##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

a
Unknown -
r687:58d6d0dddb48
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,889 +1,886
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 #Copy 32bit config to 64bit
57 57 if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then
58 58 cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/
59 59 fi
60 60
61 61 # Configure and build kernel
62 62 if [ "$KERNELSRC_PREBUILT" = false ] ; then
63 63 # Remove device, network and filesystem drivers from kernel configuration
64 64 if [ "$KERNEL_REDUCE" = true ] ; then
65 65 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
66 66 sed -i\
67 67 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
68 68 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
73 73 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
76 76 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
78 78 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
79 79 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
81 81 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
83 83 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
84 84 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
89 89 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
91 91 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
92 92 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
93 93 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
94 94 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
95 95 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
96 96 "${KERNEL_DIR}/.config"
97 97 fi
98 98
99 99 if [ "$KERNELSRC_CONFIG" = true ] ; then
100 100 # Load default raspberry kernel configuration
101 101 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
102 102
103 103 #Switch to KERNELSRC_DIR so we can use set_kernel_config
104 104 cd "${KERNEL_DIR}" || exit
105 105
106 106 # Enable RPI POE HAT fan
107 107 if [ "$KERNEL_POEHAT" = true ]; then
108 108 set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m
109 109 fi
110 110
111 111 # Enable per-interface network priority control
112 112 # (for systemd-nspawn)
113 113 if [ "$KERNEL_NSPAN" = true ]; then
114 114 set_kernel_config CONFIG_CGROUP_NET_PRIO y
115 115 fi
116 116
117 117 # Compile in BTRFS
118 118 if [ "$KERNEL_BTRFS" = true ]; then
119 119 set_kernel_config CONFIG_BTRFS_FS y
120 120 set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y
121 121 set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y
122 122 fi
123 123
124 124 # Diffie-Hellman operations on retained keys
125 125 # (required for >keyutils-1.6)
126 126 if [ "$KERNEL_DHKEY" = true ]; then
127 127 set_kernel_config CONFIG_KEY_DH_OPERATIONS y
128 128 fi
129 129
130 130 if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then
131 131 # Mask this temporarily during switch to rpi-4.19.y
132 132 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
133 133 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
134 134 #set_kernel_config CONFIG_MMC_BCM2835 n
135 135 #set_kernel_config CONFIG_MMC_SDHCI_IPROC n
136 136 #set_kernel_config CONFIG_USB_DWC2 n
137 137 #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
138 138
139 139 #VLAN got disabled without reason in arm64bit
140 140 set_kernel_config CONFIG_IPVLAN m
141 141 fi
142 142
143 143 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
144 144 if [ "$KERNEL_ZSWAP" = true ] ; then
145 145 set_kernel_config CONFIG_ZPOOL y
146 146 set_kernel_config CONFIG_ZSWAP y
147 147 set_kernel_config CONFIG_ZBUD y
148 148 set_kernel_config CONFIG_Z3FOLD y
149 149 set_kernel_config CONFIG_ZSMALLOC y
150 150 set_kernel_config CONFIG_PGTABLE_MAPPING y
151 151 set_kernel_config CONFIG_LZO_COMPRESS y
152 152 fi
153 153
154 154 if [ "$RPI_MODEL" = 4 ] ; then
155 155 # Following are set in current 32-bit LPAE kernel
156 156 set_kernel_config CONFIG_CGROUP_PIDS y
157 157 set_kernel_config CONFIG_NET_IPVTI m
158 158 set_kernel_config CONFIG_NF_TABLES_SET m
159 159 set_kernel_config CONFIG_NF_TABLES_INET y
160 160 set_kernel_config CONFIG_NF_TABLES_NETDEV y
161 161 set_kernel_config CONFIG_NF_FLOW_TABLE m
162 162 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
163 163 set_kernel_config CONFIG_NFT_CONNLIMIT m
164 164 set_kernel_config CONFIG_NFT_TUNNEL m
165 165 set_kernel_config CONFIG_NFT_OBJREF m
166 166 set_kernel_config CONFIG_NFT_FIB_IPV4 m
167 167 set_kernel_config CONFIG_NFT_FIB_IPV6 m
168 168 set_kernel_config CONFIG_NFT_FIB_INET m
169 169 set_kernel_config CONFIG_NFT_SOCKET m
170 170 set_kernel_config CONFIG_NFT_OSF m
171 171 set_kernel_config CONFIG_NFT_TPROXY m
172 172 set_kernel_config CONFIG_NF_DUP_NETDEV m
173 173 set_kernel_config CONFIG_NFT_DUP_NETDEV m
174 174 set_kernel_config CONFIG_NFT_FWD_NETDEV m
175 175 set_kernel_config CONFIG_NFT_FIB_NETDEV m
176 176 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
177 177 set_kernel_config CONFIG_NF_FLOW_TABLE m
178 178 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
179 179 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
180 180 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
181 181 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
182 182 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
183 183 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
184 184 set_kernel_config CONFIG_NFT_DUP_IPV6 m
185 185 set_kernel_config CONFIG_NFT_FIB_IPV6 m
186 186 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m
187 187 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
188 188 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
189 189 set_kernel_config CONFIG_NF_LOG_BRIDGE m
190 190 set_kernel_config CONFIG_MT76_CORE m
191 191 set_kernel_config CONFIG_MT76_LEDS m
192 192 set_kernel_config CONFIG_MT76_USB m
193 193 set_kernel_config CONFIG_MT76x2_COMMON m
194 194 set_kernel_config CONFIG_MT76x0U m
195 195 set_kernel_config CONFIG_MT76x2U m
196 196 set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m
197 197 set_kernel_config CONFIG_BCM_VC_SM m
198 198 set_kernel_config CONFIG_BCM2835_SMI_DEV m
199 199 set_kernel_config CONFIG_RPIVID_MEM m
200 200 set_kernel_config CONFIG_HW_RANDOM_BCM2835 y
201 201 set_kernel_config CONFIG_TCG_TPM m
202 202 set_kernel_config CONFIG_HW_RANDOM_TPM y
203 203 set_kernel_config CONFIG_TCG_TIS m
204 204 set_kernel_config CONFIG_TCG_TIS_SPI m
205 205 set_kernel_config CONFIG_I2C_MUX m
206 206 set_kernel_config CONFIG_I2C_MUX_GPMUX m
207 207 set_kernel_config CONFIG_I2C_MUX_PCA954x m
208 208 set_kernel_config CONFIG_SPI_GPIO m
209 209 set_kernel_config CONFIG_BATTERY_MAX17040 m
210 210 set_kernel_config CONFIG_SENSORS_GPIO_FAN m
211 211 set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m
212 212 set_kernel_config CONFIG_BCM2835_THERMAL y
213 213 set_kernel_config CONFIG_RC_CORE y
214 214 set_kernel_config CONFIG_RC_MAP y
215 215 set_kernel_config CONFIG_LIRC y
216 216 set_kernel_config CONFIG_RC_DECODERS y
217 217 set_kernel_config CONFIG_IR_NEC_DECODER m
218 218 set_kernel_config CONFIG_IR_RC5_DECODER m
219 219 set_kernel_config CONFIG_IR_RC6_DECODER m
220 220 set_kernel_config CONFIG_IR_JVC_DECODER m
221 221 set_kernel_config CONFIG_IR_SONY_DECODER m
222 222 set_kernel_config CONFIG_IR_SANYO_DECODER m
223 223 set_kernel_config CONFIG_IR_SHARP_DECODER m
224 224 set_kernel_config CONFIG_IR_MCE_KBD_DECODER m
225 225 set_kernel_config CONFIG_IR_XMP_DECODER m
226 226 set_kernel_config CONFIG_IR_IMON_DECODER m
227 227 set_kernel_config CONFIG_RC_DEVICES y
228 228 set_kernel_config CONFIG_RC_ATI_REMOTE m
229 229 set_kernel_config CONFIG_IR_IMON m
230 230 set_kernel_config CONFIG_IR_MCEUSB m
231 231 set_kernel_config CONFIG_IR_REDRAT3 m
232 232 set_kernel_config CONFIG_IR_STREAMZAP m
233 233 set_kernel_config CONFIG_IR_IGUANA m
234 234 set_kernel_config CONFIG_IR_TTUSBIR m
235 235 set_kernel_config CONFIG_RC_LOOPBACK m
236 236 set_kernel_config CONFIG_IR_GPIO_CIR m
237 237 set_kernel_config CONFIG_IR_GPIO_TX m
238 238 set_kernel_config CONFIG_IR_PWM_TX m
239 239 set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
240 240 set_kernel_config CONFIG_VIDEO_AU0828_RC y
241 241 set_kernel_config CONFIG_VIDEO_CX231XX m
242 242 set_kernel_config CONFIG_VIDEO_CX231XX_RC y
243 243 set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m
244 244 set_kernel_config CONFIG_VIDEO_CX231XX_DVB m
245 245 set_kernel_config CONFIG_VIDEO_TM6000 m
246 246 set_kernel_config CONFIG_VIDEO_TM6000_ALSA m
247 247 set_kernel_config CONFIG_VIDEO_TM6000_DVB m
248 248 set_kernel_config CONFIG_DVB_USB m
249 249 set_kernel_config CONFIG_DVB_USB_DIB3000MC m
250 250 set_kernel_config CONFIG_DVB_USB_A800 m
251 251 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m
252 252 set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y
253 253 set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m
254 254 set_kernel_config CONFIG_DVB_USB_DIB0700 m
255 255 set_kernel_config CONFIG_DVB_USB_UMT_010 m
256 256 set_kernel_config CONFIG_DVB_USB_CXUSB m
257 257 set_kernel_config CONFIG_DVB_USB_M920X m
258 258 set_kernel_config CONFIG_DVB_USB_DIGITV m
259 259 set_kernel_config CONFIG_DVB_USB_VP7045 m
260 260 set_kernel_config CONFIG_DVB_USB_VP702X m
261 261 set_kernel_config CONFIG_DVB_USB_GP8PSK m
262 262 set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m
263 263 set_kernel_config CONFIG_DVB_USB_TTUSB2 m
264 264 set_kernel_config CONFIG_DVB_USB_DTT200U m
265 265 set_kernel_config CONFIG_DVB_USB_OPERA1 m
266 266 set_kernel_config CONFIG_DVB_USB_AF9005 m
267 267 set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m
268 268 set_kernel_config CONFIG_DVB_USB_PCTV452E m
269 269 set_kernel_config CONFIG_DVB_USB_DW2102 m
270 270 set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m
271 271 set_kernel_config CONFIG_DVB_USB_DTV5100 m
272 272 set_kernel_config CONFIG_DVB_USB_AZ6027 m
273 273 set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m
274 274 set_kernel_config CONFIG_DVB_USB_AF9015 m
275 275 set_kernel_config CONFIG_DVB_USB_LME2510 m
276 276 set_kernel_config CONFIG_DVB_USB_RTL28XXU m
277 277 set_kernel_config CONFIG_VIDEO_EM28XX_RC m
278 278 set_kernel_config CONFIG_SMS_SIANO_RC m
279 279 set_kernel_config CONFIG_VIDEO_IR_I2C m
280 280 set_kernel_config CONFIG_VIDEO_ADV7180 m
281 281 set_kernel_config CONFIG_VIDEO_TC358743 m
282 282 set_kernel_config CONFIG_VIDEO_OV5647 m
283 283 set_kernel_config CONFIG_DVB_M88DS3103 m
284 284 set_kernel_config CONFIG_DVB_AF9013 m
285 285 set_kernel_config CONFIG_DVB_RTL2830 m
286 286 set_kernel_config CONFIG_DVB_RTL2832 m
287 287 set_kernel_config CONFIG_DVB_SI2168 m
288 288 set_kernel_config CONFIG_DVB_GP8PSK_FE m
289 289 set_kernel_config CONFIG_DVB_USB m
290 290 set_kernel_config CONFIG_DVB_LGDT3306A m
291 291 set_kernel_config CONFIG_FB_SIMPLE y
292 292 set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m
293 293 set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m
294 294 set_kernel_config CONFIG_SND_AUDIOSENSE_PI m
295 295 set_kernel_config CONFIG_SND_SOC_AD193X m
296 296 set_kernel_config CONFIG_SND_SOC_AD193X_SPI m
297 297 set_kernel_config CONFIG_SND_SOC_AD193X_I2C m
298 298 set_kernel_config CONFIG_SND_SOC_CS4265 m
299 299 set_kernel_config CONFIG_SND_SOC_DA7213 m
300 300 set_kernel_config CONFIG_SND_SOC_ICS43432 m
301 301 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m
302 302 set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m
303 303 set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m
304 304 set_kernel_config CONFIG_HID_BIGBEN_FF m
305 305 #set_kernel_config CONFIG_USB_XHCI_PLATFORM y
306 306 set_kernel_config CONFIG_USB_TMC m
307 307 set_kernel_config CONFIG_USB_UAS y
308 308 set_kernel_config CONFIG_USBIP_VUDC m
309 309 set_kernel_config CONFIG_USB_CONFIGFS m
310 310 set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y
311 311 set_kernel_config CONFIG_USB_CONFIGFS_ACM y
312 312 set_kernel_config CONFIG_USB_CONFIGFS_OBEX y
313 313 set_kernel_config CONFIG_USB_CONFIGFS_NCM y
314 314 set_kernel_config CONFIG_USB_CONFIGFS_ECM y
315 315 set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y
316 316 set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y
317 317 set_kernel_config CONFIG_USB_CONFIGFS_EEM y
318 318 set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y
319 319 set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y
320 320 set_kernel_config CONFIG_USB_CONFIGFS_F_FS y
321 321 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y
322 322 set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y
323 323 set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y
324 324 set_kernel_config CONFIG_USB_CONFIGFS_F_HID y
325 325 set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y
326 326 set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y
327 327 set_kernel_config CONFIG_LEDS_PCA963X m
328 328 set_kernel_config CONFIG_LEDS_IS31FL32XX m
329 329 set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m
330 330 set_kernel_config CONFIG_RTC_DRV_RV3028 m
331 331 set_kernel_config CONFIG_AUXDISPLAY y
332 332 set_kernel_config CONFIG_HD44780 m
333 333 set_kernel_config CONFIG_FB_TFT_SH1106 m
334 334 set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m
335 335 set_kernel_config CONFIG_BCM2835_POWER y
336 336 set_kernel_config CONFIG_INV_MPU6050_IIO m
337 337 set_kernel_config CONFIG_INV_MPU6050_I2C m
338 338 set_kernel_config CONFIG_SECURITYFS y
339 339
340 340 # Safer to build this in
341 341 set_kernel_config CONFIG_BINFMT_MISC y
342 342
343 343 # pulseaudio wants a buffer of at least this size
344 344 set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048
345 345
346 346 # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4
347 347 # set the appropriate kernel configs unlocked by this PR
348 348 set_kernel_config CONFIG_ARCH_BCM y
349 349 set_kernel_config CONFIG_ARCH_BCM2835 y
350 350 set_kernel_config CONFIG_DRM_V3D m
351 351 set_kernel_config CONFIG_DRM_VC4 m
352 352 set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y
353 353
354 354 # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4
355 355 # required by PR#3144; should already be applied, but just to be safe
356 356 set_kernel_config CONFIG_PCIE_BRCMSTB y
357 357 set_kernel_config CONFIG_BCM2835_MMC y
358 358
359 359 # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at
360 360 # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap
361 361 # during cloud-init setup at first boot. Without this the login accounts are not
362 362 # created and the user can not login.
363 363 set_kernel_config CONFIG_SQUASHFS y
364 364
365 365 # Ceph support for Block Device (RBD) and Filesystem (FS)
366 366 # https://docs.ceph.com/docs/master/
367 367 set_kernel_config CONFIG_CEPH_LIB m
368 368 set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y
369 369 set_kernel_config CONFIG_CEPH_FS m
370 370 set_kernel_config CONFIG_CEPH_FSCACHE y
371 371 set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y
372 372 set_kernel_config CONFIG_BLK_DEV_RBD m
373 373 fi
374 374
375 375 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
376 376 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then
377 377 set_kernel_config CONFIG_HAVE_KVM y
378 378 set_kernel_config CONFIG_HIGH_RES_TIMERS y
379 379 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
380 380 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
381 381 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
382 382 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
383 383 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
384 384 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
385 385 set_kernel_config CONFIG_HAVE_KVM_MSI y
386 386 set_kernel_config CONFIG_KVM y
387 387 set_kernel_config CONFIG_KVM_ARM_HOST y
388 388 set_kernel_config CONFIG_KVM_ARM_PMU y
389 389 set_kernel_config CONFIG_KVM_COMPAT y
390 390 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
391 391 set_kernel_config CONFIG_KVM_MMIO y
392 392 set_kernel_config CONFIG_KVM_VFIO y
393 393 set_kernel_config CONFIG_KVM_MMU_AUDIT y
394 394 set_kernel_config CONFIG_VHOST m
395 395 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
396 396 set_kernel_config CONFIG_VHOST_NET m
397 397 set_kernel_config CONFIG_VIRTUALIZATION y
398 398 set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y
399 399 set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y
400 400 set_kernel_config CONFIG_MMU_NOTIFIER y
401 401
402 402 # erratum
403 403 set_kernel_config ARM64_ERRATUM_834220 y
404 404
405 405 # https://sourceforge.net/p/kvm/mailman/message/18440797/
406 406 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
407 407 fi
408 408
409 409 # enable apparmor,integrity audit,
410 410 if [ "$KERNEL_SECURITY" = true ] ; then
411 411
412 412 # security filesystem, security models and audit
413 413 set_kernel_config CONFIG_SECURITYFS y
414 414 set_kernel_config CONFIG_SECURITY y
415 415 set_kernel_config CONFIG_AUDIT y
416 416
417 417 # harden strcpy and memcpy
418 418 set_kernel_config CONFIG_HARDENED_USERCOPY y
419 419 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
420 420 set_kernel_config CONFIG_FORTIFY_SOURCE y
421 421
422 422 # integrity sub-system
423 423 set_kernel_config CONFIG_INTEGRITY y
424 424 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
425 425 set_kernel_config CONFIG_INTEGRITY_AUDIT y
426 426 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
427 427 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
428 428
429 429 # This option provides support for retaining authentication tokens and access keys in the kernel.
430 430 set_kernel_config CONFIG_KEYS y
431 431 set_kernel_config CONFIG_KEYS_COMPAT y
432 432
433 433 # Apparmor
434 434 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
435 435 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
436 436 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
437 437 set_kernel_config CONFIG_SECURITY_APPARMOR y
438 438 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
439 439 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
440 440
441 441 # restrictions on unprivileged users reading the kernel
442 442 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
443 443
444 444 # network security hooks
445 445 set_kernel_config CONFIG_SECURITY_NETWORK y
446 446 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
447 447 set_kernel_config CONFIG_SECURITY_PATH y
448 448 set_kernel_config CONFIG_SECURITY_YAMA n
449 449
450 450 set_kernel_config CONFIG_SECURITY_SELINUX n
451 451 set_kernel_config CONFIG_SECURITY_SMACK n
452 452 set_kernel_config CONFIG_SECURITY_TOMOYO n
453 453 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
454 454 set_kernel_config CONFIG_SECURITY_LOADPIN n
455 455 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
456 456 set_kernel_config CONFIG_IMA n
457 457 set_kernel_config CONFIG_EVM n
458 458 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
459 459 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
460 460 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
461 461 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
462 462 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
463 463 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
464 464 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
465 465 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
466 466 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
467
468 set_kernel_config CONFIG_ARM64_CRYPTO y
469 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
470 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
471 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
472 set_kernel_config CRYPTO_GHASH_ARM64_CE m
473 set_kernel_config CRYPTO_SHA2_ARM64_CE m
474 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
475 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
476 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
477 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
478 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
479 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
480 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
481 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
482 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
483 467 fi
484 468
485 469 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
486 470 if [ "$KERNEL_NF" = true ] ; then
487 471 set_kernel_config CONFIG_IP_NF_SECURITY m
488 472 set_kernel_config CONFIG_NETLABEL y
489 473 set_kernel_config CONFIG_IP6_NF_SECURITY m
490 474 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
491 475 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
492 476 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
493 477 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
494 478 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
495 479 set_kernel_config CONFIG_NFT_FIB_INET m
496 480 set_kernel_config CONFIG_NFT_FIB_IPV4 m
497 481 set_kernel_config CONFIG_NFT_FIB_IPV6 m
498 482 set_kernel_config CONFIG_NFT_FIB_NETDEV m
499 483 set_kernel_config CONFIG_NFT_OBJREF m
500 484 set_kernel_config CONFIG_NFT_RT m
501 485 set_kernel_config CONFIG_NFT_SET_BITMAP m
502 486 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
503 487 set_kernel_config CONFIG_NF_LOG_ARP m
504 488 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
505 489 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
506 490 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
507 491 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
508 492 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
509 493 set_kernel_config CONFIG_IP6_NF_IPTABLES m
510 494 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
511 495 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
512 496 set_kernel_config CONFIG_IP6_NF_NAT m
513 497 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
514 498 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
515 499 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
516 500 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
517 501 set_kernel_config CONFIG_IP_SET_HASH_IP m
518 502 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
519 503 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
520 504 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
521 505 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
522 506 set_kernel_config CONFIG_IP_SET_HASH_MAC m
523 507 set_kernel_config CONFIG_IP_SET_HASH_NET m
524 508 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
525 509 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
526 510 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
527 511 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
528 512 set_kernel_config CONFIG_IP_SET_LIST_SET m
529 513 set_kernel_config CONFIG_NETFILTER_XTABLES m
530 514 set_kernel_config CONFIG_NETFILTER_XTABLES m
531 515 set_kernel_config CONFIG_NFT_BRIDGE_META m
532 516 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
533 517 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
534 518 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
535 519 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
536 520 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
537 521 set_kernel_config CONFIG_NFT_COMPAT m
538 522 set_kernel_config CONFIG_NFT_COUNTER m
539 523 set_kernel_config CONFIG_NFT_CT m
540 524 set_kernel_config CONFIG_NFT_DUP_IPV4 m
541 525 set_kernel_config CONFIG_NFT_DUP_IPV6 m
542 526 set_kernel_config CONFIG_NFT_DUP_NETDEV m
543 527 set_kernel_config CONFIG_NFT_EXTHDR m
544 528 set_kernel_config CONFIG_NFT_FWD_NETDEV m
545 529 set_kernel_config CONFIG_NFT_HASH m
546 530 set_kernel_config CONFIG_NFT_LIMIT m
547 531 set_kernel_config CONFIG_NFT_LOG m
548 532 set_kernel_config CONFIG_NFT_MASQ m
549 533 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
550 534 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
551 535 set_kernel_config CONFIG_NFT_META m
552 536 set_kernel_config CONFIG_NFT_NAT m
553 537 set_kernel_config CONFIG_NFT_NUMGEN m
554 538 set_kernel_config CONFIG_NFT_QUEUE m
555 539 set_kernel_config CONFIG_NFT_QUOTA m
556 540 set_kernel_config CONFIG_NFT_REDIR m
557 541 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
558 542 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
559 543 set_kernel_config CONFIG_NFT_REJECT m
560 544 set_kernel_config CONFIG_NFT_REJECT_INET m
561 545 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
562 546 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
563 547 set_kernel_config CONFIG_NFT_SET_HASH m
564 548 set_kernel_config CONFIG_NFT_SET_RBTREE m
565 549 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
566 550 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
567 551 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
568 552 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
569 553 set_kernel_config CONFIG_NF_DUP_IPV4 m
570 554 set_kernel_config CONFIG_NF_DUP_IPV6 m
571 555 set_kernel_config CONFIG_NF_DUP_NETDEV m
572 556 set_kernel_config CONFIG_NF_LOG_BRIDGE m
573 557 set_kernel_config CONFIG_NF_LOG_IPV4 m
574 558 set_kernel_config CONFIG_NF_LOG_IPV6 m
575 559 set_kernel_config CONFIG_NF_NAT_IPV4 m
576 560 set_kernel_config CONFIG_NF_NAT_IPV6 m
577 561 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y
578 562 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y
579 563 set_kernel_config CONFIG_NF_NAT_PPTP m
580 564 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
581 565 set_kernel_config CONFIG_NF_NAT_REDIRECT y
582 566 set_kernel_config CONFIG_NF_NAT_SIP m
583 567 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
584 568 set_kernel_config CONFIG_NF_NAT_TFTP m
585 569 set_kernel_config CONFIG_NF_REJECT_IPV4 m
586 570 set_kernel_config CONFIG_NF_REJECT_IPV6 m
587 571 set_kernel_config CONFIG_NF_TABLES m
588 572 set_kernel_config CONFIG_NF_TABLES_ARP m
589 573 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
590 574 set_kernel_config CONFIG_NF_TABLES_INET m
591 575 set_kernel_config CONFIG_NF_TABLES_IPV4 y
592 576 set_kernel_config CONFIG_NF_TABLES_IPV6 y
593 577 set_kernel_config CONFIG_NF_TABLES_NETDEV m
594 578 set_kernel_config CONFIG_NF_TABLES_SET m
595 579 set_kernel_config CONFIG_NF_TABLES_INET y
596 580 set_kernel_config CONFIG_NF_TABLES_NETDEV y
597 581 set_kernel_config CONFIG_NFT_CONNLIMIT m
598 582 set_kernel_config CONFIG_NFT_TUNNEL m
599 583 set_kernel_config CONFIG_NFT_SOCKET m
600 584 set_kernel_config CONFIG_NFT_TPROXY m
601 585 set_kernel_config CONFIG_NF_FLOW_TABLE m
602 586 set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m
603 587 set_kernel_config CONFIG_NF_FLOW_TABLE_INET m
604 588 set_kernel_config CONFIG_NF_TABLES_ARP y
605 589 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y
606 590 set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y
607 591 set_kernel_config CONFIG_NF_TABLES_BRIDGE y
608 592 set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m
609 593 set_kernel_config CONFIG_NFT_OSF m
610 594
611 595 fi
612 596
613 597 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
614 598 if [ "$KERNEL_BPF" = true ] ; then
615 599 set_kernel_config CONFIG_BPF_SYSCALL y
616 600 set_kernel_config CONFIG_BPF_EVENTS y
617 601 set_kernel_config CONFIG_BPF_STREAM_PARSER y
618 602 set_kernel_config CONFIG_CGROUP_BPF y
619 603 set_kernel_config CONFIG_XDP_SOCKETS y
620 604 fi
621 605
622 606 # KERNEL_DEFAULT_GOV was set by user
623 607 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
624 608
625 609 case "$KERNEL_DEFAULT_GOV" in
626 610 performance)
627 611 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
628 612 ;;
629 613 userspace)
630 614 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
631 615 ;;
632 616 ondemand)
633 617 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
634 618 ;;
635 619 conservative)
636 620 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
637 621 ;;
638 622 shedutil)
639 623 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
640 624 ;;
641 625 *)
642 626 echo "error: unsupported default cpu governor"
643 627 exit 1
644 628 ;;
645 629 esac
646 630
647 631 # unset previous default governor
648 632 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
649 633 fi
650 634
651 635 #Revert to previous directory
652 636 cd "${WORKDIR}" || exit
653 637
654 638 # Set kernel configuration parameters to enable qemu emulation
655 639 if [ "$ENABLE_QEMU" = true ] ; then
656 640 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
657 641 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
658 642
659 643 if [ "$ENABLE_CRYPTFS" = true ] ; then
660 {
661 echo "CONFIG_EMBEDDED=y"
662 echo "CONFIG_EXPERT=y"
663 echo "CONFIG_DAX=y"
664 echo "CONFIG_MD=y"
665 echo "CONFIG_BLK_DEV_MD=y"
666 echo "CONFIG_MD_AUTODETECT=y"
667 echo "CONFIG_BLK_DEV_DM=y"
668 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
669 echo "CONFIG_DM_CRYPT=y"
670 echo "CONFIG_CRYPTO_BLKCIPHER=y"
671 echo "CONFIG_CRYPTO_CBC=y"
672 echo "CONFIG_CRYPTO_XTS=y"
673 echo "CONFIG_CRYPTO_SHA512=y"
674 echo "CONFIG_CRYPTO_MANAGER=y"
675 } >> "${KERNEL_DIR}"/.config
644 set_kernel_configCONFIG_EMBEDDED y
645 set_kernel_config CONFIG_EXPERT y
646 set_kernel_config CONFIG_DAX y
647 set_kernel_config CONFIG_MD y
648 set_kernel_config CONFIG_BLK_DEV_MD y
649 set_kernel_config CONFIG_MD_AUTODETECT y
650 set_kernel_config CONFIG_BLK_DEV_DM y
651 set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
652 set_kernel_config CONFIG_DM_CRYPT y
653 set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
654 set_kernel_config CONFIG_CRYPTO_CBC y
655 set_kernel_config CONFIG_CRYPTO_XTS y
656 set_kernel_config CONFIG_CRYPTO_SHA512 y
657 set_kernel_config CONFIG_CRYPTO_MANAGER y
658 set_kernel_config CONFIG_ARM64_CRYPTO y
659 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
660 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
661 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
662 set_kernel_config CRYPTO_GHASH_ARM64_CE m
663 set_kernel_config CRYPTO_SHA2_ARM64_CE m
664 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
665 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
666 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
667 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
668 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
669 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
670 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
671 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
672 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
676 673 fi
677 674 fi
678 675
679 676 # Copy custom kernel configuration file
680 677 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
681 678 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
682 679 fi
683 680
684 681 # Set kernel configuration parameters to their default values
685 682 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
686 683 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
687 684 fi
688 685
689 686 # Start menu-driven kernel configuration (interactive)
690 687 if [ "$KERNEL_MENUCONFIG" = true ] ; then
691 688 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
692 689 fi
693 690 # end if "$KERNELSRC_CONFIG" = true
694 691 fi
695 692
696 693 # Use ccache to cross compile the kernel
697 694 if [ "$KERNEL_CCACHE" = true ] ; then
698 695 cc="ccache ${CROSS_COMPILE}gcc"
699 696 else
700 697 cc="${CROSS_COMPILE}gcc"
701 698 fi
702 699
703 700 # Cross compile kernel and dtbs
704 701 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
705 702
706 703 # Cross compile kernel modules
707 704 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
708 705 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
709 706 fi
710 707 # end if "$KERNELSRC_PREBUILT" = false
711 708 fi
712 709
713 710 # Check if kernel compilation was successful
714 711 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
715 712 echo "error: kernel compilation failed! (kernel image not found)"
716 713 cleanup
717 714 exit 1
718 715 fi
719 716
720 717 # Install kernel modules
721 718 if [ "$ENABLE_REDUCE" = true ] ; then
722 719 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
723 720 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
724 721 fi
725 722 else
726 723 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
727 724 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
728 725 fi
729 726
730 727 # Install kernel firmware
731 728 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
732 729 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
733 730 fi
734 731 fi
735 732
736 733 # Install kernel headers
737 734 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
738 735 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
739 736 fi
740 737
741 738 # Prepare boot (firmware) directory
742 739 mkdir "${BOOT_DIR}"
743 740
744 741 # Get kernel release version
745 742 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
746 743
747 744 # Copy kernel configuration file to the boot directory
748 745 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
749 746
750 747 # Prepare device tree directory
751 748 mkdir "${BOOT_DIR}/overlays"
752 749
753 750 # Ensure the proper .dtb is located
754 751 if [ "$KERNEL_ARCH" = "arm" ] ; then
755 752 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
756 753 if [ -f "${dtb}" ] ; then
757 754 install_readonly "${dtb}" "${BOOT_DIR}/"
758 755 fi
759 756 done
760 757 else
761 758 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
762 759 if [ -f "${dtb}" ] ; then
763 760 install_readonly "${dtb}" "${BOOT_DIR}/"
764 761 fi
765 762 done
766 763 fi
767 764
768 765 # Copy compiled dtb device tree files
769 766 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
770 767 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
771 768 if [ -f "${dtb}" ] ; then
772 769 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
773 770 fi
774 771 done
775 772
776 773 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
777 774 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
778 775 fi
779 776 fi
780 777
781 778 if [ "$ENABLE_UBOOT" = false ] ; then
782 779 # Convert and copy kernel image to the boot directory
783 780 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
784 781 else
785 782 # Copy kernel image to the boot directory
786 783 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
787 784 fi
788 785
789 786 # Remove kernel sources
790 787 if [ "$KERNEL_REMOVESRC" = true ] ; then
791 788 rm -fr "${KERNEL_DIR}"
792 789 else
793 790 # Prepare compiled kernel modules
794 791 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
795 792 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
796 793 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
797 794 fi
798 795
799 796 # Create symlinks for kernel modules
800 797 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
801 798 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
802 799 fi
803 800 fi
804 801
805 802 else # BUILD_KERNEL=false
806 803 if [ "$SET_ARCH" = 64 ] ; then
807 804 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
808 805 # Use Sakakis modified kernel if ZSWAP is active
809 806 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
810 807 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
811 808 fi
812 809
813 810 # Create temporary directory for dl
814 811 temp_dir=$(as_nobody mktemp -d)
815 812
816 813 # Fetch kernel dl
817 814 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
818 815 fi
819 816 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
820 817 # Create temporary directory for dl
821 818 temp_dir=$(as_nobody mktemp -d)
822 819
823 820 # Fetch kernel dl
824 821 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
825 822 fi
826 823
827 824 #extract download
828 825 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
829 826
830 827 #move extracted kernel to /boot/firmware
831 828 mkdir "${R}/boot/firmware"
832 829 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
833 830 cp -r "${temp_dir}"/lib/* "${R}"/lib/
834 831
835 832 # Remove temporary directory for kernel sources
836 833 rm -fr "${temp_dir}"
837 834
838 835 # Set permissions of the kernel sources
839 836 chown -R root:root "${R}/boot/firmware"
840 837 chown -R root:root "${R}/lib/modules"
841 838 fi
842 839
843 840 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
844 841 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
845 842 # Create temporary directory for dl
846 843 temp_dir=$(as_nobody mktemp -d)
847 844
848 845 # Fetch kernel
849 846 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
850 847
851 848 # Copy downloaded kernel package
852 849 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
853 850
854 851 # Set permissions
855 852 chown -R root:root "${R}"/tmp/kernel.deb
856 853
857 854 # Install kernel
858 855 chroot_exec dpkg -i /tmp/kernel.deb
859 856
860 857 # move /boot to /boot/firmware to fit script env.
861 858 #mkdir "${BOOT_DIR}"
862 859 mkdir "${temp_dir}"/firmware
863 860 mv "${R}"/boot/* "${temp_dir}"/firmware/
864 861 mv "${temp_dir}"/firmware "${R}"/boot/
865 862
866 863 #same for kernel headers
867 864 if [ "$KERNEL_HEADERS" = true ] ; then
868 865 # Fetch kernel header
869 866 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
870 867 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
871 868 chown -R root:root "${R}"/tmp/kernel-header.deb
872 869 # Install kernel header
873 870 chroot_exec dpkg -i /tmp/kernel-header.deb
874 871 rm -f "${R}"/tmp/kernel-header.deb
875 872 fi
876 873
877 874 # Remove temporary directory and files
878 875 rm -fr "${temp_dir}"
879 876 rm -f "${R}"/tmp/kernel.deb
880 877 fi
881 878
882 879 # Check if kernel installation was successful
883 880 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
884 881 if [ -z "$KERNEL" ] ; then
885 882 echo "error: kernel installation failed! (/boot/kernel* not found)"
886 883 cleanup
887 884 exit 1
888 885 fi
889 886 fi
Show file before | Show file after | Hide comments
@@ -1,121 +1,118
1 1 #!/bin/sh
2 2 # Setup fstab and initramfs
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Install and setup fstab
9 9 install_readonly files/mount/fstab "${ETC_DIR}/fstab"
10 10
11 11 # Add usb/sda disk root partition to fstab
12 12 if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
13 13 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
14 14 fi
15 15
16 16 if [ "$ENABLE_USBBOOT" = true ] ; then
17 17 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
18 18 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
19
20 # Add usb/sda2 disk to crypttab
21 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
22 19 fi
23 20
24 21 # Generate initramfs file
25 22 if [ "$ENABLE_INITRAMFS" = true ] ; then
26 23 if [ "$ENABLE_CRYPTFS" = true ] ; then
27 24 if [ "$ENABLE_USBBOOT" = true ] ; then
28 25 # Add usb/sda2 disk to crypttab
29 26 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
30 27 fi
31 28
32 29 # Include initramfs scripts to auto expand encrypted root partition
33 30 if [ "$EXPANDROOT" = true ] ; then
34 31 install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
35 32 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
36 33 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
37 34 fi
38 35
39 36 # Replace fstab root partition with encrypted partition mapping
40 37 sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
41 38
42 39 # Add encrypted partition to crypttab and fstab
43 40 install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
44 41 echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
45 42
46 43 # Add encrypted root partition to fstab and crypttab
47 44 if [ "$ENABLE_SPLITFS" = true ] ; then
48 45 # Add usb/sda1 disk to crypttab
49 46 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
50 47 fi
51 48
52 49 if [ "$CRYPTFS_DROPBEAR" = true ]; then
53 50 if [ "$ENABLE_DHCP" = false ] ; then
54 51 # Get cdir from NET_ADDRESS e.g. 24
55 52 cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2)
56 53
57 54 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
58 55 NET_MASK=$(cdr2mask "$cdir")
59 56
60 57 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
61 58 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
62 59
63 60 # Regenerate initramfs
64 #chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
65 62 fi
66 63
67 64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
68 65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
69 66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
70 67 else
71 68 # Create key
72 69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
73 70
74 71 # Convert dropbear key to openssh key
75 72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
76 73
77 74 # Get Public Key Part
78 75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
79 76
80 77 # Delete unwanted lines
81 78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
82 79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
83 80
84 81 # Trust the new key
85 82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
86 83
87 84 # Save Keys - convert with putty from rsa/openssh to puttkey
88 85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
89 86
90 87 # Get unlock script
91 88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
92 89
93 90 # Enable Dropbear inside initramfs
94 91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
95 92
96 93 # Enable Dropbear inside initramfs
97 94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
98 95 fi
99 96 # CRYPTFSDROPBEAR=false
100 97 else
101 98 # Disable SSHD inside initramfs
102 99 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
103 100 fi
104 101
105 102 # Add cryptsetup modules to initramfs
106 103 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
107 104
108 105 # Dummy mapping required by mkinitramfs
109 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}"
110 107
111 108 # Generate initramfs with encrypted root partition support
112 109 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
113 110
114 111 # Remove dummy mapping
115 112 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
116 113 # CRYPTFS=false
117 114 else
118 115 # Generate initramfs without encrypted root partition support
119 116 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
120 117 fi
121 118 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant