[profsnuggles]

That is what I am doing as well. I'm building my own kernel but not using secure boot.

Kernel upgrades are just copying .config from the old kernel to the new kernel.

sudo make olddefconfig && sudo make && sudo make modules_install && install_kernel

The contents of install_kernel

KERNEL=`readlink /usr/src/linux`

NUMBER=${KERNEL##linux-}

NUMBER=${NUMBER%%-gentoo}

sudo cp arch/x86_64/boot/bzImage /boot/EFI/Gentoo/vmlinuz-${NUMBER}-gentoo.efi

sudo efi bootmgr -c -L "Gentoo ${NUMBER}" -l "\\EFI\\Gentoo\\vmlinuz-${NUMBER}-gentoo.efi" -d /dev/nvme0n1

[mshook]

Don't compile as root, there's no need for that. You should only elevate your privileges when needed. The only thing you need root for are modules_install and your install_kernel script.

[londons_explore]

People always say this, but if a project is malicious, it can take your SSH keys and get persistence even without root. It can alias sudo in your bashrc to get root if it wants too.

Yet if you don't use sudo, some make/compiles fail with random permissions errors.

I mean I see the reasoning, but in 2020 I think the Linux desktop security model is sufficiently broken that it doesn't matter.

[alias_neo]

Amazing thanks for the explanation, I'll have to give this a go!