Building Your Own Kali Linux ARM64 Root Filesystem (RootFS)

Ever wanted to create your own customized Kali Linux root filesystem for ARM64? Whether you’re working on an embedded device, single-board computer (SBC), or just exploring how Kali works under the hood, this guide will walk you through building a minimal yet functional rootfs—fully customizable to fit your needs.

This guide is specifically tailored for the Mecha Comet device, but you can modify it for other ARM64 hardware by adjusting the kernel and package selection.

So grab a coffee :coffee:, and let’s roll up our sleeves! :hammer_and_wrench:


:dart: What We’re Doing

We’ll be using Docker to build a clean Kali ARM64 rootfs from scratch. By the end, you’ll have a compressed root filesystem (tar.gz) that you can extract onto your Mecha Comet device or modify to suit your own flavor of Kali.

although you still use native system if you’re running linux based os, for keep things simple we’re using docker.

You’ll learn how to:
:white_check_mark: Build a minimal Kali Linux ARM64 rootfs
:white_check_mark: Add a custom user and hostname
:white_check_mark: Install additional packages
:white_check_mark: Customize it to your liking!


:rocket: Prerequisites

Make sure you have the following installed on your system:

  • Docker
  • Basic understanding of Linux commands
  • A sense of adventure :sunglasses:

:building_construction: Step 1: The Dockerfile

The Dockerfile is our blueprint for building the Kali ARM64 rootfs. We use debootstrap to set up the initial system and install essential packages.

# Base image: Kali Linux
FROM kalilinux/kali-rolling

# Environment Variables
ENV DEBIAN_FRONTEND=noninteractive
ENV ARCH=arm64
ENV ROOTFS_DIR=/rootfs
ENV OUTPUT_DIR=/output

# Install required dependencies
RUN apt update && apt install -y \
    debootstrap \
    qemu-user-static \
    binfmt-support \
    lzma \
    lzop \
    u-boot-tools \
    ca-certificates \
    sudo \
    && apt clean && rm -rf /var/lib/apt/lists/*

# Bootstrap Kali ARM64
RUN mkdir -p $ROOTFS_DIR && \
    debootstrap --foreign --arch=$ARCH kali-rolling $ROOTFS_DIR/kali-$ARCH http://http.kali.org/kali && \
    cp /usr/bin/qemu-aarch64-static $ROOTFS_DIR/kali-$ARCH/usr/bin/ && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH /debootstrap/debootstrap --second-stage

# Add custom repository (optional)
RUN echo "deb [trusted=yes] http://debian.mecha.build apollo main" >> $ROOTFS_DIR/kali-$ARCH/etc/apt/sources.list

# Install core packages
RUN LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt update && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt install -y kali-linux-core && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt clean && \
    rm -rf $ROOTFS_DIR/kali-$ARCH/var/lib/apt/lists/*

# Copy third-stage setup script
COPY third-stage $ROOTFS_DIR/kali-$ARCH/third-stage

# Run third-stage script in chroot
RUN chmod +x $ROOTFS_DIR/kali-$ARCH/third-stage && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH /third-stage && \
    rm -f $ROOTFS_DIR/kali-$ARCH/third-stage

# Archive the final rootfs
RUN tar -czvf $OUTPUT_DIR/kali-arm64-rootfs.tar.gz -C $ROOTFS_DIR/kali-$ARCH .

# Expose volume for output
VOLUME ["$OUTPUT_DIR"]

CMD ["/bin/bash"]

:hammer_and_wrench: Step 2: Customizing Third-Stage Script

This is where the fun begins! :tada: The third-stage script lets you add your own configurations, like setting up a user, hostname, and installing extra packages.

# Base image: Kali Linux
FROM kalilinux/kali-rolling

# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
ENV ARCH=arm64
ENV ROOTFS_DIR=/rootfs
ENV OUTPUT_DIR=/output

# Install dependencies and utilities
RUN echo "Installing dependencies..." && \
    apt update && apt install -y \
    debootstrap \
    qemu-user-static \
    device-tree-compiler \
    lzma \
    lzop \
    u-boot-tools \
    pixz \
    git-core \
    binutils \
    ca-certificates \
    locales \
    console-common \
    vim \
    less \
    passwd \
    sudo && \
    apt clean && rm -rf /var/lib/apt/lists/*

# Set up the ARM64 build environment
RUN echo "Setting up Kali Linux rootfs..." && \
    mkdir -p $ROOTFS_DIR && \
    debootstrap --foreign --arch $ARCH kali-rolling $ROOTFS_DIR/kali-$ARCH http://http.kali.org/kali && \
    cp /usr/bin/qemu-aarch64-static $ROOTFS_DIR/kali-$ARCH/usr/bin/ && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH /debootstrap/debootstrap --second-stage && \
    echo "Debootstrap setup complete."

# Add Mecha Comet-specific repository
RUN echo "Adding Mecha Comet repository..." && \
    echo "deb [trusted=yes] http://debian.mecha.build apollo main" >> $ROOTFS_DIR/kali-$ARCH/etc/apt/sources.list

# Install Mecha Comet-specific kernel and firmware
RUN echo "Installing Mecha Comet kernel and firmware..." && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt update && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt install -y \
    linux-image-6.6.36+mecha+ \
    linux-headers-6.6.36+mecha+ \
    linux-libc-dev=6.6.36-g2cf9194da72b-1 \
    imx-sdma-firmware \
    bluez-firmware=1.0-1 && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt clean && \
    rm -rf $ROOTFS_DIR/kali-$ARCH/var/lib/apt/lists/*

# Install Kali Linux tools
RUN echo "Installing Kali Linux tools inside rootfs..." && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt update && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt install --no-install-recommends -y kali-linux-core && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH apt clean && \
    rm -rf $ROOTFS_DIR/kali-$ARCH/var/lib/apt/lists/*

# Copy third-stage script
COPY third-stage $ROOTFS_DIR/kali-$ARCH/third-stage

# Run third-stage setup
RUN chmod +x $ROOTFS_DIR/kali-$ARCH/third-stage && \
    LANG=C chroot $ROOTFS_DIR/kali-$ARCH /third-stage && \
    rm -f $ROOTFS_DIR/kali-$ARCH/third-stage

# Archive the final root filesystem
RUN echo "Creating final rootfs archive..." && \
    mkdir -p $OUTPUT_DIR && \
    tar -czvf $OUTPUT_DIR/kali-arm64-rootfs.tar.gz -C $ROOTFS_DIR/kali-$ARCH . && \
    echo "RootFS archive created at $OUTPUT_DIR/kali-arm64-rootfs.tar.gz"

# Expose a volume for the root filesystem
VOLUME ["$OUTPUT_DIR"]

# Default command: enter the container
CMD ["/bin/bash"]

Want a custom username instead of “mecha”? Simply change it in the script!

echo "yourusername:yourpassword" | chpasswd

Want a different desktop environment? Swap out kali-desktop-xfce for kali-desktop-gnome or kali-desktop-kde. :art:


:checkered_flag: Step 3: Building the RootFS

Now that we have our Dockerfile and third-stage script, let’s build the rootfs:

docker build -t kali-arm64-rootfs .

Once the build is complete, you’ll find the rootfs archive at:

/output/kali-arm64-rootfs.tar.gz

:fire: Extract & Deploy

To extract the rootfs onto a target device, use:

tar -xvzf kali-arm64-rootfs.tar.gz -C /mnt/rootfs

Make sure you have the right bootloader and kernel in place! :rocket:


:art: Customizing Your Own Kali Flavor

The best part? You can tweak everything!

  • Add your favorite hacking tools :satellite:
  • Customize your prompt and shell :desktop_computer:
  • Create pre-installed scripts and configurations :gear:
  • Automate security testing :fire:

:camera_flash: Mecha Comet in Action!

Here’s a sneak peek of the Mecha Comet device running our custom Kali Linux rootfs!
You can see the Kali environment fully loaded.

Want to share your own setup? Post your screenshots in the comments! :rocket:

Got a cool use case for this? Share your experience in the comments! :speaking_head:

Happy hacking! :pirate_flag: