Raspi2-3_GenImage Commit - r458:17a59b052c06 · Collaboration Tremplin des Sciences

Unknown -

r458:17a59b052c06

parent child

Context file:

r458:17a59b052c06

README.md +1 -1

             # rpi23-gen-image
             ## Introduction
             `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for Raspberry Pi 2 (RPi2) and Raspberry Pi 3 (RPi3) computers. The script at this time supports the bootstrapping of the Debian (armhf) releases `stretch` and `buster`. Raspberry Pi 3 images are generated for 32-bit mode only. Raspberry Pi 3 64-bit images can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
             It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the RPi3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf) cross-compiler toolchain.
             The script has been tested using the default `crossbuild-essential-armhf` toolchain meta package on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
             ##### Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi23-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ./rpi23-gen-image.sh
             BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
             BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
             RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ```
             ## Configuration template files
             To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
             ##### Command-line examples:
             ```shell
             CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
             CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
             ```
             ## Supported parameters and settings
             #### APT settings:
             ##### `APT_SERVER`="ftp.debian.org/debian"
             Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
             ##### `APT_PROXY`=""
             Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
             ##### `APT_INCLUDES`=""
             A comma separated list of additional packages to be installed by debootstrap during bootstrapping.
             ##### `APT_INCLUDES_LATE`=""
             A comma separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up.  This is useful for packages with pre-depends, which debootstrap do not handle well.
             ---
             #### General system settings:
             ##### `SET_ARCH`=32
             Set Architecture to default 32bit. If you want to to compile 64bit (RPI3 or RPI3+) set it to `64`. This option will set every needed crosscompiler or boeard specific option for a successful build.
             If you want to change e.g. cross-compiler -> Templates always override defaults
             ##### `RPI_MODEL`=2
             Specifiy the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
             - `0`  = Used for Raspberry Pi 0 and Raspberry Pi 0 W
             - `1`  = Used for Pi 1 model A and B
             - `1P` = Used for Pi 1 model B+ and A+
             - `2`  = Used for Pi 2 model B
             - `3`  = Used for Pi 3 model B
             - `3P` = Used for Pi 3 model B+
             - `BUILD_KERNEL`=true will automatically be set if the Raspberry Pi model `3` or `3P` is used.
             ##### `RELEASE`="buster"
             Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
             ##### `RELEASE_ARCH`="armhf"
             Set the desired Debian release architecture.
             ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
             Set system host name. It's recommended that the host name is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
             Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
             ##### `USER_PASSWORD`="raspberry"
             Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
             Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             ##### `EXPANDROOT`=true
             Expand the root partition and filesystem automatically on first boot.
             ##### `ENABLE_QEMU`=false
             Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
             ---
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             ##### `XKB_MODEL`=""
             Set the name of the model of your keyboard type.
             ##### `XKB_LAYOUT`=""
             Set the supported keyboard layout(s).
             ##### `XKB_VARIANT`=""
             Set the supported variant(s) of the keyboard layout(s).
             ##### `XKB_OPTIONS`=""
             Set extra xkb configuration options.
             ---
             #### Networking settings (DHCP):
             This parameter is used to set up networking auto configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
             ##### `ENABLE_DHCP`=true
             Set the system to use DHCP. This requires an DHCP server.
             ---
             #### Networking settings (static):
             These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
             ##### `NET_ADDRESS`=""
             Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
             ##### `NET_GATEWAY`=""
             Set the IP address for the default gateway.
             ##### `NET_DNS_1`=""
             Set the IP address for the first DNS server.
             ##### `NET_DNS_2`=""
             Set the IP address for the second DNS server.
             ##### `NET_DNS_DOMAINS`=""
             Set the default DNS search domains to use for non fully qualified host names.
             ##### `NET_NTP_1`=""
             Set the IP address for the first NTP server.
             ##### `NET_NTP_2`=""
             Set the IP address for the second NTP server.
             ---
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
             Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
             ##### `ENABLE_PRINTK`=false
             Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
             ##### `ENABLE_BLUETOOTH`=false
             Enable onboard Bluetooth interface on the RPi0/3/3P. See: https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/
             ##### `ENABLE_MINIUART_OVERLAY`=false
             Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the cpu frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
             ##### `ENABLE_TURBO`=false
-            Enable Turbo mode. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
+            VOIDS WARRANTY! Enable Turbo mode - NO overclocking. This setting locks cpu at highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
             ##### `ENABLE_I2C`=false
             Enable I2C interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
             ##### `ENABLE_SPI`=false
             Enable SPI interface on the RPi2/3. Please check the [RPi2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
             ##### `ENABLE_IPV6`=true
             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
             ##### `ENABLE_NONFREE`=false
             Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
             ##### `ENABLE_WIRELESS`=false
             Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
             ##### `ENABLE_RSYSLOG`=true
             If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
             ##### `ENABLE_SOUND`=true
             Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
             Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
             Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
             Install Xorg open-source X Window System.
             ##### `ENABLE_WM`=""
             Install a user defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
             ##### `ENABLE_SYSVINIT`=false
             Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
             ---
             #### Advanced system features:
             ##### `ENABLE_MINBASE`=false
             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_REDUCE`=false
             Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
             ##### `ENABLE_UBOOT`=false
             Replace the default RPi2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `UBOOTSRC_DIR`=""
             Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `FBTURBOSRC_DIR`=""
             Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_VIDEOCORE`=false
             Install and enable the [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `VIDEOCORESRC_DIR`=""
             Path to a directory (`userland`) of [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_NEXMON`=false
             Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
             ##### `NEXMON_DIR`=""
             Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_USER`=true
             Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, username will be `pi`.
             ##### `USER_NAME`=pi
             Non-root user to create.  Ignored if `ENABLE_USER`=false
             ##### `ENABLE_ROOT`=false
             Set root user password so root login will be enabled
             ##### `ENABLE_HARDNET`=false
             Enable IPv4/IPv6 network stack hardening settings.
             ##### `ENABLE_SPLITFS`=false
             Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
             ##### `CHROOT_SCRIPTS`=""
             Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
             ##### `ENABLE_INITRAMFS`=false
             Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
             ##### `ENABLE_IFNAMES`=true
             Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
             ##### `DISABLE_UNDERVOLT_WARNINGS`=
             Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
             ---
             #### SSH settings:
             ##### `SSH_ENABLE_ROOT`=false
             Enable password root login via SSH. This may be a security risk with default password, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
             ##### `SSH_DISABLE_PASSWORD_AUTH`=false
             Disable password based SSH authentication. Only public key based SSH (v2) authentication will be supported.
             ##### `SSH_LIMIT_USERS`=false
             Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
             ##### `SSH_ROOT_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
             ##### `SSH_USER_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
             ---
             #### Kernel compilation:
             ##### `BUILD_KERNEL`=true
             Build and install the latest RPi2/3 Linux kernel. Currently only the default RPi2/3 kernel configuration is used.
             ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
             This sets the cross compile enviornment for the compiler.
             ##### `KERNEL_ARCH`="arm"
             This sets the kernel architecture for the compiler.
             ##### `KERNEL_IMAGE`="kernel7.img"
             Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
             ##### `KERNEL_BRANCH`=""
             Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
             ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
             Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
             ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
             Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
             ##### `KERNEL_REDUCE`=false
             Reduce the size of the generated kernel by removing unwanted device, network and filesystem drivers (experimental).
             ##### `KERNEL_THREADS`=1
             Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
             ##### `KERNEL_HEADERS`=true
             Install kernel headers with built kernel.
             ##### `KERNEL_MENUCONFIG`=false
             Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
             ##### `KERNEL_OLDDEFCONFIG`=false
             Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
             ##### `KERNEL_CCACHE`=false
             Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
             ##### `KERNEL_REMOVESRC`=true
             Remove all kernel sources from the generated OS image after it was built and installed.
             ##### `KERNELSRC_DIR`=""
             Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
             ##### `KERNELSRC_CLEAN`=false
             Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_CONFIG`=true
             Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_USRCONFIG`=""
             Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
             ##### `KERNELSRC_PREBUILT`=false
             With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
             ##### `RPI_FIRMWARE_DIR`=""
             The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
             ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
             Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
             ##### `KERNEL_NF`=false
             Enable Netfilter modules as kernel modules
             ##### `KERNEL_VIRT`=false
             Enable Kernel KVM support (/dev/kvm)
             ##### `KERNEL_ZSWAP`=false
             Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
             ##### `KERNEL_BPF`=true
             Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
             ---
             #### Reduce disk usage:
             The following list of parameters is ignored if `ENABLE_REDUCE`=false.
             ##### `REDUCE_APT`=true
             Configure APT to use compressed package repository lists and no package caching files.
             ##### `REDUCE_DOC`=true
             Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
             ##### `REDUCE_MAN`=true
             Remove all man pages and info files (harsh).  Configure APT to not include man pages on future `apt-get` package installations.
             ##### `REDUCE_VIM`=false
             Replace `vim-tiny` package by `levee` a tiny vim clone.
             ##### `REDUCE_BASH`=false
             Remove `bash` package and switch to `dash` shell (experimental).
             ##### `REDUCE_HWDB`=true
             Remove PCI related hwdb files (experimental).
             ##### `REDUCE_SSHD`=true
             Replace `openssh-server` with `dropbear`.
             ##### `REDUCE_LOCALE`=true
             Remove all `locale` translation files.
             ---
             #### Encrypted root partition:
             ##### `ENABLE_CRYPTFS`=false
             Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
             ##### `CRYPTFS_PASSWORD`=""
             Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
             ##### `CRYPTFS_MAPPING`="secure"
             Set name of dm-crypt managed device-mapper mapping.
             ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
             Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
             ##### `CRYPTFS_XTSKEYSIZE`=512
             Sets key size in bits. The argument has to be a multiple of 8.
             ##### `CRYPTFS_DROPBEAR`=false
             Enable Dropbear Initramfs support
             ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
             Provide path to dropbear Public RSA-OpenSSH Key
             ---
             #### Build settings:
             ##### `BASEDIR`=$(pwd)/images/${RELEASE}
             Set a path to a working directory used by the script to generate an image.
             ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
             Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
             ## Understanding the script
             The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
             | Script | Description |
             | --- | --- |
             | `10-bootstrap.sh` | Debootstrap basic system |
             | `11-apt.sh` | Setup APT repositories |
             | `12-locale.sh` | Setup Locales and keyboard settings |
             | `13-kernel.sh` | Build and install RPi2/3 Kernel |
             | `14-fstab.sh` | Setup fstab and initramfs |
             | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline |
             | `20-networking.sh` | Setup Networking |
             | `21-firewall.sh` | Setup Firewall |
             | `30-security.sh` | Setup Users and Security settings |
             | `31-logging.sh` | Setup Logging |
             | `32-sshd.sh` | Setup SSH and public keys |
             | `41-uboot.sh` | Build and Setup U-Boot |
             | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
             | `50-firstboot.sh` | First boot actions |
             | `99-reduce.sh` | Reduce the disk space usage |
             All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
             | Directory | Description |
             | --- | --- |
             | `apt` | APT management configuration files |
             | `boot` | Boot and RPi2/3 configuration files |
             | `dpkg` | Package Manager configuration |
             | `etc` | Configuration files and rc scripts |
             | `firstboot` | Scripts that get executed on first boot  |
             | `initramfs` | Initramfs scripts |
             | `iptables` | Firewall configuration files |
             | `locales` | Locales configuration |
             | `modules` | Kernel Modules configuration |
             | `mount` | Fstab configuration |
             | `network` | Networking configuration files |
             | `sysctl.d` | Swapping and Network Hardening configuration |
             | `xorg` | fbturbo Xorg driver configuration |
             ## Custom packages and scripts
             Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
             Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
             After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             ##### Flashing examples:
             ```shell
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
             dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
             ```
             If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
             ```shell
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
             ```
             ## QEMU emulation
             Start QEMU full system emulation:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
             ```
             Start QEMU full system emulation and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with SMP and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with cryptfs, initramfs and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             ## External links and references
             * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
             * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
             * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
             * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
             * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
             * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
             * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
             * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
             * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)

bootstrap.d/13-kernel.sh +2 -1

             #
             # Build and Setup RPi2/3 Kernel
             #
             # Load utility functions
             . ./functions.sh
             # Fetch and build latest raspberry kernel
             if [ "$BUILD_KERNEL" = true ] ; then
               # Setup source directory
               mkdir -p "${KERNEL_DIR}"
               # Copy existing kernel sources into chroot directory
               if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
                 # Copy kernel sources and include hidden files
                 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
                 # Clean the kernel sources
                 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
                 fi
               else # KERNELSRC_DIR=""
                 # Create temporary directory for kernel sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch current RPi2/3 kernel sources
                 if [ -z "${KERNEL_BRANCH}" ] ; then
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
                 else
                   as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
                 fi
                 # Copy downloaded kernel sources
                 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/usr/src"
               fi
               # Calculate optimal number of kernel building threads
               if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
                 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
               fi
               # Configure and build kernel
               if [ "$KERNELSRC_PREBUILT" = false ] ; then
                 # Remove device, network and filesystem drivers from kernel configuration
                 if [ "$KERNEL_REDUCE" = true ] ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   sed -i\
                   -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
                   -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
                   -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
                   "${KERNEL_DIR}/.config"
                 fi
                 if [ "$KERNELSRC_CONFIG" = true ] ; then
                   # Load default raspberry kernel configuration
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
                   #Switch to KERNELSRC_DIR so we can use set_kernel_config
                   cd "${KERNEL_DIR}" || exit
             	  # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
                   if [ "$KERNEL_ZSWAP" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
                     set_kernel_config CONFIG_ZPOOL y
                     set_kernel_config CONFIG_ZSWAP y
                     set_kernel_config CONFIG_ZBUD y
                     set_kernel_config CONFIG_Z3FOLD y
                     set_kernel_config CONFIG_ZSMALLOC y
                     set_kernel_config CONFIG_PGTABLE_MAPPING y
             	  fi
                   # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
             	  if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
                     set_kernel_config CONFIG_VIRTUALIZATION y
                     set_kernel_config CONFIG_KVM y
                     set_kernel_config CONFIG_VHOST_NET m
                     set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
             	  fi
                   # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
             	  if [ "$KERNEL_NF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
             		set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
             		set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
             		set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
+            		set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
             		set_kernel_config CONFIG_NFT_FIB_INET m
             		set_kernel_config CONFIG_NFT_FIB_IPV4 m
             		set_kernel_config CONFIG_NFT_FIB_IPV6 m
             		set_kernel_config CONFIG_NFT_FIB_NETDEV m
             		set_kernel_config CONFIG_NFT_OBJREF m
             		set_kernel_config CONFIG_NFT_RT m
             		set_kernel_config CONFIG_NFT_SET_BITMAP m
-            		set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT m
+            		set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
             		set_kernel_config CONFIG_NF_LOG_ARP m
             		set_kernel_config CONFIG_NF_SOCKET_IPV4 m
             		set_kernel_config CONFIG_NF_SOCKET_IPV6 m
                     set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
                     set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
                     set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
                     set_kernel_config CONFIG_IP6_NF_IPTABLES m
                     set_kernel_config CONFIG_IP6_NF_MATCH_AH m
                     set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
                     set_kernel_config CONFIG_IP6_NF_NAT m
                     set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
                     set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
                     set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
                     set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
                     set_kernel_config CONFIG_IP_SET_HASH_IP m
                     set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
                     set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
                     set_kernel_config CONFIG_IP_SET_HASH_MAC m
                     set_kernel_config CONFIG_IP_SET_HASH_NET m
                     set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
                     set_kernel_config CONFIG_IP_SET_HASH_NETNET m
                     set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
                     set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
                     set_kernel_config CONFIG_IP_SET_LIST_SET m
                     set_kernel_config CONFIG_NETFILTER_XTABLES m
                     set_kernel_config CONFIG_NETFILTER_XTABLES m
                     set_kernel_config CONFIG_NFT_BRIDGE_META m
                     set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
                     set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
                     set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
                     set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
                     set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
                     set_kernel_config CONFIG_NFT_COMPAT m
                     set_kernel_config CONFIG_NFT_COUNTER m
                     set_kernel_config CONFIG_NFT_CT m
                     set_kernel_config CONFIG_NFT_DUP_IPV4 m
                     set_kernel_config CONFIG_NFT_DUP_IPV6 m
                     set_kernel_config CONFIG_NFT_DUP_NETDEV m
                     set_kernel_config CONFIG_NFT_EXTHDR m
                     set_kernel_config CONFIG_NFT_FWD_NETDEV m
                     set_kernel_config CONFIG_NFT_HASH m
                     set_kernel_config CONFIG_NFT_LIMIT m
                     set_kernel_config CONFIG_NFT_LOG m
                     set_kernel_config CONFIG_NFT_MASQ m
                     set_kernel_config CONFIG_NFT_MASQ_IPV4 m
                     set_kernel_config CONFIG_NFT_MASQ_IPV6 m
                     set_kernel_config CONFIG_NFT_META m
                     set_kernel_config CONFIG_NFT_NAT m
                     set_kernel_config CONFIG_NFT_NUMGEN m
                     set_kernel_config CONFIG_NFT_QUEUE m
                     set_kernel_config CONFIG_NFT_QUOTA m
                     set_kernel_config CONFIG_NFT_REDIR m
                     set_kernel_config CONFIG_NFT_REDIR_IPV4 m
                     set_kernel_config CONFIG_NFT_REDIR_IPV6 m
                     set_kernel_config CONFIG_NFT_REJECT m
                     set_kernel_config CONFIG_NFT_REJECT_INET m
                     set_kernel_config CONFIG_NFT_REJECT_IPV4 m
                     set_kernel_config CONFIG_NFT_REJECT_IPV6 m
                     set_kernel_config CONFIG_NFT_SET_HASH m
                     set_kernel_config CONFIG_NFT_SET_RBTREE m
                     set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
                     set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
                     set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
                     set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
                     set_kernel_config CONFIG_NF_DUP_IPV4 m
                     set_kernel_config CONFIG_NF_DUP_IPV6 m
                     set_kernel_config CONFIG_NF_DUP_NETDEV m
                     set_kernel_config CONFIG_NF_LOG_BRIDGE m
                     set_kernel_config CONFIG_NF_LOG_IPV4 m
                     set_kernel_config CONFIG_NF_LOG_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_IPV4 m
                     set_kernel_config CONFIG_NF_NAT_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
                     set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
                     set_kernel_config CONFIG_NF_NAT_PPTP m
                     set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
                     set_kernel_config CONFIG_NF_NAT_REDIRECT m
                     set_kernel_config CONFIG_NF_NAT_SIP m
                     set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
                     set_kernel_config CONFIG_NF_NAT_TFTP m
                     set_kernel_config CONFIG_NF_REJECT_IPV4 m
                     set_kernel_config CONFIG_NF_REJECT_IPV6 m
                     set_kernel_config CONFIG_NF_TABLES m
                     set_kernel_config CONFIG_NF_TABLES_ARP m
                     set_kernel_config CONFIG_NF_TABLES_BRIDGE m
                     set_kernel_config CONFIG_NF_TABLES_INET m
                     set_kernel_config CONFIG_NF_TABLES_IPV4 m
                     set_kernel_config CONFIG_NF_TABLES_IPV6 m
                     set_kernel_config CONFIG_NF_TABLES_NETDEV m
                   fi
             	  # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
             	  if [ "$KERNEL_BPF" = true ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
                     set_kernel_config CONFIG_BPF_SYSCALL y
             		set_kernel_config CONFIG_BPF_EVENTS y
             		set_kernel_config CONFIG_BPF_STREAM_PARSER y
             	    set_kernel_config CONFIG_CGROUP_BPF y
             	  fi
             	  # KERNEL_DEFAULT_GOV was set by user
             	  if ! [ "$KERNEL_DEFAULT_GOV" = POWERSAVE ] && [ -n "$KERNEL_DEFAULT_GOV" ]; then
             	    # unset default governor
             	    unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
             	    case "$KERNEL_DEFAULT_GOV" in
                       "PERFORMANCE")
             	        set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
                         ;;
                       "USERSPACE")
                         set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
                         ;;
                       "ONDEMAND")
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
                         ;;
                       "CONSERVATIVE")
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
             		    ;;
                       "CONSERVATIVE")
             		    set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
                         ;;
                       *)
                         echo "error: unsupported default cpu governor"
                         exit 1
                         ;;
                     esac
             	  fi
             	  #Revert to previous directory
             	  cd "${WORKDIR}" || exit
                   # Set kernel configuration parameters to enable qemu emulation
                   if [ "$ENABLE_QEMU" = true ] ; then
                     echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
                     echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
                     if [ "$ENABLE_CRYPTFS" = true ] ; then
                       {
                         echo "CONFIG_EMBEDDED=y"
                         echo "CONFIG_EXPERT=y"
                         echo "CONFIG_DAX=y"
                         echo "CONFIG_MD=y"
                         echo "CONFIG_BLK_DEV_MD=y"
                         echo "CONFIG_MD_AUTODETECT=y"
                         echo "CONFIG_BLK_DEV_DM=y"
                         echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
                         echo "CONFIG_DM_CRYPT=y"
                         echo "CONFIG_CRYPTO_BLKCIPHER=y"
                         echo "CONFIG_CRYPTO_CBC=y"
                         echo "CONFIG_CRYPTO_XTS=y"
                         echo "CONFIG_CRYPTO_SHA512=y"
                         echo "CONFIG_CRYPTO_MANAGER=y"
                       } >> "${KERNEL_DIR}"/.config
                     fi
                   fi
                   # Copy custom kernel configuration file
                   if [ -n "$KERNELSRC_USRCONFIG" ] ; then
                     cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
                   fi
                   # Set kernel configuration parameters to their default values
                   if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
                   fi
                   # Start menu-driven kernel configuration (interactive)
                   if [ "$KERNEL_MENUCONFIG" = true ] ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
                   fi
             	# end if "$KERNELSRC_CONFIG" = true
                 fi
                 # Use ccache to cross compile the kernel
                 if [ "$KERNEL_CCACHE" = true ] ; then
                   cc="ccache ${CROSS_COMPILE}gcc"
                 else
                   cc="${CROSS_COMPILE}gcc"
                 fi
                 # Cross compile kernel and dtbs
                 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
                 # Cross compile kernel modules
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
                 fi
               # end if "$KERNELSRC_PREBUILT" = false
               fi
               # Check if kernel compilation was successful
               if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
                 echo "error: kernel compilation failed! (kernel image not found)"
                 cleanup
                 exit 1
               fi
               # Install kernel modules
               if [ "$ENABLE_REDUCE" = true ] ; then
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
                 fi
               else
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
                 fi
                 # Install kernel firmware
                 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
                   make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
                 fi
               fi
               # Install kernel headers
               if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
                 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
               fi
             # make tar.gz kernel package - missing os bzw. modules
             #** ** **  WARNING  ** ** **
             #Your architecture did not define any architecture-dependent files
             #to be placed into the tarball. Please add those to ./scripts/package/buildtar .
             #  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
               # Prepare boot (firmware) directory
               mkdir "${BOOT_DIR}"
               # Get kernel release version
               KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
               # Copy kernel configuration file to the boot directory
               install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
               # Prepare device tree directory
               mkdir "${BOOT_DIR}/overlays"
               # Ensure the proper .dtb is located
               if [ "$KERNEL_ARCH" = "arm" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               else
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/"
                   fi
                 done
               fi
               # Copy compiled dtb device tree files
               if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
                 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
                   fi
                 done
                 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
                   install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
                 fi
               fi
               if [ "$ENABLE_UBOOT" = false ] ; then
                 # Convert and copy kernel image to the boot directory
                 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               else
                 # Copy kernel image to the boot directory
                 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
               fi
               # Remove kernel sources
               if [ "$KERNEL_REMOVESRC" = true ] ; then
                 rm -fr "${KERNEL_DIR}"
               else
                 # Prepare compiled kernel modules
                 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
                   if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
                     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
                   fi
                   # Create symlinks for kernel modules
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
                   chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
                 fi
               fi
             else # BUILD_KERNEL=false
               #  echo Install precompiled kernel...
               #  echo error: not implemented
               if [ "$KERNEL_ARCH" = arm64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
                 # Create temporary directory for dl
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch kernel dl
                 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
                 #extract download
                 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
                 #move extracted kernel to /boot/firmware
                 mkdir "${R}/boot/firmware"
                 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
                 cp -r "${temp_dir}"/lib/* "${R}"/lib/
                 # Remove temporary directory for kernel sources
                 rm -fr "${temp_dir}"
                 # Set permissions of the kernel sources
                 chown -R root:root "${R}/boot/firmware"
                 chown -R root:root "${R}/lib/modules"
                 #Create cmdline.txt for 15-rpi-config.sh
                 touch "${BOOT_DIR}/cmdline.txt"
               fi
               # Check if kernel installation was successful
               KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
               if [ -z "$KERNEL" ] ; then
                 echo "error: kernel installation failed! (/boot/kernel* not found)"
                 cleanup
                 exit 1
               fi
             fi

bootstrap.d/15-rpi-config.sh +3 0

             #
             # Setup RPi2/3 config and cmdline
             #
             # Load utility functions
             . ./functions.sh
             if [ "$BUILD_KERNEL" = true ] ; then
               if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
                 # Install boot binaries from local directory
                 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
                 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
                 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
                 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
                 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
                 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
                 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
               else
                 # Create temporary directory for boot binaries
                 temp_dir=$(as_nobody mktemp -d)
                 # Install latest boot binaries from raspberry/firmware github
                 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
                 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
                 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
                 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
                 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
                 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
                 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
                 # Move downloaded boot binaries
                 mv "${temp_dir}/"* "${BOOT_DIR}/"
                 # Remove temporary directory for boot binaries
                 rm -fr "${temp_dir}"
                 # Set permissions of the boot binaries
                 chown -R root:root "${BOOT_DIR}"
                 chmod -R 600 "${BOOT_DIR}"
               fi
             fi
             # Setup firmware boot cmdline
             if [ "$ENABLE_UBOOTUSB" = true ] ; then
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
             else
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
               else
                 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
               fi
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
                 if [ "$ENABLE_UBOOTUSB" = true ] ; then
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
                 else
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
                 fi
               fi
             fi
             #locks cpu at max frequency
             if [ "$ENABLE_TURBO" = true ] ; then
               echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
+              # helps to avoid sdcard corruption when force_turbo is enabled.
+              echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
             fi
             if [ "$ENABLE_PRINTK" = true ] ; then
               install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
             fi
             # Install udev rule for serial alias
             install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
               # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
               SET_SERIAL="ttyS0"
               # Bluetooth enabled
               if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 # Create temporary directory for Bluetooth sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch Bluetooth sources
                 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
                 # Copy downloaded sources
                 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
                 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
                 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
                 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
                 # Set permissions
                 chown -R root:root "${R}/tmp/pi-bluetooth"
                 # Install tools
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
                 # Install bluetooth udev rule
                 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
                 # Install Firmware Flash file and apropiate licence
                 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
                 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
                 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
                 # Remove temporary directory
                 rm -fr "${temp_dir}"
                 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
                 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
             	  SET_SERIAL="ttyAMA0"
             	  # set overlay to swap ttyAMA0 and ttyS0
                   echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
             	  # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
             	  if [ "$ENABLE_TURBO" = false ] ; then
             	    echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
             	  fi
             	  # Activate services
             	  chroot_exec systemctl enable pi-bluetooth.hciuart.service
             	  #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
             	else
             	  chroot_exec systemctl enable pi-bluetooth.hciuart.service
             	  #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
             	fi
               else # if ENABLE_BLUETOOTH = false
               	# set overlay to disable bluetooth
                 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
               fi # ENABLE_BLUETOOTH end
             else
               # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
               SET_SERIAL="ttyAMA0"
             fi
             # may need sudo systemctl disable hciuart
             if [ "$ENABLE_CONSOLE" = true ] ; then
               echo "enable_uart=1"  >> "${BOOT_DIR}/config.txt"
               # add string to cmdline
               CMDLINE="${CMDLINE} console=serial0,115200"
               # Enable serial console systemd style
               chroot_exec systemctl enable serial-getty@"$SET_SERIAL".service
             else
               echo "enable_uart=0"  >> "${BOOT_DIR}/config.txt"
               # disable serial console systemd style
               chroot_exec systemctl disable serial-getty@"$SET_SERIAL".service
             fi
             # Remove IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             # Automatically assign predictable network interface names
             if [ "$ENABLE_IFNAMES" = false ] ; then
               CMDLINE="${CMDLINE} net.ifnames=0"
             else
               CMDLINE="${CMDLINE} net.ifnames=1"
             fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
             # Install firmware config
             install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
             fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
             mkdir -p "${LIB_DIR}/modules-load.d/"
             install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             else
               echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
             fi
             # Enable I2C interface
             if [ "$ENABLE_I2C" = true ] ; then
               echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
               sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Enable SPI interface
             if [ "$ENABLE_SPI" = true ] ; then
               echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
               echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
               if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
                 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               fi
             fi
             # Disable RPi2/3 under-voltage warnings
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETC_DIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/44-nexmon_monitor_patch.sh +29 -9

             #!/bin/sh
             #
             # Build and Setup nexmon with monitor mode patch
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
               # Create temporary directory for nexmon sources
               temp_dir=$(as_nobody mktemp -d)
               # Fetch nexmon sources
               as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
               # Copy downloaded nexmon sources
               mv "${temp_dir}/nexmon" "${R}"/tmp/
               # Set permissions of the nexmon sources
               chown -R root:root "${R}"/tmp/nexmon
               # Set script Root
-              NEXMON_ROOT="${R}"/tmp/nexmon
+              export NEXMON_ROOT="${R}"/tmp/nexmon
               # Remove temporary directory for nexmon sources
               rm -fr "${temp_dir}"
               # Build nexmon firmware outside the build system, if we can.
               cd "${NEXMON_ROOT}" || exit
               # Disable statistics
               touch DISABLE_STATISTICS
               # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
               #ARCH="${KERNEL_ARCH}"
               #SUBARCH="${KERNEL_ARCH}"
-              KERNEL="${KERNEL_IMAGE}"
+              export KERNEL="${KERNEL_IMAGE}"
-              ARCH=arm
+              export ARCH=arm
-              SUBARCH=arm
+              export SUBARCH=arm
-              CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
+              export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
-              CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
+              export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
-              ZLIBFLATE="zlib-flate -compress"
+              export ZLIBFLATE="zlib-flate -compress"
-              Q=@
+              export Q=@
-              NEXMON_SETUP_ENV=1
+              export NEXMON_SETUP_ENV=1
+              export HOSTUNAME=$(uname -s)
+              export PLATFORMUNAME=$(uname -m)
               #. ./setup_env.sh
               # Make nexmon
               make
               # Make ancient isl build
               cd buildtools/isl-0.10 || exit
               CC="${CC}"gcc
               ./configure
               make
               # build patches
               if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
                 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
                 make clean
                 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
                 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
                 # copy RPi0W & RPi3 firmware
             	mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
                 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
                 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
               fi
               if [ "$RPI_MODEL" = 3P ] ; then
                 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
                 make clean
             	# We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
                 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
                 # RPi3B+ firmware
             	mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
                 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
                 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
               fi
+              # Install kernel module
+              "${LIB_DIR}"/modules/${KERNEL_VERSION}/
             #Revert to previous directory
             cd "${WORKDIR}" || exit
             fi
+            ## To make the RPi load the modified driver after reboot
+            # Find the path of the default driver at reboot
+            # e.g. '/lib/modules/4.14.71-v7+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko'
+            PATH_OF_DEFAULT_DRIVER_AT_REBOOT=$(modinfo brcmfmac | grep -m 1 -oP "^filename:(\s*?)(.*)$" | sed -e 's/^filename:\(\s*\)\(.*\)$/\2/g')
+            # Backup the original driver
+            mv $PATH_OF_DEFAULT_DRIVER_AT_REBOOT "$PATH_OF_DEFAULT_DRIVER_AT_REBOOT.orig"
+            # Copy the modified driver (Kernel 4.14)
+            if is_pizero ; then
+                cp ./patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko $PATH_OF_DEFAULT_DRIVER_AT_REBOOT
+            else
+                cp ./patches/bcm43455c0/7_45_154/nexmon/brcmfmac_4.14.y-nexmon/brcmfmac.ko $PATH_OF_DEFAULT_DRIVER_AT_REBOOT
+            fi
+            # Probe all modules and generate new dependency
+            depmod -a
  No newline at end of file

functions.sh +1 -1

             #!/bin/sh
             # This file contains utility functions used by rpi23-gen-image.sh
             cleanup (){
               set +x
               set +e
               # Identify and kill all processes still using files
               echo "killing processes using mount point ..."
               fuser -k "${R}"
               sleep 3
               fuser -9 -k -v "${R}"
               # Clean up temporary .password file
               if [ -r ".password" ] ; then
                 shred -zu .password
               fi
               # Clean up all temporary mount points
               echo "removing temporary mount points ..."
               umount -l "${R}/proc" 2> /dev/null
               umount -l "${R}/sys" 2> /dev/null
               umount -l "${R}/dev/pts" 2> /dev/null
               umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
               umount "$BUILDDIR/mount" 2> /dev/null
               cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
               losetup -d "$ROOT_LOOP" 2> /dev/null
               losetup -d "$FRMW_LOOP" 2> /dev/null
               trap - 0 1 2 3 6
             }
             chroot_exec() {
               # Exec command in chroot
               LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
             }
             as_nobody() {
               # Exec command as user nobody
               sudo -E -u nobody LANG=C LC_ALL=C "$@"
             }
             install_readonly() {
               # Install file with user read-only permissions
               install -o root -g root -m 644 "$@"
             }
             install_exec() {
               # Install file with root exec permissions
               install -o root -g root -m 744 "$@"
             }
             use_template () {
               # Test if configuration template file exists
               if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
                 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
                 exit 1
               fi
               # Load template configuration parameters
               . "./templates/${CONFIG_TEMPLATE}"
             }
             chroot_install_cc() {
               # Install c/c++ build environment inside the chroot
               if [ -z "${COMPILER_PACKAGES}" ] ; then
                 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
             	# Install COMPILER_PACKAGES in chroot
                 chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
               fi
             }
             chroot_remove_cc() {
               # Remove c/c++ build environment from the chroot
               if [ -n "${COMPILER_PACKAGES}" ] ; then
                 chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
                 COMPILER_PACKAGES=""
               fi
             }
             #GPL v2.0
             #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
             set_kernel_config() {
               # flag as $1, value to set as $2, config must exist at "./.config"
-              TGT="${1}"
+              TGT="CONFIG_${1#CONFIG_}"
               REP="${2}"
               if grep -q "^${TGT}[^_]" .config; then
                 sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
               else
                 echo "${TGT}"="${2}" >> .config
               fi
             }
             unset_kernel_config() {
               # unsets flag with the value of $1, config must exist at "./.config"
               TGT="CONFIG_${1#CONFIG_}"
               sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
             }
             #

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages