##// END OF EJS Templates
a
Unknown -
r680:4a24244958f0
parent child
Show More
@@ -434,9 +434,6 Remove all `locale` translation files.
434 ---
434 ---
435
435
436 #### Encrypted root partition:
436 #### Encrypted root partition:
437 ##### `KERNEL_CRYPTFS`=false
438 Enable Kernel Moduls for crypto
439
440 ##### `ENABLE_CRYPTFS`=false
437 ##### `ENABLE_CRYPTFS`=false
441 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
438 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
442
439
@@ -446,9 +443,12 Set password of the encrypted root partition. This parameter is mandatory if `EN
446 ##### `CRYPTFS_MAPPING`="secure"
443 ##### `CRYPTFS_MAPPING`="secure"
447 Set name of dm-crypt managed device-mapper mapping.
444 Set name of dm-crypt managed device-mapper mapping.
448
445
449 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
446 ##### `CRYPTFS_CIPHER`="aes-xts-plain64"
450 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
447 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
451
448
449 ##### `CRYPTFS_HASH`=sha512
450 Hash function and size to be used
451
452 ##### `CRYPTFS_XTSKEYSIZE`=512
452 ##### `CRYPTFS_XTSKEYSIZE`=512
453 Sets key size in bits. The argument has to be a multiple of 8.
453 Sets key size in bits. The argument has to be a multiple of 8.
454
454
@@ -223,7 +223,8 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
223 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
223 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
224 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
224 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
225 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
225 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
226 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
226 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64"}
227 CRYPTFS_HASH=${CRYPTFS_HASH:=":sha512"}
227 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
228 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
228 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
229 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
229 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
230 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant