From f00be94729e50172d90181a180774fbca5df7c32 2019-10-27 21:18:36 From: Unknown Date: 2019-10-27 21:18:36 Subject: [PATCH] f --- diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index a67ad40..897d3b3 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -837,6 +837,9 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then # Initialize encrypted partition cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password + + # Update temporary loop device + ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" # Open encrypted partition and setup mapping cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" @@ -844,9 +847,6 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then # Secure delete password keyfile shred -zu .password - # Update temporary loop device - ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" - # Wipe encrypted partition (encryption cipher is used for randomness) dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" fi diff --git a/templates/RPI3+ b/templates/RPI3+ index f59d96b..00e2fd4 100644 --- a/templates/RPI3+ +++ b/templates/RPI3+ @@ -20,8 +20,8 @@ ENABLE_USBBOOT=false CRYPTFS_PASSWORD=Password123! CRYPTFS_DROPBEAR=true CRYPTFS_CIPHER=aes-xts-plain64 -CRYPTFS_HASH=sha512 -CRYPTFS_XTSKEYSIZE=512 +CRYPTFS_HASH=sha256 +CRYPTFS_XTSKEYSIZE=256 #CRYPTFS_DROPBEAR_PUBKEY=pathtokey HOSTNAME=RPI