| @@ -434,9 +434,6 Remove all `locale` translation files. | |||
|
|
434 | 434 | --- |
|
|
435 | 435 | |
|
|
436 | 436 | #### Encrypted root partition: |
|
|
437 | ##### `KERNEL_CRYPTFS`=false | |
|
|
438 | Enable Kernel Moduls for crypto | |
|
|
439 | ||
|
|
440 | 437 | ##### `ENABLE_CRYPTFS`=false |
|
|
441 | 438 | Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help. |
|
|
442 | 439 | |
| @@ -446,9 +443,12 Set password of the encrypted root partition. This parameter is mandatory if `EN | |||
|
|
446 | 443 | ##### `CRYPTFS_MAPPING`="secure" |
|
|
447 | 444 | Set name of dm-crypt managed device-mapper mapping. |
|
|
448 | 445 | |
|
|
449 |
##### `CRYPTFS_CIPHER`="aes-xts-plain64 |
|
|
|
446 | ##### `CRYPTFS_CIPHER`="aes-xts-plain64" | |
|
|
450 | 447 | Set cipher specification string. `aes-xts*` ciphers are strongly recommended. |
|
|
451 | 448 | |
|
|
449 | ##### `CRYPTFS_HASH`=sha512 | |
|
|
450 | Hash function and size to be used | |
|
|
451 | ||
|
|
452 | 452 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
|
453 | 453 | Sets key size in bits. The argument has to be a multiple of 8. |
|
|
454 | 454 | |
| @@ -223,7 +223,8 REDUCE_LOCALE=${REDUCE_LOCALE:=true} | |||
|
|
223 | 223 | ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false} |
|
|
224 | 224 | CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} |
|
|
225 | 225 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
|
226 |
CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64 |
|
|
|
226 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"} | |
|
|
227 | CRYPTFS_HASH=${CRYPTFS_HASH:=":sha512"} | |
|
|
227 | 228 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
|
228 | 229 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup |
|
|
229 | 230 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
