Skip to content

Downloads — prebuilt RT kernel

The only expensive part of the patch is the toolchain. Building natively on a Pi 4 takes hours; cross-compiling needs an x86 box and a setup session. So here’s the artifact.

Current release: 6.18.38-rt-cuckoo+ — Raspberry Pi’s rpi-6.18.y, bcm2711_defconfig, PREEMPT_RT, plus the IRQF_NO_THREAD patch.

On the releases page:

File
kernel-rt-6.18.38-rt-cuckoo+.img.gzThe kernel, gzipped (Pi OS’s own format) — 9.8 MB
rt-modules-6.18.38-rt-cuckoo+.tar.gzMatching modules — 22 MB. Must be installed with the image.
install-rt-kernel.shInstaller. Adds a new image; never replaces kernel8.img.
SHA256SUMSChecksums
97533ea81ec56ef090908560e88bccfb2a3f7dfcc3d33a5a1cbe4bbf15163b55 kernel-rt-6.18.38-rt-cuckoo+.img.gz
6af126711eef2ae1651ac48e19353e6830f12fb0ef9a7e265f54c27206a4f0eb rt-modules-6.18.38-rt-cuckoo+.tar.gz
Terminal window
sha256sum -c SHA256SUMS
sudo ./install-rt-kernel.sh
sudo reboot

Then confirm the patch is actually live. This is the check that matters:

Terminal window
$ uname -a
Linux … 6.18.38-rt-cuckoo+ #1 SMP PREEMPT_RT … aarch64
$ ps -eo comm | grep irq/.*pps
(nothing)

That empty output is the whole point. If an irq/NN-pps@… thread appears, the handler is being force-threaded and your timestamp is being taken behind the scheduler.

The installer appends exactly one line to config.txt and never touches kernel8.img. If the Pi doesn’t come back: pull the SD card, open config.txt on any machine (it’s a FAT partition — a Windows laptop will do), delete the kernel=kernel-rt.img line, put the card back. The stock kernel boots.

It also leaves a config.txt.before-rt next to it.

Not “it compiled.” This exact artifact, installed by that exact script, on a Pi 4:

Bootsyes
uname6.18.38-rt-cuckoo+ SMP PREEMPT_RT
PPS handler threadedno — patch confirmed live
chronyStratum 1, ref PPS
System offset273 ns
Raw PPS jitter952 ns σ over 62 s
Terminal window
git clone https://git.supported.systems/warehack.ing/cuckoo-escapement
cd cuckoo-escapement/kernel && ./build.sh

KBUILD_BUILD_USER, KBUILD_BUILD_HOST and KBUILD_BUILD_TIMESTAMP are pinned in that script. Without them a kernel bakes the builder’s user@hostname and the wall-clock build time into /proc/version — which publishes whoever built it and makes the output unreproducible. Pinned, you should be able to rebuild this and compare bytes. For an unsigned kernel from a website, that’s the only trust story we can honestly offer.