Raspi2-3_GenImage Commit - r687:58d6d0dddb48 · Collaboration Tremplin des Sciences

Unknown -

r687:58d6d0dddb48

parent child

Context file:

r687:58d6d0dddb48

bootstrap.d/13-kernel.sh +29 -32

@@ -464,22 +464,6 if [ "$BUILD_KERNEL" = true ] ; then
464	set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n	464	set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
465	set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m	465	set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
466	set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096	466	set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
467
468	set_kernel_config CONFIG_ARM64_CRYPTO y
469	set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
470	set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
471	set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
472	set_kernel_config CRYPTO_GHASH_ARM64_CE m
473	set_kernel_config CRYPTO_SHA2_ARM64_CE m
474	set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
475	set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
476	set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
477	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
478	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
479	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
480	set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
481	set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
482	set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
483	fi	467	fi
484		468
485	# Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406	469	# Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
@@ -657,22 +641,35 if [ "$BUILD_KERNEL" = true ] ; then
657	echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config	641	echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
658		642
659	if [ "$ENABLE_CRYPTFS" = true ] ; then	643	if [ "$ENABLE_CRYPTFS" = true ] ; then
660	{	644	set_kernel_configCONFIG_EMBEDDED y
661	echo "CONFIG_EMBEDDED=y"	645	set_kernel_config CONFIG_EXPERT y
662	echo "CONFIG_EXPERT=y"	646	set_kernel_config CONFIG_DAX y
663	echo "CONFIG_DAX=y"	647	set_kernel_config CONFIG_MD y
664	echo "CONFIG_MD=y"	648	set_kernel_config CONFIG_BLK_DEV_MD y
665	echo "CONFIG_BLK_DEV_MD=y"	649	set_kernel_config CONFIG_MD_AUTODETECT y
666	echo "CONFIG_MD_AUTODETECT=y"	650	set_kernel_config CONFIG_BLK_DEV_DM y
667	echo "CONFIG_BLK_DEV_DM=y"	651	set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y
668	echo "CONFIG_BLK_DEV_DM_BUILTIN=y"	652	set_kernel_config CONFIG_DM_CRYPT y
669	echo "CONFIG_DM_CRYPT=y"	653	set_kernel_config CONFIG_CRYPTO_BLKCIPHER y
670	echo "CONFIG_CRYPTO_BLKCIPHER=y"	654	set_kernel_config CONFIG_CRYPTO_CBC y
671	echo "CONFIG_CRYPTO_CBC=y"	655	set_kernel_config CONFIG_CRYPTO_XTS y
672	echo "CONFIG_CRYPTO_XTS=y"	656	set_kernel_config CONFIG_CRYPTO_SHA512 y
673	echo "CONFIG_CRYPTO_SHA512=y"	657	set_kernel_config CONFIG_CRYPTO_MANAGER y
674	echo "CONFIG_CRYPTO_MANAGER=y"	658	set_kernel_config CONFIG_ARM64_CRYPTO y
675	} >> "${KERNEL_DIR}"/.config	659	set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
		660	set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
		661	set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
		662	set_kernel_config CRYPTO_GHASH_ARM64_CE m
		663	set_kernel_config CRYPTO_SHA2_ARM64_CE m
		664	set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
		665	set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
		666	set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
		667	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
		668	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
		669	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
		670	set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
		671	set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
		672	set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
676	fi	673	fi
677	fi	674	fi
678		675

bootstrap.d/14-fstab.sh +2 -5

             if [ "$ENABLE_USBBOOT" = true ] ; then
               sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
               sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
-              # Add usb/sda2 disk to crypttab
-              sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
             fi
             # Generate initramfs file
                     sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
                     #Regenerate initramfs
-                    #chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
+                    chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
                   fi
                   if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
                 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
                 # Dummy mapping required by mkinitramfs
-                echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
+                echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}"
                 # Generate initramfs with encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages