@@ -464,22 +464,6 if [ "$BUILD_KERNEL" = true ] ; then | |||||
464 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n |
|
464 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n | |
465 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m |
|
465 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m | |
466 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 |
|
466 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 | |
467 |
|
||||
468 | set_kernel_config CONFIG_ARM64_CRYPTO y |
|
|||
469 | set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m |
|
|||
470 | set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m |
|
|||
471 | set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m |
|
|||
472 | set_kernel_config CRYPTO_GHASH_ARM64_CE m |
|
|||
473 | set_kernel_config CRYPTO_SHA2_ARM64_CE m |
|
|||
474 | set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m |
|
|||
475 | set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m |
|
|||
476 | set_kernel_config CONFIG_CRYPTO_AES_ARM64 m |
|
|||
477 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m |
|
|||
478 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y |
|
|||
479 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y |
|
|||
480 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m |
|
|||
481 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m |
|
|||
482 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m |
|
|||
483 | fi |
|
467 | fi | |
484 |
|
468 | |||
485 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 |
|
469 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 | |
@@ -657,22 +641,35 if [ "$BUILD_KERNEL" = true ] ; then | |||||
657 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config |
|
641 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config | |
658 |
|
642 | |||
659 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
643 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
660 | { |
|
644 | set_kernel_configCONFIG_EMBEDDED y | |
661 | echo "CONFIG_EMBEDDED=y" |
|
645 | set_kernel_config CONFIG_EXPERT y | |
662 | echo "CONFIG_EXPERT=y" |
|
646 | set_kernel_config CONFIG_DAX y | |
663 | echo "CONFIG_DAX=y" |
|
647 | set_kernel_config CONFIG_MD y | |
664 | echo "CONFIG_MD=y" |
|
648 | set_kernel_config CONFIG_BLK_DEV_MD y | |
665 | echo "CONFIG_BLK_DEV_MD=y" |
|
649 | set_kernel_config CONFIG_MD_AUTODETECT y | |
666 | echo "CONFIG_MD_AUTODETECT=y" |
|
650 | set_kernel_config CONFIG_BLK_DEV_DM y | |
667 | echo "CONFIG_BLK_DEV_DM=y" |
|
651 | set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y | |
668 | echo "CONFIG_BLK_DEV_DM_BUILTIN=y" |
|
652 | set_kernel_config CONFIG_DM_CRYPT y | |
669 | echo "CONFIG_DM_CRYPT=y" |
|
653 | set_kernel_config CONFIG_CRYPTO_BLKCIPHER y | |
670 | echo "CONFIG_CRYPTO_BLKCIPHER=y" |
|
654 | set_kernel_config CONFIG_CRYPTO_CBC y | |
671 | echo "CONFIG_CRYPTO_CBC=y" |
|
655 | set_kernel_config CONFIG_CRYPTO_XTS y | |
672 | echo "CONFIG_CRYPTO_XTS=y" |
|
656 | set_kernel_config CONFIG_CRYPTO_SHA512 y | |
673 | echo "CONFIG_CRYPTO_SHA512=y" |
|
657 | set_kernel_config CONFIG_CRYPTO_MANAGER y | |
674 | echo "CONFIG_CRYPTO_MANAGER=y" |
|
658 | set_kernel_config CONFIG_ARM64_CRYPTO y | |
675 | } >> "${KERNEL_DIR}"/.config |
|
659 | set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m | |
|
660 | set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m | |||
|
661 | set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m | |||
|
662 | set_kernel_config CRYPTO_GHASH_ARM64_CE m | |||
|
663 | set_kernel_config CRYPTO_SHA2_ARM64_CE m | |||
|
664 | set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m | |||
|
665 | set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m | |||
|
666 | set_kernel_config CONFIG_CRYPTO_AES_ARM64 m | |||
|
667 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m | |||
|
668 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y | |||
|
669 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y | |||
|
670 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m | |||
|
671 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m | |||
|
672 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m | |||
676 | fi |
|
673 | fi | |
677 | fi |
|
674 | fi | |
678 |
|
675 |
@@ -16,9 +16,6 fi | |||||
16 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
16 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
17 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
17 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |
18 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
18 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |
19 |
|
||||
20 | # Add usb/sda2 disk to crypttab |
|
|||
21 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" |
|
|||
22 | fi |
|
19 | fi | |
23 |
|
20 | |||
24 | # Generate initramfs file |
|
21 | # Generate initramfs file | |
@@ -60,8 +57,8 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
60 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
57 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
61 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
58 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
62 |
|
59 | |||
63 |
# |
|
60 | #Regenerate initramfs | |
64 |
|
|
61 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
65 |
|
|
62 | fi | |
66 |
|
63 | |||
67 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then |
|
64 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
@@ -106,7 +103,7 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
106 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
103 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" | |
107 |
|
104 | |||
108 | # Dummy mapping required by mkinitramfs |
|
105 | # Dummy mapping required by mkinitramfs | |
109 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" |
|
106 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}" | |
110 |
|
107 | |||
111 | # Generate initramfs with encrypted root partition support |
|
108 | # Generate initramfs with encrypted root partition support | |
112 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
109 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant