1. download buildroot and unzip it to ~/
2. For some reason, cttyhack is not enabled in busybox by default. we need to change config file to enable it. In the file path/to/buildroot/package/busybox/busybox.config there should be the line

# CONFIG_CTTYHACK is not set

change it to

CONFIG_CTTYHACK=y

Also, do this for SETUIDGID as well.

CONFIG_SETUIDGID=y

3. make menuconfig: do the following

1. Target Options -> Target Architecture -> x86_64
2. Kernel -> Linux Kernel [y] ->  Kernel configuration -> Use the architecture default configuration
3. Filesystem images -> initial RAM filesystem linked into linux kernel [y]

4. make buildroot. There are serveral dependencies which can fail the build, such as libssl and libelf. The bzImage and rootfs.cpio file will be located at /path/to/buildroot/output/images.

5. compile the kernel module. For this, reference the src/Makefile file. Make sure you use the makefile in buildroot, not our own linux.

6. Decompress the rootfs.cpio file. For this reference the image/decompress.sh file. The opposite can be done with image/compress.sh script.

7. add the kernel module to initramfs and create an appropriate rcS file

#!/bin/sh

chown root:root flag
chmod 400 flag

insmod /lkm_example.ko
echo -e "\nBoot took $(cut -d' ' -f1 /proc/uptime) seconds\n"
setsid cttyhack setuidgid 1000 sh

umount /proc
umount /sys
poweroff -d 0  -f

8. Boot via qemu. Argument setting is complicated, so reference image/boot.sh.