| @@ -434,9 +434,6 Remove all `locale` translation files. | |||||
| 434 | --- |
|
434 | --- | |
| 435 |
|
435 | |||
| 436 | #### Encrypted root partition: |
|
436 | #### Encrypted root partition: | |
| 437 | ##### `KERNEL_CRYPTFS`=false |
|
|||
| 438 | Enable Kernel Moduls for crypto |
|
|||
| 439 |
|
||||
| 440 | ##### `ENABLE_CRYPTFS`=false |
|
437 | ##### `ENABLE_CRYPTFS`=false | |
| 441 | Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help. |
|
438 | Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help. | |
| 442 |
|
439 | |||
| @@ -446,9 +443,12 Set password of the encrypted root partition. This parameter is mandatory if `EN | |||||
| 446 | ##### `CRYPTFS_MAPPING`="secure" |
|
443 | ##### `CRYPTFS_MAPPING`="secure" | |
| 447 | Set name of dm-crypt managed device-mapper mapping. |
|
444 | Set name of dm-crypt managed device-mapper mapping. | |
| 448 |
|
445 | |||
| 449 |
##### `CRYPTFS_CIPHER`="aes-xts-plain64 |
|
446 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64" | |
| 450 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. |
|
447 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. | |
| 451 |
|
448 | |||
|
|
449 | ##### `CRYPTFS_HASH`=sha512 | |||
|
|
450 | Hash function and size to be used | |||
|
|
451 | ||||
| 452 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
452 | ##### `CRYPTFS_XTSKEYSIZE`=512 | |
| 453 | Sets key size in bits. The argument has to be a multiple of 8. |
|
453 | Sets key size in bits. The argument has to be a multiple of 8. | |
| 454 |
|
454 | |||
| @@ -223,7 +223,8 REDUCE_LOCALE=${REDUCE_LOCALE:=true} | |||||
| 223 | ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} |
|
223 | ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} | |
| 224 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} |
|
224 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} | |
| 225 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
225 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} | |
| 226 |
CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64 |
|
226 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"} | |
|
|
227 | CRYPTFS_HASH=${CRYPTFS_HASH:=":sha512"} | |||
| 227 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
228 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} | |
| 228 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup |
|
229 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup | |
| 229 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} |
|
230 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} | |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
