##// END OF EJS Templates
a
Unknown -
r687:58d6d0dddb48
parent child
Show More
@@ -464,22 +464,6 if [ "$BUILD_KERNEL" = true ] ; then
464 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
464 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
465 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
465 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
466 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
466 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
467
468 set_kernel_config CONFIG_ARM64_CRYPTO y
469 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
470 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
471 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
472 set_kernel_config CRYPTO_GHASH_ARM64_CE m
473 set_kernel_config CRYPTO_SHA2_ARM64_CE m
474 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
475 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
476 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
477 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
478 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
479 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
480 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
481 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
482 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
483 fi
467 fi
484
468
485 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
469 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
@@ -657,22 +641,35 if [ "$BUILD_KERNEL" = true ] ; then
657 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
641 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
658
642
659 if [ "$ENABLE_CRYPTFS" = true ] ; then
643 if [ "$ENABLE_CRYPTFS" = true ] ; then
660 {
644 set_kernel_configCONFIG_EMBEDDED y
661 echo "CONFIG_EMBEDDED=y"
645 set_kernel_config CONFIG_EXPERT y
662 echo "CONFIG_EXPERT=y"
646 set_kernel_config CONFIG_DAX y
663 echo "CONFIG_DAX=y"
647 set_kernel_config CONFIG_MD y
664 echo "CONFIG_MD=y"
648 set_kernel_config CONFIG_BLK_DEV_MD y
665 echo "CONFIG_BLK_DEV_MD=y"
649 set_kernel_config CONFIG_MD_AUTODETECT y
666 echo "CONFIG_MD_AUTODETECT=y"
650 set_kernel_config CONFIG_BLK_DEV_DM y
667 echo "CONFIG_BLK_DEV_DM=y"
651 set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
668 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
652 set_kernel_config CONFIG_DM_CRYPT y
669 echo "CONFIG_DM_CRYPT=y"
653 set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
670 echo "CONFIG_CRYPTO_BLKCIPHER=y"
654 set_kernel_config CONFIG_CRYPTO_CBC y
671 echo "CONFIG_CRYPTO_CBC=y"
655 set_kernel_config CONFIG_CRYPTO_XTS y
672 echo "CONFIG_CRYPTO_XTS=y"
656 set_kernel_config CONFIG_CRYPTO_SHA512 y
673 echo "CONFIG_CRYPTO_SHA512=y"
657 set_kernel_config CONFIG_CRYPTO_MANAGER y
674 echo "CONFIG_CRYPTO_MANAGER=y"
658 set_kernel_config CONFIG_ARM64_CRYPTO y
675 } >> "${KERNEL_DIR}"/.config
659 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
660 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
661 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
662 set_kernel_config CRYPTO_GHASH_ARM64_CE m
663 set_kernel_config CRYPTO_SHA2_ARM64_CE m
664 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
665 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
666 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
667 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
668 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
669 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
670 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
671 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
672 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
676 fi
673 fi
677 fi
674 fi
678
675
@@ -16,9 +16,6 fi
16 if [ "$ENABLE_USBBOOT" = true ] ; then
16 if [ "$ENABLE_USBBOOT" = true ] ; then
17 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
17 sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
18 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
18 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
19
20 # Add usb/sda2 disk to crypttab
21 sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
22 fi
19 fi
23
20
24 # Generate initramfs file
21 # Generate initramfs file
@@ -61,7 +58,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
61 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
62
59
63 # Regenerate initramfs
60 #Regenerate initramfs
64 #chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
65 fi
62 fi
66
63
67 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
@@ -106,7 +103,7 if [ "$ENABLE_INITRAMFS" = true ] ; then
106 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
103 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
107
104
108 # Dummy mapping required by mkinitramfs
105 # Dummy mapping required by mkinitramfs
109 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
106 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}"
110
107
111 # Generate initramfs with encrypted root partition support
108 # Generate initramfs with encrypted root partition support
112 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
109 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant