From 58d6d0dddb48b45237ddb4d9a560bc117e0a7b20 2019-10-25 22:46:35
From: Unknown <xyz258@abwesend.de>
Date: 2019-10-25 22:46:35
Subject: [PATCH] a
---

diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index 2802792..6b6faaa 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -464,22 +464,6 @@ if [ "$BUILD_KERNEL" = true ] ; then
         set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
 		set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
 		set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
-
-        set_kernel_config CONFIG_ARM64_CRYPTO y
-        set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
-        set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
-        set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
-        set_kernel_config CRYPTO_GHASH_ARM64_CE m
-        set_kernel_config CRYPTO_SHA2_ARM64_CE m
-        set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
-        set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
-        set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
-        set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
-        set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
-        set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
-        set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
-        set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
-        set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
       fi
 
       # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
@@ -657,22 +641,35 @@ if [ "$BUILD_KERNEL" = true ] ; then
         echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
 
         if [ "$ENABLE_CRYPTFS" = true ] ; then
-          {
-            echo "CONFIG_EMBEDDED=y"
-            echo "CONFIG_EXPERT=y"
-            echo "CONFIG_DAX=y"
-            echo "CONFIG_MD=y"
-            echo "CONFIG_BLK_DEV_MD=y"
-            echo "CONFIG_MD_AUTODETECT=y"
-            echo "CONFIG_BLK_DEV_DM=y"
-            echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
-            echo "CONFIG_DM_CRYPT=y"
-            echo "CONFIG_CRYPTO_BLKCIPHER=y"
-            echo "CONFIG_CRYPTO_CBC=y"
-            echo "CONFIG_CRYPTO_XTS=y"
-            echo "CONFIG_CRYPTO_SHA512=y"
-            echo "CONFIG_CRYPTO_MANAGER=y"
-          } >> "${KERNEL_DIR}"/.config
+		set_kernel_configCONFIG_EMBEDDED y
+		set_kernel_config CONFIG_EXPERT y
+		set_kernel_config CONFIG_DAX y
+		set_kernel_config CONFIG_MD y
+		set_kernel_config CONFIG_BLK_DEV_MD y
+		set_kernel_config CONFIG_MD_AUTODETECT y
+		set_kernel_config CONFIG_BLK_DEV_DM y
+		set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
+		set_kernel_config CONFIG_DM_CRYPT y
+		set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
+		set_kernel_config CONFIG_CRYPTO_CBC y
+		set_kernel_config CONFIG_CRYPTO_XTS y
+		set_kernel_config CONFIG_CRYPTO_SHA512 y
+		set_kernel_config CONFIG_CRYPTO_MANAGER y
+		set_kernel_config CONFIG_ARM64_CRYPTO y
+        set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
+        set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
+        set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
+        set_kernel_config CRYPTO_GHASH_ARM64_CE m
+        set_kernel_config CRYPTO_SHA2_ARM64_CE m
+        set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
+        set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
+        set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
+        set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
+        set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
+        set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
+        set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
+        set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
+        set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
         fi
       fi
 
diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh
index 9134da1..cb46d87 100644
--- a/bootstrap.d/14-fstab.sh
+++ b/bootstrap.d/14-fstab.sh
@@ -16,9 +16,6 @@ fi
 if [ "$ENABLE_USBBOOT" = true ] ; then
   sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
   sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
-
-  # Add usb/sda2 disk to crypttab
-  sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
 fi
 
 # Generate initramfs file
@@ -60,8 +57,8 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then
         # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
         sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
 
-        # Regenerate initramfs
-        #chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
+        #Regenerate initramfs
+        chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
       fi
     
       if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
@@ -106,7 +103,7 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then
     printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
 
     # Dummy mapping required by mkinitramfs
-    echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
+    echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}"
 
     # Generate initramfs with encrypted root partition support
     chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"