As a branch of Debian, Ubuntu shares the same ideas on Linux kernel build, but with some difference. This post takes a great reference to the Ubuntu official wiki page on how to do kernel build. Moreover, we are going to enable IMA in the kernel configuration. K.R.K.C.
0. References
https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel
https://davejingtian.org/2013/08/01/build-official-debian-linux-kernel/
1. Get the source
apt-get source linux-image-$(uname -r)
3. Prepare for the build
sudo apt-get build-dep linux-image-$(uname -r)
apt-get install libncurses5-dev
4. Add permission for the building scripts
chmod a+x debian/scripts/*
chmod a+x debian/scripts/misc/*
5. Clean the last build – this is needed to start a new build
fakeroot debian/scripts/rules clean
6. Edit the config – menuconfig
fakeroot debian/rules editconfigs
After IMA is enabled, the saved .config is conflicted with the forcing file of Ubuntu itself, which is used to provide the basic configuration for the kernel. Most of the time, this file is right. However, if you do know what you are doing, do the changes in the forcing file.
vi debian.master/config/enforce
7. Build
fakeroot debian/rules binary-headers binary-generic
This build will generate the image just for your current architecture. Then around 3 debs will be generated under your home directory. For amd64 arch, they are headers-all, headers-amd64 and image-amd64.
8. Install and Reboot
sudo dpkg -i *.deb
sudo reboot
davejingtian.org 
When apt-get source linux-image-$(uname -r) is fucked up for whatever reasons, an alternative solution is git: git clone git://kernel.ubuntu.com/ubuntu/ubuntu-$(lsb_release –codename | cut -f2).git
By default, apt-get source linux-image-$(uname -r) will try to get the signed copy and somehow it does not work on 16.04 and 18.04. Workaround: apt-get source linux-image-unsigned-$(uname -r).
Ref: https://askubuntu.com/questions/1171491/why-is-apt-source-picking-linux-signed-hwe-instead-of-a-real-kernel
Pingback: Ubuntu Kernel Build Again | davejingtian.org