-drm-simpledrm-Select-prerequisites-for-gpu-drivers.patch b/packages/kernel-6.18/1005-drm-simpledrm-Select-prerequisites-for-gpu-drivers.patch
@@ -0,0 +1,37 @@
+From 82f2dfb2808d43b8ae058165b1b4d9a6b2b65d4e Mon Sep 17 00:00:00 2001
+From: Martin Harriman <mharrimn@amazon.com>
+Date: Sun, 30 Mar 2025 22:36:38 +0000
+Subject: [PATCH] drm/simpledrm: Select prerequisites for gpu drivers
+
+Select DRM subsystem components needed for GPU driver support including
+display helpers (DP, HDMI, HDCP), execution context management, buddy
+allocator, scheduler, TTM memory management, and panel backlight quirks.
+
+Signed-off-by: Martin Harriman <mharrimn@amazon.com>
+[mgsharm: adjust context for 6.18]
+Signed-off-by: Gaurav Sharma <mgsharm@amazon.com>
+---
+ drivers/gpu/drm/sysfb/Kconfig | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/gpu/drm/sysfb/Kconfig b/drivers/gpu/drm/sysfb/Kconfig
+index 9c9884c7e..99de86016 100644
+--- a/drivers/gpu/drm/sysfb/Kconfig
++++ b/drivers/gpu/drm/sysfb/Kconfig
+@@ -46,6 +46,13 @@ config DRM_SIMPLEDRM
+ 	select DRM_GEM_SHMEM_HELPER
+ 	select DRM_KMS_HELPER
+ 	select DRM_SYSFB_HELPER
++	select DRM_DISPLAY_DP_HELPER
++	select DRM_DISPLAY_HELPER
++	select DRM_SUBALLOC_HELPER
++	select DRM_TTM
++	select DRM_TTM_HELPER
++	select DRM_DISPLAY_HDCP_HELPER
++	select DRM_DISPLAY_HDMI_HELPER
+ 	help
+ 	  DRM driver for simple platform-provided framebuffers.
+
+-- 
+2.50.1
+
diff --git a/packages/kernel-6.18/1006-efi-libstub-don-t-measure-kernel-command-line-into-P.patch b/packages/kernel-6.18/1006-efi-libstub-don-t-measure-kernel-command-line-into-P.patch
@@ -0,0 +1,36 @@
+From 93833752160803593414c9184fa2aedd8f0187a5 Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Tue, 4 Nov 2025 16:42:55 +0000
+Subject: [PATCH] efi/libstub: don't measure kernel command line into PCR 9
+
+The kernel command line can be extended via bootconfig, which may add
+additional parameters but depends on initrd parsing that happens at a
+later point in the boot.
+
+Disable the boot-time measurement so that the verified userspace can
+perform a complete measurement later.
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+---
+ drivers/firmware/efi/libstub/efi-stub-helper.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
+index 7aa2f9ad2..eae369c1d 100644
+--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
++++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
+@@ -337,9 +337,11 @@ char *efi_convert_cmdline(efi_loaded_image_t *image)
+ 	efi_status_t status;
+ 	u32 options_chars;
+
++#if 0
+ 	if (options_size > 0)
+ 		efi_measure_tagged_event((unsigned long)options, options_size,
+ 					 EFISTUB_EVT_LOAD_OPTIONS);
++#endif
+
+ 	efi_apply_loadoptions_quirk((const void **)&options, &options_size);
+ 	options_chars = options_size / sizeof(efi_char16_t);
+-- 
+2.50.1
+
diff --git a/packages/kernel-6.18/Cargo.toml b/packages/kernel-6.18/Cargo.toml
@@ -0,0 +1,31 @@
+[package]
+name = "kernel-6_18"
+version = "0.1.0"
+edition = "2021"
+publish = false
+build = "../build.rs"
+
+[package.metadata.build-package]
+package-name = "kernel-6.18"
+
+[lib]
+path = "../packages.rs"
+
+[[package.metadata.build-package.external-files]]
+# Use latest-kernel-srpm-url.sh to get this.
+url = "https://cdn.amazonlinux.com/al2023/blobstore/0211e61d89515be990de21def45b93a544d5cced37cbfda50b50227359268db4/kernel6.18-6.18.8-9.213.amzn2023.src.rpm"
+sha512 = "84886d037a336ec1bfda25a2c377a11169cfa55544018fece60d02c1ff99378f95b3f7350015ff175e2e904b85659a61a91b8ff15bdee0ccf26b329576358376"
+force-upstream = true
+
+[[package.metadata.build-package.external-files]]
+# Use latest-2.21-neuron-srpm-url.sh to get this.
+url = "https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.21.37.0.noarch.rpm"
+sha512 = "4bdb01d846f12a04bdbe6902c3008ebadbcb50d4d94e8f81b524c02a4e94da7041cdb5e94fd564e1d9898f52a8cbd960a6a65435b90ba7d7839c807e7ca8736d"
+
+[[package.metadata.build-package.external-files]]
+# Use latest-neuron-srpm-url.sh to get this.
+url = "https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.26.5.0.noarch.rpm"
+sha512 = "8e7aa38d5015cdca0274469d217bf3b5441494ef31959851113c788b147fc6f2225864d390f7f31a93bd740b5599c3dfad305893b4ad6d549656a9ed7d32e853"
+
+[build-dependencies]
+microcode = { path = "../microcode" }