Raspi2-3_GenImage Commit - r280:4b5b78dca118 · Collaboration Tremplin des Sciences

1

#

1

#

2

# Setup RPi2/3 config and cmdline

2

# Setup RPi2/3 config and cmdline

3

#

3

#

4

5

# Load utility functions

5

# Load utility functions

6

. ./functions.sh

6

. ./functions.sh

7

8

if [ "$BUILD_KERNEL" = true ] ; then

8

if [ "$BUILD_KERNEL" = true ] ; then

9

if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then

9

if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then

10

# Install boot binaries from local directory

10

# Install boot binaries from local directory

11

cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin

11

cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin

12

cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat

12

cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat

13

cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat

13

cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat

14

cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat

14

cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat

15

cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf

15

cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf

16

cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf

16

cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf

17

cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf

17

cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf

18

else

18

else

19

# Create temporary directory for boot binaries

19

# Create temporary directory for boot binaries

20

temp_dir=$(as_nobody mktemp -d)

20

temp_dir=$(as_nobody mktemp -d)

21

22

# Install latest boot binaries from raspberry/firmware github

22

# Install latest boot binaries from raspberry/firmware github

23

as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"

23

as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"

24

as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"

24

as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"

25

as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"

25

as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"

26

as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"

26

as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"

27

as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"

27

as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"

28

as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"

28

as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"

29

as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"

29

as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"

30

31

# Move downloaded boot binaries

31

# Move downloaded boot binaries

32

mv "${temp_dir}/"* "${BOOT_DIR}/"

32

mv "${temp_dir}/"* "${BOOT_DIR}/"

33

34

# Remove temporary directory for boot binaries

34

# Remove temporary directory for boot binaries

35

rm -fr "${temp_dir}"

35

rm -fr "${temp_dir}"

36

37

# Set permissions of the boot binaries

37

# Set permissions of the boot binaries

38

chown -R root:root "${BOOT_DIR}"

38

chown -R root:root "${BOOT_DIR}"

39

chmod -R 600 "${BOOT_DIR}"

39

chmod -R 600 "${BOOT_DIR}"

40

fi

40

fi

41

fi

41

fi

42

43

# Setup firmware boot cmdline

43

# Setup firmware boot cmdline

44

if [ "$ENABLE_SPLITFS" = true ] ; then

44

if [ "$ENABLE_SPLITFS" = true ] ; then

45

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"

45

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"

46

else

46

else

47

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"

47

CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"

48

fi

48

fi

49

50

# Add encrypted root partition to cmdline.txt

50

# Add encrypted root partition to cmdline.txt

51

if [ "$ENABLE_CRYPTFS" = true ] ; then

51

if [ "$ENABLE_CRYPTFS" = true ] ; then

52

if [ "$ENABLE_SPLITFS" = true ] ; then

52

if [ "$ENABLE_SPLITFS" = true ] ; then

53

CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")

53

CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")

54

else

54

else

55

CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")

55

CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")

56

fi

56

fi

57

fi

57

fi

58

59

# Add serial console support

59

# Add serial console support

60

if [ "$ENABLE_CONSOLE" = true ] ; then

60

if [ "$ENABLE_CONSOLE" = true ] ; then

61

CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"

61

CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"

62

fi

62

fi

63

64

# Remove IPv6 networking support

64

# Remove IPv6 networking support

65

if [ "$ENABLE_IPV6" = false ] ; then

65

if [ "$ENABLE_IPV6" = false ] ; then

66

CMDLINE="${CMDLINE} ipv6.disable=1"

66

CMDLINE="${CMDLINE} ipv6.disable=1"

67

fi

67

fi

68

69

# Automatically assign predictable network interface names

69

# Automatically assign predictable network interface names

70

if [ "$ENABLE_IFNAMES" = false ] ; then

70

if [ "$ENABLE_IFNAMES" = false ] ; then

71

CMDLINE="${CMDLINE} net.ifnames=0"

71

CMDLINE="${CMDLINE} net.ifnames=0"

72

else

72

else

73

CMDLINE="${CMDLINE} net.ifnames=1"

73

CMDLINE="${CMDLINE} net.ifnames=1"

74

fi

74

fi

75

76

# Set init to systemd if required by Debian release

76

# Set init to systemd if required by Debian release

77

if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then

77

if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then

78

CMDLINE="${CMDLINE} init=/bin/systemd"

78

CMDLINE="${CMDLINE} init=/bin/systemd"

79

fi

79

fi

80

81

# Install firmware boot cmdline

81

# Install firmware boot cmdline

82

echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"

82

echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"

83

84

# Install firmware config

84

# Install firmware config

85

install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"

85

install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"

86

87

# Setup minimal GPU memory allocation size: 16MB (no X)

87

# Setup minimal GPU memory allocation size: 16MB (no X)

88

if [ "$ENABLE_MINGPU" = true ] ; then

88

if [ "$ENABLE_MINGPU" = true ] ; then

89

echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"

89

echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"

90

fi

90

fi

91

92

# Setup boot with initramfs

92

# Setup boot with initramfs

93

if [ "$ENABLE_INITRAMFS" = true ] ; then

93

if [ "$ENABLE_INITRAMFS" = true ] ; then

94

echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"

94

echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"

95

fi

95

fi

96

97

# Disable RPi3 Bluetooth and restore ttyAMA0 serial device

97

# Disable RPi3 Bluetooth and restore ttyAMA0 serial device

98

if [ "$RPI_MODEL" = 3 ] ; then

98

if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then

99

if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then

99

if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then

100

echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"

100

echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"

101

echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"

101

echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"

102

fi

102

fi

103

fi

103

fi

104

105

# Create firmware configuration and cmdline symlinks

105

# Create firmware configuration and cmdline symlinks

106

ln -sf firmware/config.txt "${R}/boot/config.txt"

106

ln -sf firmware/config.txt "${R}/boot/config.txt"

107

ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"

107

ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"

108

109

# Install and setup kernel modules to load at boot

109

# Install and setup kernel modules to load at boot

110

mkdir -p "${R}/lib/modules-load.d/"

110

mkdir -p "${R}/lib/modules-load.d/"

111

install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"

111

install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"

112

113

# Load hardware random module at boot

113

# Load hardware random module at boot

114

if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then

114

if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then

115

sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"

115

sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"

116

fi

116

fi

117

118

# Load sound module at boot

118

# Load sound module at boot

119

if [ "$ENABLE_SOUND" = true ] ; then

119

if [ "$ENABLE_SOUND" = true ] ; then

120

sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"

120

sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"

121

else

121

else

122

echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"

122

echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"

123

fi

123

fi

124

125

# Enable I2C interface

125

# Enable I2C interface

126

if [ "$ENABLE_I2C" = true ] ; then

126

if [ "$ENABLE_I2C" = true ] ; then

127

echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"

127

echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"

128

sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"

128

sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"

129

sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"

129

sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"

130

fi

130

fi

131

132

# Enable SPI interface

132

# Enable SPI interface

133

if [ "$ENABLE_SPI" = true ] ; then

133

if [ "$ENABLE_SPI" = true ] ; then

134

echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"

134

echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"

135

echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"

135

echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"

136

if [ "$RPI_MODEL" = 3 ] ; then

136

if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then

137

sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"

137

sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"

138

fi

138

fi

139

fi

139

fi

140

141

# Disable RPi2/3 under-voltage warnings

141

# Disable RPi2/3 under-voltage warnings

142

if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then

142

if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then

143

echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"

143

echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"

144

fi

144

fi

145

146

# Install kernel modules blacklist

146

# Install kernel modules blacklist

147

mkdir -p "${ETC_DIR}/modprobe.d/"

147

mkdir -p "${ETC_DIR}/modprobe.d/"

148

install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"

148

install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"

149

150

# Install sysctl.d configuration files

150

# Install sysctl.d configuration files

151

install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

151

install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

             [Unit]
             Description=Packet Filtering Framework
             DefaultDependencies=no
             After=systemd-sysctl.service
             Before=sysinit.target
             [Service]
             Type=oneshot
-            ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
+            ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
             ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
             ExecStop=/etc/iptables/flush-ip6tables.sh
             RemainAfterExit=yes
             [Install]
             WantedBy=multi-user.target

             [Unit]
             Description=Packet Filtering Framework
             DefaultDependencies=no
             After=systemd-sysctl.service
             Before=sysinit.target
             [Service]
             Type=oneshot
-            ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
+            ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
             ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
             ExecStop=/etc/iptables/flush-iptables.sh
             RemainAfterExit=yes
             [Install]
             WantedBy=multi-user.target

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             #
             # Setup RPi2/3 config and cmdline
             #
             # Load utility functions
             . ./functions.sh
             if [ "$BUILD_KERNEL" = true ] ; then
               if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
                 # Install boot binaries from local directory
                 cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin
                 cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat
                 cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat
                 cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat
                 cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf
                 cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf
                 cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
               else
                 # Create temporary directory for boot binaries
                 temp_dir=$(as_nobody mktemp -d)
                 # Install latest boot binaries from raspberry/firmware github
                 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
                 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
                 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
                 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
                 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
                 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
                 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
                 # Move downloaded boot binaries
                 mv "${temp_dir}/"* "${BOOT_DIR}/"
                 # Remove temporary directory for boot binaries
                 rm -fr "${temp_dir}"
                 # Set permissions of the boot binaries
                 chown -R root:root "${BOOT_DIR}"
                 chmod -R 600 "${BOOT_DIR}"
               fi
             fi
             # Setup firmware boot cmdline
             if [ "$ENABLE_SPLITFS" = true ] ; then
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
             else
               CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1"
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
                 CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
               fi
             fi
             # Add serial console support
             if [ "$ENABLE_CONSOLE" = true ] ; then
               CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
             fi
             # Remove IPv6 networking support
             if [ "$ENABLE_IPV6" = false ] ; then
               CMDLINE="${CMDLINE} ipv6.disable=1"
             fi
             # Automatically assign predictable network interface names
             if [ "$ENABLE_IFNAMES" = false ] ; then
               CMDLINE="${CMDLINE} net.ifnames=0"
             else
               CMDLINE="${CMDLINE} net.ifnames=1"
             fi
             # Set init to systemd if required by Debian release
             if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
               CMDLINE="${CMDLINE} init=/bin/systemd"
             fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
             # Install firmware config
             install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
             fi
             # Disable RPi3 Bluetooth and restore ttyAMA0 serial device
-            if [ "$RPI_MODEL" = 3 ] ; then
+            if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
               if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then
                 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
                 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
               fi
             fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
             mkdir -p "${R}/lib/modules-load.d/"
             install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
             else
               echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
             fi
             # Enable I2C interface
             if [ "$ENABLE_I2C" = true ] ; then
               echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
               sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf"
               sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf"
             fi
             # Enable SPI interface
             if [ "$ENABLE_SPI" = true ] ; then
               echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
               echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf"
-              if [ "$RPI_MODEL" = 3 ] ; then
+              if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
                 sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
               fi
             fi
             # Disable RPi2/3 under-voltage warnings
             if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETC_DIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

             #
             # Setup Firewall
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "${ETC_DIR}/iptables"
+              # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
+              chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy
+              chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save
+              chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore
               # Install iptables systemd service
               install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
               install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
               install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Install ip6tables systemd service
                 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
                 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
               if [ "$ENABLE_SSHD" = false ] ; then
                # Remove SSHD related iptables rules
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
               fi
             fi