From f00be94729e50172d90181a180774fbca5df7c32 2019-10-27 21:18:36
From: Unknown <xyz258@abwesend.de>
Date: 2019-10-27 21:18:36
Subject: [PATCH] f


---

diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh
index a67ad40..897d3b3 100755
--- a/rpi23-gen-image.sh
+++ b/rpi23-gen-image.sh
@@ -837,6 +837,9 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then
 
   # Initialize encrypted partition
   cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
+  
+  # Update temporary loop device
+  ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
 
   # Open encrypted partition and setup mapping
   cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
@@ -844,9 +847,6 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then
   # Secure delete password keyfile
   shred -zu .password
 
-  # Update temporary loop device
-  ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
-
   # Wipe encrypted partition (encryption cipher is used for randomness)
   dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
 fi
diff --git a/templates/RPI3+ b/templates/RPI3+
index f59d96b..00e2fd4 100644
--- a/templates/RPI3+
+++ b/templates/RPI3+
@@ -20,8 +20,8 @@ ENABLE_USBBOOT=false
 CRYPTFS_PASSWORD=Password123!
 CRYPTFS_DROPBEAR=true
 CRYPTFS_CIPHER=aes-xts-plain64
-CRYPTFS_HASH=sha512
-CRYPTFS_XTSKEYSIZE=512
+CRYPTFS_HASH=sha256
+CRYPTFS_XTSKEYSIZE=256
 #CRYPTFS_DROPBEAR_PUBKEY=pathtokey
 
 HOSTNAME=RPI