##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

a
Unknown -
r687:58d6d0dddb48
parent child
Show More
Show file before | Show file after | Hide comments
@@ -464,22 +464,6 if [ "$BUILD_KERNEL" = true ] ; then
464 464 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
465 465 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
466 466 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
467
468 set_kernel_config CONFIG_ARM64_CRYPTO y
469 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
470 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
471 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
472 set_kernel_config CRYPTO_GHASH_ARM64_CE m
473 set_kernel_config CRYPTO_SHA2_ARM64_CE m
474 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
475 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
476 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
477 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
478 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
479 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
480 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
481 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
482 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
483 467 fi
484 468
485 469 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
@@ -657,22 +641,35 if [ "$BUILD_KERNEL" = true ] ; then
657 641 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
658 642
659 643 if [ "$ENABLE_CRYPTFS" = true ] ; then
660 {
661 echo "CONFIG_EMBEDDED=y"
662 echo "CONFIG_EXPERT=y"
663 echo "CONFIG_DAX=y"
664 echo "CONFIG_MD=y"
665 echo "CONFIG_BLK_DEV_MD=y"
666 echo "CONFIG_MD_AUTODETECT=y"
667 echo "CONFIG_BLK_DEV_DM=y"
668 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
669 echo "CONFIG_DM_CRYPT=y"
670 echo "CONFIG_CRYPTO_BLKCIPHER=y"
671 echo "CONFIG_CRYPTO_CBC=y"
672 echo "CONFIG_CRYPTO_XTS=y"
673 echo "CONFIG_CRYPTO_SHA512=y"
674 echo "CONFIG_CRYPTO_MANAGER=y"
675 } >> "${KERNEL_DIR}"/.config
644 set_kernel_configCONFIG_EMBEDDED y
645 set_kernel_config CONFIG_EXPERT y
646 set_kernel_config CONFIG_DAX y
647 set_kernel_config CONFIG_MD y
648 set_kernel_config CONFIG_BLK_DEV_MD y
649 set_kernel_config CONFIG_MD_AUTODETECT y
650 set_kernel_config CONFIG_BLK_DEV_DM y
651 set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
652 set_kernel_config CONFIG_DM_CRYPT y
653 set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
654 set_kernel_config CONFIG_CRYPTO_CBC y
655 set_kernel_config CONFIG_CRYPTO_XTS y
656 set_kernel_config CONFIG_CRYPTO_SHA512 y
657 set_kernel_config CONFIG_CRYPTO_MANAGER y
658 set_kernel_config CONFIG_ARM64_CRYPTO y
659 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
660 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
661 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
662 set_kernel_config CRYPTO_GHASH_ARM64_CE m
663 set_kernel_config CRYPTO_SHA2_ARM64_CE m
664 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
665 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
666 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
667 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
668 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
669 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
670 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
671 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
672 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
676 673 fi
677 674 fi
678 675
Show file before | Show file after | Hide comments
@@ -16,9 +16,6 fi
16 16 if [ "$ENABLE_USBBOOT" = true ] ; then
17 17 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
18 18 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
19
20 # Add usb/sda2 disk to crypttab
21 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
22 19 fi
23 20
24 21 # Generate initramfs file
@@ -61,7 +58,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
61 58 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
62 59
63 60 # Regenerate initramfs
64 #chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
65 62 fi
66 63
67 64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
@@ -106,7 +103,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
106 103 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
107 104
108 105 # Dummy mapping required by mkinitramfs
109 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}"
110 107
111 108 # Generate initramfs with encrypted root partition support
112 109 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant