| @@ -1,889 +1,886 | |||||
| 1 | # |
|
1 | # | |
| 2 | # Build and Setup RPi2/3 Kernel |
|
2 | # Build and Setup RPi2/3 Kernel | |
| 3 | # |
|
3 | # | |
| 4 |
|
4 | |||
| 5 | # Load utility functions |
|
5 | # Load utility functions | |
| 6 | . ./functions.sh |
|
6 | . ./functions.sh | |
| 7 |
|
7 | |||
| 8 | # Need to use kali kernel src if nexmon is enabled |
|
8 | # Need to use kali kernel src if nexmon is enabled | |
| 9 | if [ "$ENABLE_NEXMON" = true ] ; then |
|
9 | if [ "$ENABLE_NEXMON" = true ] ; then | |
| 10 | KERNEL_URL="${KALI_KERNEL_URL}" |
|
10 | KERNEL_URL="${KALI_KERNEL_URL}" | |
| 11 | # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel |
|
11 | # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel | |
| 12 | KERNEL_BRANCH="" |
|
12 | KERNEL_BRANCH="" | |
| 13 | KERNELSRC_DIR="" |
|
13 | KERNELSRC_DIR="" | |
| 14 | fi |
|
14 | fi | |
| 15 |
|
15 | |||
| 16 | # Fetch and build latest raspberry kernel |
|
16 | # Fetch and build latest raspberry kernel | |
| 17 | if [ "$BUILD_KERNEL" = true ] ; then |
|
17 | if [ "$BUILD_KERNEL" = true ] ; then | |
| 18 | # Setup source directory |
|
18 | # Setup source directory | |
| 19 | mkdir -p "${KERNEL_DIR}" |
|
19 | mkdir -p "${KERNEL_DIR}" | |
| 20 |
|
20 | |||
| 21 | # Copy existing kernel sources into chroot directory |
|
21 | # Copy existing kernel sources into chroot directory | |
| 22 | if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then |
|
22 | if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then | |
| 23 | # Copy kernel sources and include hidden files |
|
23 | # Copy kernel sources and include hidden files | |
| 24 | cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}" |
|
24 | cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}" | |
| 25 |
|
25 | |||
| 26 | # Clean the kernel sources |
|
26 | # Clean the kernel sources | |
| 27 | if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
27 | if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then | |
| 28 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper |
|
28 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper | |
| 29 | fi |
|
29 | fi | |
| 30 | else # KERNELSRC_DIR="" |
|
30 | else # KERNELSRC_DIR="" | |
| 31 | # Create temporary directory for kernel sources |
|
31 | # Create temporary directory for kernel sources | |
| 32 | temp_dir=$(as_nobody mktemp -d) |
|
32 | temp_dir=$(as_nobody mktemp -d) | |
| 33 |
|
33 | |||
| 34 | # Fetch current RPi2/3 kernel sources |
|
34 | # Fetch current RPi2/3 kernel sources | |
| 35 | if [ -z "${KERNEL_BRANCH}" ] ; then |
|
35 | if [ -z "${KERNEL_BRANCH}" ] ; then | |
| 36 | as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux |
|
36 | as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux | |
| 37 | else |
|
37 | else | |
| 38 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux |
|
38 | as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux | |
| 39 | fi |
|
39 | fi | |
| 40 |
|
40 | |||
| 41 | # Copy downloaded kernel sources |
|
41 | # Copy downloaded kernel sources | |
| 42 | cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}" |
|
42 | cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}" | |
| 43 |
|
43 | |||
| 44 | # Remove temporary directory for kernel sources |
|
44 | # Remove temporary directory for kernel sources | |
| 45 | rm -fr "${temp_dir}" |
|
45 | rm -fr "${temp_dir}" | |
| 46 |
|
46 | |||
| 47 | # Set permissions of the kernel sources |
|
47 | # Set permissions of the kernel sources | |
| 48 | chown -R root:root "${R}/usr/src" |
|
48 | chown -R root:root "${R}/usr/src" | |
| 49 | fi |
|
49 | fi | |
| 50 |
|
50 | |||
| 51 | # Calculate optimal number of kernel building threads |
|
51 | # Calculate optimal number of kernel building threads | |
| 52 | if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then |
|
52 | if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then | |
| 53 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) |
|
53 | KERNEL_THREADS=$(grep -c processor /proc/cpuinfo) | |
| 54 | fi |
|
54 | fi | |
| 55 |
|
55 | |||
| 56 | #Copy 32bit config to 64bit |
|
56 | #Copy 32bit config to 64bit | |
| 57 | if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then |
|
57 | if [ "$ENABLE_QEMU" = true ] && [ "$KERNEL_ARCH" = arm64 ]; then | |
| 58 | cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/ |
|
58 | cp "${KERNEL_DIR}"/arch/arm/configs/vexpress_defconfig "${KERNEL_DIR}"/arch/arm64/configs/ | |
| 59 | fi |
|
59 | fi | |
| 60 |
|
60 | |||
| 61 | # Configure and build kernel |
|
61 | # Configure and build kernel | |
| 62 | if [ "$KERNELSRC_PREBUILT" = false ] ; then |
|
62 | if [ "$KERNELSRC_PREBUILT" = false ] ; then | |
| 63 | # Remove device, network and filesystem drivers from kernel configuration |
|
63 | # Remove device, network and filesystem drivers from kernel configuration | |
| 64 | if [ "$KERNEL_REDUCE" = true ] ; then |
|
64 | if [ "$KERNEL_REDUCE" = true ] ; then | |
| 65 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" |
|
65 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | |
| 66 | sed -i\ |
|
66 | sed -i\ | |
| 67 | -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ |
|
67 | -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\ | |
| 68 | -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\ |
|
68 | -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\ | |
| 69 | -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\ |
|
69 | -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\ | |
| 70 | -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\ |
|
70 | -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\ | |
| 71 | -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\ |
|
71 | -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\ | |
| 72 | -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\ |
|
72 | -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\ | |
| 73 | -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\ |
|
73 | -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\ | |
| 74 | -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\ |
|
74 | -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\ | |
| 75 | -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\ |
|
75 | -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\ | |
| 76 | -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\ |
|
76 | -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\ | |
| 77 | -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\ |
|
77 | -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\ | |
| 78 | -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\ |
|
78 | -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\ | |
| 79 | -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\ |
|
79 | -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\ | |
| 80 | -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\ |
|
80 | -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\ | |
| 81 | -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\ |
|
81 | -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\ | |
| 82 | -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\ |
|
82 | -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\ | |
| 83 | -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\ |
|
83 | -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\ | |
| 84 | -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\ |
|
84 | -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\ | |
| 85 | -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\ |
|
85 | -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\ | |
| 86 | -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\ |
|
86 | -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\ | |
| 87 | -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\ |
|
87 | -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\ | |
| 88 | -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\ |
|
88 | -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\ | |
| 89 | -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\ |
|
89 | -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\ | |
| 90 | -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\ |
|
90 | -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\ | |
| 91 | -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\ |
|
91 | -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\ | |
| 92 | -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\ |
|
92 | -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\ | |
| 93 | -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\ |
|
93 | -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\ | |
| 94 | -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\ |
|
94 | -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\ | |
| 95 | -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\ |
|
95 | -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\ | |
| 96 | "${KERNEL_DIR}/.config" |
|
96 | "${KERNEL_DIR}/.config" | |
| 97 | fi |
|
97 | fi | |
| 98 |
|
98 | |||
| 99 | if [ "$KERNELSRC_CONFIG" = true ] ; then |
|
99 | if [ "$KERNELSRC_CONFIG" = true ] ; then | |
| 100 | # Load default raspberry kernel configuration |
|
100 | # Load default raspberry kernel configuration | |
| 101 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" |
|
101 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | |
| 102 |
|
102 | |||
| 103 | #Switch to KERNELSRC_DIR so we can use set_kernel_config |
|
103 | #Switch to KERNELSRC_DIR so we can use set_kernel_config | |
| 104 | cd "${KERNEL_DIR}" || exit |
|
104 | cd "${KERNEL_DIR}" || exit | |
| 105 |
|
105 | |||
| 106 | # Enable RPI POE HAT fan |
|
106 | # Enable RPI POE HAT fan | |
| 107 | if [ "$KERNEL_POEHAT" = true ]; then |
|
107 | if [ "$KERNEL_POEHAT" = true ]; then | |
| 108 | set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m |
|
108 | set_kernel_config CONFIG_SENSORS_RPI_POE_FAN m | |
| 109 | fi |
|
109 | fi | |
| 110 |
|
110 | |||
| 111 | # Enable per-interface network priority control |
|
111 | # Enable per-interface network priority control | |
| 112 | # (for systemd-nspawn) |
|
112 | # (for systemd-nspawn) | |
| 113 | if [ "$KERNEL_NSPAN" = true ]; then |
|
113 | if [ "$KERNEL_NSPAN" = true ]; then | |
| 114 | set_kernel_config CONFIG_CGROUP_NET_PRIO y |
|
114 | set_kernel_config CONFIG_CGROUP_NET_PRIO y | |
| 115 | fi |
|
115 | fi | |
| 116 |
|
116 | |||
| 117 | # Compile in BTRFS |
|
117 | # Compile in BTRFS | |
| 118 | if [ "$KERNEL_BTRFS" = true ]; then |
|
118 | if [ "$KERNEL_BTRFS" = true ]; then | |
| 119 | set_kernel_config CONFIG_BTRFS_FS y |
|
119 | set_kernel_config CONFIG_BTRFS_FS y | |
| 120 | set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y |
|
120 | set_kernel_config CONFIG_BTRFS_FS_POSIX_ACL y | |
| 121 | set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y |
|
121 | set_kernel_config CONFIG_BTRFS_FS_REF_VERIFY y | |
| 122 | fi |
|
122 | fi | |
| 123 |
|
123 | |||
| 124 | # Diffie-Hellman operations on retained keys |
|
124 | # Diffie-Hellman operations on retained keys | |
| 125 | # (required for >keyutils-1.6) |
|
125 | # (required for >keyutils-1.6) | |
| 126 | if [ "$KERNEL_DHKEY" = true ]; then |
|
126 | if [ "$KERNEL_DHKEY" = true ]; then | |
| 127 | set_kernel_config CONFIG_KEY_DH_OPERATIONS y |
|
127 | set_kernel_config CONFIG_KEY_DH_OPERATIONS y | |
| 128 | fi |
|
128 | fi | |
| 129 |
|
129 | |||
| 130 | if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then |
|
130 | if [ "$KERNEL_ARCH" = arm64 ] && [ "$ENABLE_QEMU" = false ]; then | |
| 131 | # Mask this temporarily during switch to rpi-4.19.y |
|
131 | # Mask this temporarily during switch to rpi-4.19.y | |
| 132 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config |
|
132 | #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config | |
| 133 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 |
|
133 | # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225 | |
| 134 | #set_kernel_config CONFIG_MMC_BCM2835 n |
|
134 | #set_kernel_config CONFIG_MMC_BCM2835 n | |
| 135 | #set_kernel_config CONFIG_MMC_SDHCI_IPROC n |
|
135 | #set_kernel_config CONFIG_MMC_SDHCI_IPROC n | |
| 136 | #set_kernel_config CONFIG_USB_DWC2 n |
|
136 | #set_kernel_config CONFIG_USB_DWC2 n | |
| 137 | #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig |
|
137 | #sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig | |
| 138 |
|
138 | |||
| 139 | #VLAN got disabled without reason in arm64bit |
|
139 | #VLAN got disabled without reason in arm64bit | |
| 140 | set_kernel_config CONFIG_IPVLAN m |
|
140 | set_kernel_config CONFIG_IPVLAN m | |
| 141 | fi |
|
141 | fi | |
| 142 |
|
142 | |||
| 143 | # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap |
|
143 | # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap | |
| 144 | if [ "$KERNEL_ZSWAP" = true ] ; then |
|
144 | if [ "$KERNEL_ZSWAP" = true ] ; then | |
| 145 | set_kernel_config CONFIG_ZPOOL y |
|
145 | set_kernel_config CONFIG_ZPOOL y | |
| 146 | set_kernel_config CONFIG_ZSWAP y |
|
146 | set_kernel_config CONFIG_ZSWAP y | |
| 147 | set_kernel_config CONFIG_ZBUD y |
|
147 | set_kernel_config CONFIG_ZBUD y | |
| 148 | set_kernel_config CONFIG_Z3FOLD y |
|
148 | set_kernel_config CONFIG_Z3FOLD y | |
| 149 | set_kernel_config CONFIG_ZSMALLOC y |
|
149 | set_kernel_config CONFIG_ZSMALLOC y | |
| 150 | set_kernel_config CONFIG_PGTABLE_MAPPING y |
|
150 | set_kernel_config CONFIG_PGTABLE_MAPPING y | |
| 151 | set_kernel_config CONFIG_LZO_COMPRESS y |
|
151 | set_kernel_config CONFIG_LZO_COMPRESS y | |
| 152 | fi |
|
152 | fi | |
| 153 |
|
153 | |||
| 154 | if [ "$RPI_MODEL" = 4 ] ; then |
|
154 | if [ "$RPI_MODEL" = 4 ] ; then | |
| 155 | # Following are set in current 32-bit LPAE kernel |
|
155 | # Following are set in current 32-bit LPAE kernel | |
| 156 | set_kernel_config CONFIG_CGROUP_PIDS y |
|
156 | set_kernel_config CONFIG_CGROUP_PIDS y | |
| 157 | set_kernel_config CONFIG_NET_IPVTI m |
|
157 | set_kernel_config CONFIG_NET_IPVTI m | |
| 158 | set_kernel_config CONFIG_NF_TABLES_SET m |
|
158 | set_kernel_config CONFIG_NF_TABLES_SET m | |
| 159 | set_kernel_config CONFIG_NF_TABLES_INET y |
|
159 | set_kernel_config CONFIG_NF_TABLES_INET y | |
| 160 | set_kernel_config CONFIG_NF_TABLES_NETDEV y |
|
160 | set_kernel_config CONFIG_NF_TABLES_NETDEV y | |
| 161 | set_kernel_config CONFIG_NF_FLOW_TABLE m |
|
161 | set_kernel_config CONFIG_NF_FLOW_TABLE m | |
| 162 | set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m |
|
162 | set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m | |
| 163 | set_kernel_config CONFIG_NFT_CONNLIMIT m |
|
163 | set_kernel_config CONFIG_NFT_CONNLIMIT m | |
| 164 | set_kernel_config CONFIG_NFT_TUNNEL m |
|
164 | set_kernel_config CONFIG_NFT_TUNNEL m | |
| 165 | set_kernel_config CONFIG_NFT_OBJREF m |
|
165 | set_kernel_config CONFIG_NFT_OBJREF m | |
| 166 | set_kernel_config CONFIG_NFT_FIB_IPV4 m |
|
166 | set_kernel_config CONFIG_NFT_FIB_IPV4 m | |
| 167 | set_kernel_config CONFIG_NFT_FIB_IPV6 m |
|
167 | set_kernel_config CONFIG_NFT_FIB_IPV6 m | |
| 168 | set_kernel_config CONFIG_NFT_FIB_INET m |
|
168 | set_kernel_config CONFIG_NFT_FIB_INET m | |
| 169 | set_kernel_config CONFIG_NFT_SOCKET m |
|
169 | set_kernel_config CONFIG_NFT_SOCKET m | |
| 170 | set_kernel_config CONFIG_NFT_OSF m |
|
170 | set_kernel_config CONFIG_NFT_OSF m | |
| 171 | set_kernel_config CONFIG_NFT_TPROXY m |
|
171 | set_kernel_config CONFIG_NFT_TPROXY m | |
| 172 | set_kernel_config CONFIG_NF_DUP_NETDEV m |
|
172 | set_kernel_config CONFIG_NF_DUP_NETDEV m | |
| 173 | set_kernel_config CONFIG_NFT_DUP_NETDEV m |
|
173 | set_kernel_config CONFIG_NFT_DUP_NETDEV m | |
| 174 | set_kernel_config CONFIG_NFT_FWD_NETDEV m |
|
174 | set_kernel_config CONFIG_NFT_FWD_NETDEV m | |
| 175 | set_kernel_config CONFIG_NFT_FIB_NETDEV m |
|
175 | set_kernel_config CONFIG_NFT_FIB_NETDEV m | |
| 176 | set_kernel_config CONFIG_NF_FLOW_TABLE_INET m |
|
176 | set_kernel_config CONFIG_NF_FLOW_TABLE_INET m | |
| 177 | set_kernel_config CONFIG_NF_FLOW_TABLE m |
|
177 | set_kernel_config CONFIG_NF_FLOW_TABLE m | |
| 178 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m |
|
178 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m | |
| 179 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m |
|
179 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m | |
| 180 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m |
|
180 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m | |
| 181 | set_kernel_config CONFIG_NFT_MASQ_IPV6 m |
|
181 | set_kernel_config CONFIG_NFT_MASQ_IPV6 m | |
| 182 | set_kernel_config CONFIG_NFT_REDIR_IPV6 m |
|
182 | set_kernel_config CONFIG_NFT_REDIR_IPV6 m | |
| 183 | set_kernel_config CONFIG_NFT_REJECT_IPV6 m |
|
183 | set_kernel_config CONFIG_NFT_REJECT_IPV6 m | |
| 184 | set_kernel_config CONFIG_NFT_DUP_IPV6 m |
|
184 | set_kernel_config CONFIG_NFT_DUP_IPV6 m | |
| 185 | set_kernel_config CONFIG_NFT_FIB_IPV6 m |
|
185 | set_kernel_config CONFIG_NFT_FIB_IPV6 m | |
| 186 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m |
|
186 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 m | |
| 187 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m |
|
187 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m | |
| 188 | set_kernel_config CONFIG_NFT_BRIDGE_REJECT m |
|
188 | set_kernel_config CONFIG_NFT_BRIDGE_REJECT m | |
| 189 | set_kernel_config CONFIG_NF_LOG_BRIDGE m |
|
189 | set_kernel_config CONFIG_NF_LOG_BRIDGE m | |
| 190 | set_kernel_config CONFIG_MT76_CORE m |
|
190 | set_kernel_config CONFIG_MT76_CORE m | |
| 191 | set_kernel_config CONFIG_MT76_LEDS m |
|
191 | set_kernel_config CONFIG_MT76_LEDS m | |
| 192 | set_kernel_config CONFIG_MT76_USB m |
|
192 | set_kernel_config CONFIG_MT76_USB m | |
| 193 | set_kernel_config CONFIG_MT76x2_COMMON m |
|
193 | set_kernel_config CONFIG_MT76x2_COMMON m | |
| 194 | set_kernel_config CONFIG_MT76x0U m |
|
194 | set_kernel_config CONFIG_MT76x0U m | |
| 195 | set_kernel_config CONFIG_MT76x2U m |
|
195 | set_kernel_config CONFIG_MT76x2U m | |
| 196 | set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m |
|
196 | set_kernel_config CONFIG_TOUCHSCREEN_ILI210X m | |
| 197 | set_kernel_config CONFIG_BCM_VC_SM m |
|
197 | set_kernel_config CONFIG_BCM_VC_SM m | |
| 198 | set_kernel_config CONFIG_BCM2835_SMI_DEV m |
|
198 | set_kernel_config CONFIG_BCM2835_SMI_DEV m | |
| 199 | set_kernel_config CONFIG_RPIVID_MEM m |
|
199 | set_kernel_config CONFIG_RPIVID_MEM m | |
| 200 | set_kernel_config CONFIG_HW_RANDOM_BCM2835 y |
|
200 | set_kernel_config CONFIG_HW_RANDOM_BCM2835 y | |
| 201 | set_kernel_config CONFIG_TCG_TPM m |
|
201 | set_kernel_config CONFIG_TCG_TPM m | |
| 202 | set_kernel_config CONFIG_HW_RANDOM_TPM y |
|
202 | set_kernel_config CONFIG_HW_RANDOM_TPM y | |
| 203 | set_kernel_config CONFIG_TCG_TIS m |
|
203 | set_kernel_config CONFIG_TCG_TIS m | |
| 204 | set_kernel_config CONFIG_TCG_TIS_SPI m |
|
204 | set_kernel_config CONFIG_TCG_TIS_SPI m | |
| 205 | set_kernel_config CONFIG_I2C_MUX m |
|
205 | set_kernel_config CONFIG_I2C_MUX m | |
| 206 | set_kernel_config CONFIG_I2C_MUX_GPMUX m |
|
206 | set_kernel_config CONFIG_I2C_MUX_GPMUX m | |
| 207 | set_kernel_config CONFIG_I2C_MUX_PCA954x m |
|
207 | set_kernel_config CONFIG_I2C_MUX_PCA954x m | |
| 208 | set_kernel_config CONFIG_SPI_GPIO m |
|
208 | set_kernel_config CONFIG_SPI_GPIO m | |
| 209 | set_kernel_config CONFIG_BATTERY_MAX17040 m |
|
209 | set_kernel_config CONFIG_BATTERY_MAX17040 m | |
| 210 | set_kernel_config CONFIG_SENSORS_GPIO_FAN m |
|
210 | set_kernel_config CONFIG_SENSORS_GPIO_FAN m | |
| 211 | set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m |
|
211 | set_kernel_config CONFIG_SENSORS_RASPBERRYPI_HWMON m | |
| 212 | set_kernel_config CONFIG_BCM2835_THERMAL y |
|
212 | set_kernel_config CONFIG_BCM2835_THERMAL y | |
| 213 | set_kernel_config CONFIG_RC_CORE y |
|
213 | set_kernel_config CONFIG_RC_CORE y | |
| 214 | set_kernel_config CONFIG_RC_MAP y |
|
214 | set_kernel_config CONFIG_RC_MAP y | |
| 215 | set_kernel_config CONFIG_LIRC y |
|
215 | set_kernel_config CONFIG_LIRC y | |
| 216 | set_kernel_config CONFIG_RC_DECODERS y |
|
216 | set_kernel_config CONFIG_RC_DECODERS y | |
| 217 | set_kernel_config CONFIG_IR_NEC_DECODER m |
|
217 | set_kernel_config CONFIG_IR_NEC_DECODER m | |
| 218 | set_kernel_config CONFIG_IR_RC5_DECODER m |
|
218 | set_kernel_config CONFIG_IR_RC5_DECODER m | |
| 219 | set_kernel_config CONFIG_IR_RC6_DECODER m |
|
219 | set_kernel_config CONFIG_IR_RC6_DECODER m | |
| 220 | set_kernel_config CONFIG_IR_JVC_DECODER m |
|
220 | set_kernel_config CONFIG_IR_JVC_DECODER m | |
| 221 | set_kernel_config CONFIG_IR_SONY_DECODER m |
|
221 | set_kernel_config CONFIG_IR_SONY_DECODER m | |
| 222 | set_kernel_config CONFIG_IR_SANYO_DECODER m |
|
222 | set_kernel_config CONFIG_IR_SANYO_DECODER m | |
| 223 | set_kernel_config CONFIG_IR_SHARP_DECODER m |
|
223 | set_kernel_config CONFIG_IR_SHARP_DECODER m | |
| 224 | set_kernel_config CONFIG_IR_MCE_KBD_DECODER m |
|
224 | set_kernel_config CONFIG_IR_MCE_KBD_DECODER m | |
| 225 | set_kernel_config CONFIG_IR_XMP_DECODER m |
|
225 | set_kernel_config CONFIG_IR_XMP_DECODER m | |
| 226 | set_kernel_config CONFIG_IR_IMON_DECODER m |
|
226 | set_kernel_config CONFIG_IR_IMON_DECODER m | |
| 227 | set_kernel_config CONFIG_RC_DEVICES y |
|
227 | set_kernel_config CONFIG_RC_DEVICES y | |
| 228 | set_kernel_config CONFIG_RC_ATI_REMOTE m |
|
228 | set_kernel_config CONFIG_RC_ATI_REMOTE m | |
| 229 | set_kernel_config CONFIG_IR_IMON m |
|
229 | set_kernel_config CONFIG_IR_IMON m | |
| 230 | set_kernel_config CONFIG_IR_MCEUSB m |
|
230 | set_kernel_config CONFIG_IR_MCEUSB m | |
| 231 | set_kernel_config CONFIG_IR_REDRAT3 m |
|
231 | set_kernel_config CONFIG_IR_REDRAT3 m | |
| 232 | set_kernel_config CONFIG_IR_STREAMZAP m |
|
232 | set_kernel_config CONFIG_IR_STREAMZAP m | |
| 233 | set_kernel_config CONFIG_IR_IGUANA m |
|
233 | set_kernel_config CONFIG_IR_IGUANA m | |
| 234 | set_kernel_config CONFIG_IR_TTUSBIR m |
|
234 | set_kernel_config CONFIG_IR_TTUSBIR m | |
| 235 | set_kernel_config CONFIG_RC_LOOPBACK m |
|
235 | set_kernel_config CONFIG_RC_LOOPBACK m | |
| 236 | set_kernel_config CONFIG_IR_GPIO_CIR m |
|
236 | set_kernel_config CONFIG_IR_GPIO_CIR m | |
| 237 | set_kernel_config CONFIG_IR_GPIO_TX m |
|
237 | set_kernel_config CONFIG_IR_GPIO_TX m | |
| 238 | set_kernel_config CONFIG_IR_PWM_TX m |
|
238 | set_kernel_config CONFIG_IR_PWM_TX m | |
| 239 | set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y |
|
239 | set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y | |
| 240 | set_kernel_config CONFIG_VIDEO_AU0828_RC y |
|
240 | set_kernel_config CONFIG_VIDEO_AU0828_RC y | |
| 241 | set_kernel_config CONFIG_VIDEO_CX231XX m |
|
241 | set_kernel_config CONFIG_VIDEO_CX231XX m | |
| 242 | set_kernel_config CONFIG_VIDEO_CX231XX_RC y |
|
242 | set_kernel_config CONFIG_VIDEO_CX231XX_RC y | |
| 243 | set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m |
|
243 | set_kernel_config CONFIG_VIDEO_CX231XX_ALSA m | |
| 244 | set_kernel_config CONFIG_VIDEO_CX231XX_DVB m |
|
244 | set_kernel_config CONFIG_VIDEO_CX231XX_DVB m | |
| 245 | set_kernel_config CONFIG_VIDEO_TM6000 m |
|
245 | set_kernel_config CONFIG_VIDEO_TM6000 m | |
| 246 | set_kernel_config CONFIG_VIDEO_TM6000_ALSA m |
|
246 | set_kernel_config CONFIG_VIDEO_TM6000_ALSA m | |
| 247 | set_kernel_config CONFIG_VIDEO_TM6000_DVB m |
|
247 | set_kernel_config CONFIG_VIDEO_TM6000_DVB m | |
| 248 | set_kernel_config CONFIG_DVB_USB m |
|
248 | set_kernel_config CONFIG_DVB_USB m | |
| 249 | set_kernel_config CONFIG_DVB_USB_DIB3000MC m |
|
249 | set_kernel_config CONFIG_DVB_USB_DIB3000MC m | |
| 250 | set_kernel_config CONFIG_DVB_USB_A800 m |
|
250 | set_kernel_config CONFIG_DVB_USB_A800 m | |
| 251 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m |
|
251 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MB m | |
| 252 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y |
|
252 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MB_FAULTY y | |
| 253 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m |
|
253 | set_kernel_config CONFIG_DVB_USB_DIBUSB_MC m | |
| 254 | set_kernel_config CONFIG_DVB_USB_DIB0700 m |
|
254 | set_kernel_config CONFIG_DVB_USB_DIB0700 m | |
| 255 | set_kernel_config CONFIG_DVB_USB_UMT_010 m |
|
255 | set_kernel_config CONFIG_DVB_USB_UMT_010 m | |
| 256 | set_kernel_config CONFIG_DVB_USB_CXUSB m |
|
256 | set_kernel_config CONFIG_DVB_USB_CXUSB m | |
| 257 | set_kernel_config CONFIG_DVB_USB_M920X m |
|
257 | set_kernel_config CONFIG_DVB_USB_M920X m | |
| 258 | set_kernel_config CONFIG_DVB_USB_DIGITV m |
|
258 | set_kernel_config CONFIG_DVB_USB_DIGITV m | |
| 259 | set_kernel_config CONFIG_DVB_USB_VP7045 m |
|
259 | set_kernel_config CONFIG_DVB_USB_VP7045 m | |
| 260 | set_kernel_config CONFIG_DVB_USB_VP702X m |
|
260 | set_kernel_config CONFIG_DVB_USB_VP702X m | |
| 261 | set_kernel_config CONFIG_DVB_USB_GP8PSK m |
|
261 | set_kernel_config CONFIG_DVB_USB_GP8PSK m | |
| 262 | set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m |
|
262 | set_kernel_config CONFIG_DVB_USB_NOVA_T_USB2 m | |
| 263 | set_kernel_config CONFIG_DVB_USB_TTUSB2 m |
|
263 | set_kernel_config CONFIG_DVB_USB_TTUSB2 m | |
| 264 | set_kernel_config CONFIG_DVB_USB_DTT200U m |
|
264 | set_kernel_config CONFIG_DVB_USB_DTT200U m | |
| 265 | set_kernel_config CONFIG_DVB_USB_OPERA1 m |
|
265 | set_kernel_config CONFIG_DVB_USB_OPERA1 m | |
| 266 | set_kernel_config CONFIG_DVB_USB_AF9005 m |
|
266 | set_kernel_config CONFIG_DVB_USB_AF9005 m | |
| 267 | set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m |
|
267 | set_kernel_config CONFIG_DVB_USB_AF9005_REMOTE m | |
| 268 | set_kernel_config CONFIG_DVB_USB_PCTV452E m |
|
268 | set_kernel_config CONFIG_DVB_USB_PCTV452E m | |
| 269 | set_kernel_config CONFIG_DVB_USB_DW2102 m |
|
269 | set_kernel_config CONFIG_DVB_USB_DW2102 m | |
| 270 | set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m |
|
270 | set_kernel_config CONFIG_DVB_USB_CINERGY_T2 m | |
| 271 | set_kernel_config CONFIG_DVB_USB_DTV5100 m |
|
271 | set_kernel_config CONFIG_DVB_USB_DTV5100 m | |
| 272 | set_kernel_config CONFIG_DVB_USB_AZ6027 m |
|
272 | set_kernel_config CONFIG_DVB_USB_AZ6027 m | |
| 273 | set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m |
|
273 | set_kernel_config CONFIG_DVB_USB_TECHNISAT_USB2 m | |
| 274 | set_kernel_config CONFIG_DVB_USB_AF9015 m |
|
274 | set_kernel_config CONFIG_DVB_USB_AF9015 m | |
| 275 | set_kernel_config CONFIG_DVB_USB_LME2510 m |
|
275 | set_kernel_config CONFIG_DVB_USB_LME2510 m | |
| 276 | set_kernel_config CONFIG_DVB_USB_RTL28XXU m |
|
276 | set_kernel_config CONFIG_DVB_USB_RTL28XXU m | |
| 277 | set_kernel_config CONFIG_VIDEO_EM28XX_RC m |
|
277 | set_kernel_config CONFIG_VIDEO_EM28XX_RC m | |
| 278 | set_kernel_config CONFIG_SMS_SIANO_RC m |
|
278 | set_kernel_config CONFIG_SMS_SIANO_RC m | |
| 279 | set_kernel_config CONFIG_VIDEO_IR_I2C m |
|
279 | set_kernel_config CONFIG_VIDEO_IR_I2C m | |
| 280 | set_kernel_config CONFIG_VIDEO_ADV7180 m |
|
280 | set_kernel_config CONFIG_VIDEO_ADV7180 m | |
| 281 | set_kernel_config CONFIG_VIDEO_TC358743 m |
|
281 | set_kernel_config CONFIG_VIDEO_TC358743 m | |
| 282 | set_kernel_config CONFIG_VIDEO_OV5647 m |
|
282 | set_kernel_config CONFIG_VIDEO_OV5647 m | |
| 283 | set_kernel_config CONFIG_DVB_M88DS3103 m |
|
283 | set_kernel_config CONFIG_DVB_M88DS3103 m | |
| 284 | set_kernel_config CONFIG_DVB_AF9013 m |
|
284 | set_kernel_config CONFIG_DVB_AF9013 m | |
| 285 | set_kernel_config CONFIG_DVB_RTL2830 m |
|
285 | set_kernel_config CONFIG_DVB_RTL2830 m | |
| 286 | set_kernel_config CONFIG_DVB_RTL2832 m |
|
286 | set_kernel_config CONFIG_DVB_RTL2832 m | |
| 287 | set_kernel_config CONFIG_DVB_SI2168 m |
|
287 | set_kernel_config CONFIG_DVB_SI2168 m | |
| 288 | set_kernel_config CONFIG_DVB_GP8PSK_FE m |
|
288 | set_kernel_config CONFIG_DVB_GP8PSK_FE m | |
| 289 | set_kernel_config CONFIG_DVB_USB m |
|
289 | set_kernel_config CONFIG_DVB_USB m | |
| 290 | set_kernel_config CONFIG_DVB_LGDT3306A m |
|
290 | set_kernel_config CONFIG_DVB_LGDT3306A m | |
| 291 | set_kernel_config CONFIG_FB_SIMPLE y |
|
291 | set_kernel_config CONFIG_FB_SIMPLE y | |
| 292 | set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m |
|
292 | set_kernel_config CONFIG_SND_BCM2708_SOC_IQAUDIO_CODEC m | |
| 293 | set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m |
|
293 | set_kernel_config CONFIG_SND_BCM2708_SOC_I_SABRE_Q2M m | |
| 294 | set_kernel_config CONFIG_SND_AUDIOSENSE_PI m |
|
294 | set_kernel_config CONFIG_SND_AUDIOSENSE_PI m | |
| 295 | set_kernel_config CONFIG_SND_SOC_AD193X m |
|
295 | set_kernel_config CONFIG_SND_SOC_AD193X m | |
| 296 | set_kernel_config CONFIG_SND_SOC_AD193X_SPI m |
|
296 | set_kernel_config CONFIG_SND_SOC_AD193X_SPI m | |
| 297 | set_kernel_config CONFIG_SND_SOC_AD193X_I2C m |
|
297 | set_kernel_config CONFIG_SND_SOC_AD193X_I2C m | |
| 298 | set_kernel_config CONFIG_SND_SOC_CS4265 m |
|
298 | set_kernel_config CONFIG_SND_SOC_CS4265 m | |
| 299 | set_kernel_config CONFIG_SND_SOC_DA7213 m |
|
299 | set_kernel_config CONFIG_SND_SOC_DA7213 m | |
| 300 | set_kernel_config CONFIG_SND_SOC_ICS43432 m |
|
300 | set_kernel_config CONFIG_SND_SOC_ICS43432 m | |
| 301 | set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m |
|
301 | set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4 m | |
| 302 | set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m |
|
302 | set_kernel_config CONFIG_SND_SOC_TLV320AIC32X4_I2C m | |
| 303 | set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m |
|
303 | set_kernel_config CONFIG_SND_SOC_I_SABRE_CODEC m | |
| 304 | set_kernel_config CONFIG_HID_BIGBEN_FF m |
|
304 | set_kernel_config CONFIG_HID_BIGBEN_FF m | |
| 305 | #set_kernel_config CONFIG_USB_XHCI_PLATFORM y |
|
305 | #set_kernel_config CONFIG_USB_XHCI_PLATFORM y | |
| 306 | set_kernel_config CONFIG_USB_TMC m |
|
306 | set_kernel_config CONFIG_USB_TMC m | |
| 307 | set_kernel_config CONFIG_USB_UAS y |
|
307 | set_kernel_config CONFIG_USB_UAS y | |
| 308 | set_kernel_config CONFIG_USBIP_VUDC m |
|
308 | set_kernel_config CONFIG_USBIP_VUDC m | |
| 309 | set_kernel_config CONFIG_USB_CONFIGFS m |
|
309 | set_kernel_config CONFIG_USB_CONFIGFS m | |
| 310 | set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y |
|
310 | set_kernel_config CONFIG_USB_CONFIGFS_SERIAL y | |
| 311 | set_kernel_config CONFIG_USB_CONFIGFS_ACM y |
|
311 | set_kernel_config CONFIG_USB_CONFIGFS_ACM y | |
| 312 | set_kernel_config CONFIG_USB_CONFIGFS_OBEX y |
|
312 | set_kernel_config CONFIG_USB_CONFIGFS_OBEX y | |
| 313 | set_kernel_config CONFIG_USB_CONFIGFS_NCM y |
|
313 | set_kernel_config CONFIG_USB_CONFIGFS_NCM y | |
| 314 | set_kernel_config CONFIG_USB_CONFIGFS_ECM y |
|
314 | set_kernel_config CONFIG_USB_CONFIGFS_ECM y | |
| 315 | set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y |
|
315 | set_kernel_config CONFIG_USB_CONFIGFS_ECM_SUBSET y | |
| 316 | set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y |
|
316 | set_kernel_config CONFIG_USB_CONFIGFS_RNDIS y | |
| 317 | set_kernel_config CONFIG_USB_CONFIGFS_EEM y |
|
317 | set_kernel_config CONFIG_USB_CONFIGFS_EEM y | |
| 318 | set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y |
|
318 | set_kernel_config CONFIG_USB_CONFIGFS_MASS_STORAGE y | |
| 319 | set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y |
|
319 | set_kernel_config CONFIG_USB_CONFIGFS_F_LB_SS y | |
| 320 | set_kernel_config CONFIG_USB_CONFIGFS_F_FS y |
|
320 | set_kernel_config CONFIG_USB_CONFIGFS_F_FS y | |
| 321 | set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y |
|
321 | set_kernel_config CONFIG_USB_CONFIGFS_F_UAC1 y | |
| 322 | set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y |
|
322 | set_kernel_config CONFIG_USB_CONFIGFS_F_UAC2 y | |
| 323 | set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y |
|
323 | set_kernel_config CONFIG_USB_CONFIGFS_F_MIDI y | |
| 324 | set_kernel_config CONFIG_USB_CONFIGFS_F_HID y |
|
324 | set_kernel_config CONFIG_USB_CONFIGFS_F_HID y | |
| 325 | set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y |
|
325 | set_kernel_config CONFIG_USB_CONFIGFS_F_UVC y | |
| 326 | set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y |
|
326 | set_kernel_config CONFIG_USB_CONFIGFS_F_PRINTER y | |
| 327 | set_kernel_config CONFIG_LEDS_PCA963X m |
|
327 | set_kernel_config CONFIG_LEDS_PCA963X m | |
| 328 | set_kernel_config CONFIG_LEDS_IS31FL32XX m |
|
328 | set_kernel_config CONFIG_LEDS_IS31FL32XX m | |
| 329 | set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m |
|
329 | set_kernel_config CONFIG_LEDS_TRIGGER_NETDEV m | |
| 330 | set_kernel_config CONFIG_RTC_DRV_RV3028 m |
|
330 | set_kernel_config CONFIG_RTC_DRV_RV3028 m | |
| 331 | set_kernel_config CONFIG_AUXDISPLAY y |
|
331 | set_kernel_config CONFIG_AUXDISPLAY y | |
| 332 | set_kernel_config CONFIG_HD44780 m |
|
332 | set_kernel_config CONFIG_HD44780 m | |
| 333 | set_kernel_config CONFIG_FB_TFT_SH1106 m |
|
333 | set_kernel_config CONFIG_FB_TFT_SH1106 m | |
| 334 | set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m |
|
334 | set_kernel_config CONFIG_VIDEO_CODEC_BCM2835 m | |
| 335 | set_kernel_config CONFIG_BCM2835_POWER y |
|
335 | set_kernel_config CONFIG_BCM2835_POWER y | |
| 336 | set_kernel_config CONFIG_INV_MPU6050_IIO m |
|
336 | set_kernel_config CONFIG_INV_MPU6050_IIO m | |
| 337 | set_kernel_config CONFIG_INV_MPU6050_I2C m |
|
337 | set_kernel_config CONFIG_INV_MPU6050_I2C m | |
| 338 | set_kernel_config CONFIG_SECURITYFS y |
|
338 | set_kernel_config CONFIG_SECURITYFS y | |
| 339 |
|
339 | |||
| 340 | # Safer to build this in |
|
340 | # Safer to build this in | |
| 341 | set_kernel_config CONFIG_BINFMT_MISC y |
|
341 | set_kernel_config CONFIG_BINFMT_MISC y | |
| 342 |
|
342 | |||
| 343 | # pulseaudio wants a buffer of at least this size |
|
343 | # pulseaudio wants a buffer of at least this size | |
| 344 | set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048 |
|
344 | set_kernel_config CONFIG_SND_HDA_PREALLOC_SIZE 2048 | |
| 345 |
|
345 | |||
| 346 | # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4 |
|
346 | # PR#3063: enable 3D acceleration with 64-bit kernel on RPi4 | |
| 347 | # set the appropriate kernel configs unlocked by this PR |
|
347 | # set the appropriate kernel configs unlocked by this PR | |
| 348 | set_kernel_config CONFIG_ARCH_BCM y |
|
348 | set_kernel_config CONFIG_ARCH_BCM y | |
| 349 | set_kernel_config CONFIG_ARCH_BCM2835 y |
|
349 | set_kernel_config CONFIG_ARCH_BCM2835 y | |
| 350 | set_kernel_config CONFIG_DRM_V3D m |
|
350 | set_kernel_config CONFIG_DRM_V3D m | |
| 351 | set_kernel_config CONFIG_DRM_VC4 m |
|
351 | set_kernel_config CONFIG_DRM_VC4 m | |
| 352 | set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y |
|
352 | set_kernel_config CONFIG_DRM_VC4_HDMI_CEC y | |
| 353 |
|
353 | |||
| 354 | # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4 |
|
354 | # PR#3144: add arm64 pcie bounce buffers; enables 4GiB on RPi4 | |
| 355 | # required by PR#3144; should already be applied, but just to be safe |
|
355 | # required by PR#3144; should already be applied, but just to be safe | |
| 356 | set_kernel_config CONFIG_PCIE_BRCMSTB y |
|
356 | set_kernel_config CONFIG_PCIE_BRCMSTB y | |
| 357 | set_kernel_config CONFIG_BCM2835_MMC y |
|
357 | set_kernel_config CONFIG_BCM2835_MMC y | |
| 358 |
|
358 | |||
| 359 | # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at |
|
359 | # Snap needs squashfs. The ubuntu eoan-preinstalled-server image at | |
| 360 | # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap |
|
360 | # http://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/ uses snap | |
| 361 | # during cloud-init setup at first boot. Without this the login accounts are not |
|
361 | # during cloud-init setup at first boot. Without this the login accounts are not | |
| 362 | # created and the user can not login. |
|
362 | # created and the user can not login. | |
| 363 | set_kernel_config CONFIG_SQUASHFS y |
|
363 | set_kernel_config CONFIG_SQUASHFS y | |
| 364 |
|
364 | |||
| 365 | # Ceph support for Block Device (RBD) and Filesystem (FS) |
|
365 | # Ceph support for Block Device (RBD) and Filesystem (FS) | |
| 366 | # https://docs.ceph.com/docs/master/ |
|
366 | # https://docs.ceph.com/docs/master/ | |
| 367 | set_kernel_config CONFIG_CEPH_LIB m |
|
367 | set_kernel_config CONFIG_CEPH_LIB m | |
| 368 | set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y |
|
368 | set_kernel_config CONFIG_CEPH_LIB_USE_DNS_RESOLVER y | |
| 369 | set_kernel_config CONFIG_CEPH_FS m |
|
369 | set_kernel_config CONFIG_CEPH_FS m | |
| 370 | set_kernel_config CONFIG_CEPH_FSCACHE y |
|
370 | set_kernel_config CONFIG_CEPH_FSCACHE y | |
| 371 | set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y |
|
371 | set_kernel_config CONFIG_CEPH_FS_POSIX_ACL y | |
| 372 | set_kernel_config CONFIG_BLK_DEV_RBD m |
|
372 | set_kernel_config CONFIG_BLK_DEV_RBD m | |
| 373 | fi |
|
373 | fi | |
| 374 |
|
374 | |||
| 375 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 |
|
375 | # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453 | |
| 376 | if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then |
|
376 | if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; } ; then | |
| 377 | set_kernel_config CONFIG_HAVE_KVM y |
|
377 | set_kernel_config CONFIG_HAVE_KVM y | |
| 378 | set_kernel_config CONFIG_HIGH_RES_TIMERS y |
|
378 | set_kernel_config CONFIG_HIGH_RES_TIMERS y | |
| 379 | set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y |
|
379 | set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y | |
| 380 | set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y |
|
380 | set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y | |
| 381 | set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y |
|
381 | set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y | |
| 382 | set_kernel_config CONFIG_HAVE_KVM_EVENTFD y |
|
382 | set_kernel_config CONFIG_HAVE_KVM_EVENTFD y | |
| 383 | set_kernel_config CONFIG_HAVE_KVM_IRQFD y |
|
383 | set_kernel_config CONFIG_HAVE_KVM_IRQFD y | |
| 384 | set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y |
|
384 | set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y | |
| 385 | set_kernel_config CONFIG_HAVE_KVM_MSI y |
|
385 | set_kernel_config CONFIG_HAVE_KVM_MSI y | |
| 386 | set_kernel_config CONFIG_KVM y |
|
386 | set_kernel_config CONFIG_KVM y | |
| 387 | set_kernel_config CONFIG_KVM_ARM_HOST y |
|
387 | set_kernel_config CONFIG_KVM_ARM_HOST y | |
| 388 | set_kernel_config CONFIG_KVM_ARM_PMU y |
|
388 | set_kernel_config CONFIG_KVM_ARM_PMU y | |
| 389 | set_kernel_config CONFIG_KVM_COMPAT y |
|
389 | set_kernel_config CONFIG_KVM_COMPAT y | |
| 390 | set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y |
|
390 | set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y | |
| 391 | set_kernel_config CONFIG_KVM_MMIO y |
|
391 | set_kernel_config CONFIG_KVM_MMIO y | |
| 392 | set_kernel_config CONFIG_KVM_VFIO y |
|
392 | set_kernel_config CONFIG_KVM_VFIO y | |
| 393 | set_kernel_config CONFIG_KVM_MMU_AUDIT y |
|
393 | set_kernel_config CONFIG_KVM_MMU_AUDIT y | |
| 394 | set_kernel_config CONFIG_VHOST m |
|
394 | set_kernel_config CONFIG_VHOST m | |
| 395 | set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y |
|
395 | set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y | |
| 396 | set_kernel_config CONFIG_VHOST_NET m |
|
396 | set_kernel_config CONFIG_VHOST_NET m | |
| 397 | set_kernel_config CONFIG_VIRTUALIZATION y |
|
397 | set_kernel_config CONFIG_VIRTUALIZATION y | |
| 398 | set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y |
|
398 | set_kernel_config CONFIG_SLAB_FREELIST_RANDOM=y | |
| 399 | set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y |
|
399 | set_kernel_config CONFIG_SLAB_FREELIST_HARDENED=y | |
| 400 | set_kernel_config CONFIG_MMU_NOTIFIER y |
|
400 | set_kernel_config CONFIG_MMU_NOTIFIER y | |
| 401 |
|
401 | |||
| 402 | # erratum |
|
402 | # erratum | |
| 403 | set_kernel_config ARM64_ERRATUM_834220 y |
|
403 | set_kernel_config ARM64_ERRATUM_834220 y | |
| 404 |
|
404 | |||
| 405 | # https://sourceforge.net/p/kvm/mailman/message/18440797/ |
|
405 | # https://sourceforge.net/p/kvm/mailman/message/18440797/ | |
| 406 | set_kernel_config CONFIG_PREEMPT_NOTIFIERS y |
|
406 | set_kernel_config CONFIG_PREEMPT_NOTIFIERS y | |
| 407 | fi |
|
407 | fi | |
| 408 |
|
408 | |||
| 409 | # enable apparmor,integrity audit, |
|
409 | # enable apparmor,integrity audit, | |
| 410 | if [ "$KERNEL_SECURITY" = true ] ; then |
|
410 | if [ "$KERNEL_SECURITY" = true ] ; then | |
| 411 |
|
411 | |||
| 412 | # security filesystem, security models and audit |
|
412 | # security filesystem, security models and audit | |
| 413 | set_kernel_config CONFIG_SECURITYFS y |
|
413 | set_kernel_config CONFIG_SECURITYFS y | |
| 414 | set_kernel_config CONFIG_SECURITY y |
|
414 | set_kernel_config CONFIG_SECURITY y | |
| 415 | set_kernel_config CONFIG_AUDIT y |
|
415 | set_kernel_config CONFIG_AUDIT y | |
| 416 |
|
416 | |||
| 417 | # harden strcpy and memcpy |
|
417 | # harden strcpy and memcpy | |
| 418 | set_kernel_config CONFIG_HARDENED_USERCOPY y |
|
418 | set_kernel_config CONFIG_HARDENED_USERCOPY y | |
| 419 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y |
|
419 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y | |
| 420 | set_kernel_config CONFIG_FORTIFY_SOURCE y |
|
420 | set_kernel_config CONFIG_FORTIFY_SOURCE y | |
| 421 |
|
421 | |||
| 422 | # integrity sub-system |
|
422 | # integrity sub-system | |
| 423 | set_kernel_config CONFIG_INTEGRITY y |
|
423 | set_kernel_config CONFIG_INTEGRITY y | |
| 424 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y |
|
424 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y | |
| 425 | set_kernel_config CONFIG_INTEGRITY_AUDIT y |
|
425 | set_kernel_config CONFIG_INTEGRITY_AUDIT y | |
| 426 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y |
|
426 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y | |
| 427 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y |
|
427 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y | |
| 428 |
|
428 | |||
| 429 | # This option provides support for retaining authentication tokens and access keys in the kernel. |
|
429 | # This option provides support for retaining authentication tokens and access keys in the kernel. | |
| 430 | set_kernel_config CONFIG_KEYS y |
|
430 | set_kernel_config CONFIG_KEYS y | |
| 431 | set_kernel_config CONFIG_KEYS_COMPAT y |
|
431 | set_kernel_config CONFIG_KEYS_COMPAT y | |
| 432 |
|
432 | |||
| 433 | # Apparmor |
|
433 | # Apparmor | |
| 434 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 |
|
434 | set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0 | |
| 435 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y |
|
435 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y | |
| 436 | set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y |
|
436 | set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y | |
| 437 | set_kernel_config CONFIG_SECURITY_APPARMOR y |
|
437 | set_kernel_config CONFIG_SECURITY_APPARMOR y | |
| 438 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y |
|
438 | set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y | |
| 439 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" |
|
439 | set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor" | |
| 440 |
|
440 | |||
| 441 | # restrictions on unprivileged users reading the kernel |
|
441 | # restrictions on unprivileged users reading the kernel | |
| 442 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y |
|
442 | set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y | |
| 443 |
|
443 | |||
| 444 | # network security hooks |
|
444 | # network security hooks | |
| 445 | set_kernel_config CONFIG_SECURITY_NETWORK y |
|
445 | set_kernel_config CONFIG_SECURITY_NETWORK y | |
| 446 | set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y |
|
446 | set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y | |
| 447 | set_kernel_config CONFIG_SECURITY_PATH y |
|
447 | set_kernel_config CONFIG_SECURITY_PATH y | |
| 448 | set_kernel_config CONFIG_SECURITY_YAMA n |
|
448 | set_kernel_config CONFIG_SECURITY_YAMA n | |
| 449 |
|
449 | |||
| 450 | set_kernel_config CONFIG_SECURITY_SELINUX n |
|
450 | set_kernel_config CONFIG_SECURITY_SELINUX n | |
| 451 | set_kernel_config CONFIG_SECURITY_SMACK n |
|
451 | set_kernel_config CONFIG_SECURITY_SMACK n | |
| 452 | set_kernel_config CONFIG_SECURITY_TOMOYO n |
|
452 | set_kernel_config CONFIG_SECURITY_TOMOYO n | |
| 453 | set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n |
|
453 | set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n | |
| 454 | set_kernel_config CONFIG_SECURITY_LOADPIN n |
|
454 | set_kernel_config CONFIG_SECURITY_LOADPIN n | |
| 455 | set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n |
|
455 | set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n | |
| 456 | set_kernel_config CONFIG_IMA n |
|
456 | set_kernel_config CONFIG_IMA n | |
| 457 | set_kernel_config CONFIG_EVM n |
|
457 | set_kernel_config CONFIG_EVM n | |
| 458 | set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y |
|
458 | set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y | |
| 459 | set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y |
|
459 | set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y | |
| 460 | set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y |
|
460 | set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y | |
| 461 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y |
|
461 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y | |
| 462 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y |
|
462 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y | |
| 463 | set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y |
|
463 | set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y | |
| 464 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n |
|
464 | set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n | |
| 465 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m |
|
465 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m | |
| 466 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 |
|
466 | set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 | |
| 467 |
|
||||
| 468 | set_kernel_config CONFIG_ARM64_CRYPTO y |
|
|||
| 469 | set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m |
|
|||
| 470 | set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m |
|
|||
| 471 | set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m |
|
|||
| 472 | set_kernel_config CRYPTO_GHASH_ARM64_CE m |
|
|||
| 473 | set_kernel_config CRYPTO_SHA2_ARM64_CE m |
|
|||
| 474 | set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m |
|
|||
| 475 | set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m |
|
|||
| 476 | set_kernel_config CONFIG_CRYPTO_AES_ARM64 m |
|
|||
| 477 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m |
|
|||
| 478 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y |
|
|||
| 479 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y |
|
|||
| 480 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m |
|
|||
| 481 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m |
|
|||
| 482 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m |
|
|||
| 483 | fi |
|
467 | fi | |
| 484 |
|
468 | |||
| 485 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 |
|
469 | # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406 | |
| 486 | if [ "$KERNEL_NF" = true ] ; then |
|
470 | if [ "$KERNEL_NF" = true ] ; then | |
| 487 | set_kernel_config CONFIG_IP_NF_SECURITY m |
|
471 | set_kernel_config CONFIG_IP_NF_SECURITY m | |
| 488 | set_kernel_config CONFIG_NETLABEL y |
|
472 | set_kernel_config CONFIG_NETLABEL y | |
| 489 | set_kernel_config CONFIG_IP6_NF_SECURITY m |
|
473 | set_kernel_config CONFIG_IP6_NF_SECURITY m | |
| 490 | set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m |
|
474 | set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m | |
| 491 | set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m |
|
475 | set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m | |
| 492 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m |
|
476 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m | |
| 493 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m |
|
477 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m | |
| 494 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m |
|
478 | set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m | |
| 495 | set_kernel_config CONFIG_NFT_FIB_INET m |
|
479 | set_kernel_config CONFIG_NFT_FIB_INET m | |
| 496 | set_kernel_config CONFIG_NFT_FIB_IPV4 m |
|
480 | set_kernel_config CONFIG_NFT_FIB_IPV4 m | |
| 497 | set_kernel_config CONFIG_NFT_FIB_IPV6 m |
|
481 | set_kernel_config CONFIG_NFT_FIB_IPV6 m | |
| 498 | set_kernel_config CONFIG_NFT_FIB_NETDEV m |
|
482 | set_kernel_config CONFIG_NFT_FIB_NETDEV m | |
| 499 | set_kernel_config CONFIG_NFT_OBJREF m |
|
483 | set_kernel_config CONFIG_NFT_OBJREF m | |
| 500 | set_kernel_config CONFIG_NFT_RT m |
|
484 | set_kernel_config CONFIG_NFT_RT m | |
| 501 | set_kernel_config CONFIG_NFT_SET_BITMAP m |
|
485 | set_kernel_config CONFIG_NFT_SET_BITMAP m | |
| 502 | set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y |
|
486 | set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y | |
| 503 | set_kernel_config CONFIG_NF_LOG_ARP m |
|
487 | set_kernel_config CONFIG_NF_LOG_ARP m | |
| 504 | set_kernel_config CONFIG_NF_SOCKET_IPV4 m |
|
488 | set_kernel_config CONFIG_NF_SOCKET_IPV4 m | |
| 505 | set_kernel_config CONFIG_NF_SOCKET_IPV6 m |
|
489 | set_kernel_config CONFIG_NF_SOCKET_IPV6 m | |
| 506 | set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m |
|
490 | set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m | |
| 507 | set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m |
|
491 | set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m | |
| 508 | set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m |
|
492 | set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m | |
| 509 | set_kernel_config CONFIG_IP6_NF_IPTABLES m |
|
493 | set_kernel_config CONFIG_IP6_NF_IPTABLES m | |
| 510 | set_kernel_config CONFIG_IP6_NF_MATCH_AH m |
|
494 | set_kernel_config CONFIG_IP6_NF_MATCH_AH m | |
| 511 | set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m |
|
495 | set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m | |
| 512 | set_kernel_config CONFIG_IP6_NF_NAT m |
|
496 | set_kernel_config CONFIG_IP6_NF_NAT m | |
| 513 | set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m |
|
497 | set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m | |
| 514 | set_kernel_config CONFIG_IP6_NF_TARGET_NPT m |
|
498 | set_kernel_config CONFIG_IP6_NF_TARGET_NPT m | |
| 515 | set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m |
|
499 | set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m | |
| 516 | set_kernel_config CONFIG_IP_SET_BITMAP_PORT m |
|
500 | set_kernel_config CONFIG_IP_SET_BITMAP_PORT m | |
| 517 | set_kernel_config CONFIG_IP_SET_HASH_IP m |
|
501 | set_kernel_config CONFIG_IP_SET_HASH_IP m | |
| 518 | set_kernel_config CONFIG_IP_SET_HASH_IPMARK m |
|
502 | set_kernel_config CONFIG_IP_SET_HASH_IPMARK m | |
| 519 | set_kernel_config CONFIG_IP_SET_HASH_IPPORT m |
|
503 | set_kernel_config CONFIG_IP_SET_HASH_IPPORT m | |
| 520 | set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m |
|
504 | set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m | |
| 521 | set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m |
|
505 | set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m | |
| 522 | set_kernel_config CONFIG_IP_SET_HASH_MAC m |
|
506 | set_kernel_config CONFIG_IP_SET_HASH_MAC m | |
| 523 | set_kernel_config CONFIG_IP_SET_HASH_NET m |
|
507 | set_kernel_config CONFIG_IP_SET_HASH_NET m | |
| 524 | set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m |
|
508 | set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m | |
| 525 | set_kernel_config CONFIG_IP_SET_HASH_NETNET m |
|
509 | set_kernel_config CONFIG_IP_SET_HASH_NETNET m | |
| 526 | set_kernel_config CONFIG_IP_SET_HASH_NETPORT m |
|
510 | set_kernel_config CONFIG_IP_SET_HASH_NETPORT m | |
| 527 | set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m |
|
511 | set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m | |
| 528 | set_kernel_config CONFIG_IP_SET_LIST_SET m |
|
512 | set_kernel_config CONFIG_IP_SET_LIST_SET m | |
| 529 | set_kernel_config CONFIG_NETFILTER_XTABLES m |
|
513 | set_kernel_config CONFIG_NETFILTER_XTABLES m | |
| 530 | set_kernel_config CONFIG_NETFILTER_XTABLES m |
|
514 | set_kernel_config CONFIG_NETFILTER_XTABLES m | |
| 531 | set_kernel_config CONFIG_NFT_BRIDGE_META m |
|
515 | set_kernel_config CONFIG_NFT_BRIDGE_META m | |
| 532 | set_kernel_config CONFIG_NFT_BRIDGE_REJECT m |
|
516 | set_kernel_config CONFIG_NFT_BRIDGE_REJECT m | |
| 533 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m |
|
517 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m | |
| 534 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m |
|
518 | set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m | |
| 535 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m |
|
519 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m | |
| 536 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m |
|
520 | set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m | |
| 537 | set_kernel_config CONFIG_NFT_COMPAT m |
|
521 | set_kernel_config CONFIG_NFT_COMPAT m | |
| 538 | set_kernel_config CONFIG_NFT_COUNTER m |
|
522 | set_kernel_config CONFIG_NFT_COUNTER m | |
| 539 | set_kernel_config CONFIG_NFT_CT m |
|
523 | set_kernel_config CONFIG_NFT_CT m | |
| 540 | set_kernel_config CONFIG_NFT_DUP_IPV4 m |
|
524 | set_kernel_config CONFIG_NFT_DUP_IPV4 m | |
| 541 | set_kernel_config CONFIG_NFT_DUP_IPV6 m |
|
525 | set_kernel_config CONFIG_NFT_DUP_IPV6 m | |
| 542 | set_kernel_config CONFIG_NFT_DUP_NETDEV m |
|
526 | set_kernel_config CONFIG_NFT_DUP_NETDEV m | |
| 543 | set_kernel_config CONFIG_NFT_EXTHDR m |
|
527 | set_kernel_config CONFIG_NFT_EXTHDR m | |
| 544 | set_kernel_config CONFIG_NFT_FWD_NETDEV m |
|
528 | set_kernel_config CONFIG_NFT_FWD_NETDEV m | |
| 545 | set_kernel_config CONFIG_NFT_HASH m |
|
529 | set_kernel_config CONFIG_NFT_HASH m | |
| 546 | set_kernel_config CONFIG_NFT_LIMIT m |
|
530 | set_kernel_config CONFIG_NFT_LIMIT m | |
| 547 | set_kernel_config CONFIG_NFT_LOG m |
|
531 | set_kernel_config CONFIG_NFT_LOG m | |
| 548 | set_kernel_config CONFIG_NFT_MASQ m |
|
532 | set_kernel_config CONFIG_NFT_MASQ m | |
| 549 | set_kernel_config CONFIG_NFT_MASQ_IPV4 m |
|
533 | set_kernel_config CONFIG_NFT_MASQ_IPV4 m | |
| 550 | set_kernel_config CONFIG_NFT_MASQ_IPV6 m |
|
534 | set_kernel_config CONFIG_NFT_MASQ_IPV6 m | |
| 551 | set_kernel_config CONFIG_NFT_META m |
|
535 | set_kernel_config CONFIG_NFT_META m | |
| 552 | set_kernel_config CONFIG_NFT_NAT m |
|
536 | set_kernel_config CONFIG_NFT_NAT m | |
| 553 | set_kernel_config CONFIG_NFT_NUMGEN m |
|
537 | set_kernel_config CONFIG_NFT_NUMGEN m | |
| 554 | set_kernel_config CONFIG_NFT_QUEUE m |
|
538 | set_kernel_config CONFIG_NFT_QUEUE m | |
| 555 | set_kernel_config CONFIG_NFT_QUOTA m |
|
539 | set_kernel_config CONFIG_NFT_QUOTA m | |
| 556 | set_kernel_config CONFIG_NFT_REDIR m |
|
540 | set_kernel_config CONFIG_NFT_REDIR m | |
| 557 | set_kernel_config CONFIG_NFT_REDIR_IPV4 m |
|
541 | set_kernel_config CONFIG_NFT_REDIR_IPV4 m | |
| 558 | set_kernel_config CONFIG_NFT_REDIR_IPV6 m |
|
542 | set_kernel_config CONFIG_NFT_REDIR_IPV6 m | |
| 559 | set_kernel_config CONFIG_NFT_REJECT m |
|
543 | set_kernel_config CONFIG_NFT_REJECT m | |
| 560 | set_kernel_config CONFIG_NFT_REJECT_INET m |
|
544 | set_kernel_config CONFIG_NFT_REJECT_INET m | |
| 561 | set_kernel_config CONFIG_NFT_REJECT_IPV4 m |
|
545 | set_kernel_config CONFIG_NFT_REJECT_IPV4 m | |
| 562 | set_kernel_config CONFIG_NFT_REJECT_IPV6 m |
|
546 | set_kernel_config CONFIG_NFT_REJECT_IPV6 m | |
| 563 | set_kernel_config CONFIG_NFT_SET_HASH m |
|
547 | set_kernel_config CONFIG_NFT_SET_HASH m | |
| 564 | set_kernel_config CONFIG_NFT_SET_RBTREE m |
|
548 | set_kernel_config CONFIG_NFT_SET_RBTREE m | |
| 565 | set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m |
|
549 | set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m | |
| 566 | set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m |
|
550 | set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m | |
| 567 | set_kernel_config CONFIG_NF_DEFRAG_IPV4 m |
|
551 | set_kernel_config CONFIG_NF_DEFRAG_IPV4 m | |
| 568 | set_kernel_config CONFIG_NF_DEFRAG_IPV6 m |
|
552 | set_kernel_config CONFIG_NF_DEFRAG_IPV6 m | |
| 569 | set_kernel_config CONFIG_NF_DUP_IPV4 m |
|
553 | set_kernel_config CONFIG_NF_DUP_IPV4 m | |
| 570 | set_kernel_config CONFIG_NF_DUP_IPV6 m |
|
554 | set_kernel_config CONFIG_NF_DUP_IPV6 m | |
| 571 | set_kernel_config CONFIG_NF_DUP_NETDEV m |
|
555 | set_kernel_config CONFIG_NF_DUP_NETDEV m | |
| 572 | set_kernel_config CONFIG_NF_LOG_BRIDGE m |
|
556 | set_kernel_config CONFIG_NF_LOG_BRIDGE m | |
| 573 | set_kernel_config CONFIG_NF_LOG_IPV4 m |
|
557 | set_kernel_config CONFIG_NF_LOG_IPV4 m | |
| 574 | set_kernel_config CONFIG_NF_LOG_IPV6 m |
|
558 | set_kernel_config CONFIG_NF_LOG_IPV6 m | |
| 575 | set_kernel_config CONFIG_NF_NAT_IPV4 m |
|
559 | set_kernel_config CONFIG_NF_NAT_IPV4 m | |
| 576 | set_kernel_config CONFIG_NF_NAT_IPV6 m |
|
560 | set_kernel_config CONFIG_NF_NAT_IPV6 m | |
| 577 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y |
|
561 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 y | |
| 578 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y |
|
562 | set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 y | |
| 579 | set_kernel_config CONFIG_NF_NAT_PPTP m |
|
563 | set_kernel_config CONFIG_NF_NAT_PPTP m | |
| 580 | set_kernel_config CONFIG_NF_NAT_PROTO_GRE m |
|
564 | set_kernel_config CONFIG_NF_NAT_PROTO_GRE m | |
| 581 | set_kernel_config CONFIG_NF_NAT_REDIRECT y |
|
565 | set_kernel_config CONFIG_NF_NAT_REDIRECT y | |
| 582 | set_kernel_config CONFIG_NF_NAT_SIP m |
|
566 | set_kernel_config CONFIG_NF_NAT_SIP m | |
| 583 | set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m |
|
567 | set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m | |
| 584 | set_kernel_config CONFIG_NF_NAT_TFTP m |
|
568 | set_kernel_config CONFIG_NF_NAT_TFTP m | |
| 585 | set_kernel_config CONFIG_NF_REJECT_IPV4 m |
|
569 | set_kernel_config CONFIG_NF_REJECT_IPV4 m | |
| 586 | set_kernel_config CONFIG_NF_REJECT_IPV6 m |
|
570 | set_kernel_config CONFIG_NF_REJECT_IPV6 m | |
| 587 | set_kernel_config CONFIG_NF_TABLES m |
|
571 | set_kernel_config CONFIG_NF_TABLES m | |
| 588 | set_kernel_config CONFIG_NF_TABLES_ARP m |
|
572 | set_kernel_config CONFIG_NF_TABLES_ARP m | |
| 589 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m |
|
573 | set_kernel_config CONFIG_NF_TABLES_BRIDGE m | |
| 590 | set_kernel_config CONFIG_NF_TABLES_INET m |
|
574 | set_kernel_config CONFIG_NF_TABLES_INET m | |
| 591 | set_kernel_config CONFIG_NF_TABLES_IPV4 y |
|
575 | set_kernel_config CONFIG_NF_TABLES_IPV4 y | |
| 592 | set_kernel_config CONFIG_NF_TABLES_IPV6 y |
|
576 | set_kernel_config CONFIG_NF_TABLES_IPV6 y | |
| 593 | set_kernel_config CONFIG_NF_TABLES_NETDEV m |
|
577 | set_kernel_config CONFIG_NF_TABLES_NETDEV m | |
| 594 | set_kernel_config CONFIG_NF_TABLES_SET m |
|
578 | set_kernel_config CONFIG_NF_TABLES_SET m | |
| 595 | set_kernel_config CONFIG_NF_TABLES_INET y |
|
579 | set_kernel_config CONFIG_NF_TABLES_INET y | |
| 596 | set_kernel_config CONFIG_NF_TABLES_NETDEV y |
|
580 | set_kernel_config CONFIG_NF_TABLES_NETDEV y | |
| 597 | set_kernel_config CONFIG_NFT_CONNLIMIT m |
|
581 | set_kernel_config CONFIG_NFT_CONNLIMIT m | |
| 598 | set_kernel_config CONFIG_NFT_TUNNEL m |
|
582 | set_kernel_config CONFIG_NFT_TUNNEL m | |
| 599 | set_kernel_config CONFIG_NFT_SOCKET m |
|
583 | set_kernel_config CONFIG_NFT_SOCKET m | |
| 600 | set_kernel_config CONFIG_NFT_TPROXY m |
|
584 | set_kernel_config CONFIG_NFT_TPROXY m | |
| 601 | set_kernel_config CONFIG_NF_FLOW_TABLE m |
|
585 | set_kernel_config CONFIG_NF_FLOW_TABLE m | |
| 602 | set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m |
|
586 | set_kernel_config CONFIG_NFT_FLOW_OFFLOAD m | |
| 603 | set_kernel_config CONFIG_NF_FLOW_TABLE_INET m |
|
587 | set_kernel_config CONFIG_NF_FLOW_TABLE_INET m | |
| 604 | set_kernel_config CONFIG_NF_TABLES_ARP y |
|
588 | set_kernel_config CONFIG_NF_TABLES_ARP y | |
| 605 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y |
|
589 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV4 y | |
| 606 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y |
|
590 | set_kernel_config CONFIG_NF_FLOW_TABLE_IPV6 y | |
| 607 | set_kernel_config CONFIG_NF_TABLES_BRIDGE y |
|
591 | set_kernel_config CONFIG_NF_TABLES_BRIDGE y | |
| 608 | set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m |
|
592 | set_kernel_config CONFIG_NF_CT_NETLINK_TIMEOUT m | |
| 609 | set_kernel_config CONFIG_NFT_OSF m |
|
593 | set_kernel_config CONFIG_NFT_OSF m | |
| 610 |
|
594 | |||
| 611 | fi |
|
595 | fi | |
| 612 |
|
596 | |||
| 613 | # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA |
|
597 | # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA | |
| 614 | if [ "$KERNEL_BPF" = true ] ; then |
|
598 | if [ "$KERNEL_BPF" = true ] ; then | |
| 615 | set_kernel_config CONFIG_BPF_SYSCALL y |
|
599 | set_kernel_config CONFIG_BPF_SYSCALL y | |
| 616 | set_kernel_config CONFIG_BPF_EVENTS y |
|
600 | set_kernel_config CONFIG_BPF_EVENTS y | |
| 617 | set_kernel_config CONFIG_BPF_STREAM_PARSER y |
|
601 | set_kernel_config CONFIG_BPF_STREAM_PARSER y | |
| 618 | set_kernel_config CONFIG_CGROUP_BPF y |
|
602 | set_kernel_config CONFIG_CGROUP_BPF y | |
| 619 | set_kernel_config CONFIG_XDP_SOCKETS y |
|
603 | set_kernel_config CONFIG_XDP_SOCKETS y | |
| 620 | fi |
|
604 | fi | |
| 621 |
|
605 | |||
| 622 | # KERNEL_DEFAULT_GOV was set by user |
|
606 | # KERNEL_DEFAULT_GOV was set by user | |
| 623 | if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then |
|
607 | if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then | |
| 624 |
|
608 | |||
| 625 | case "$KERNEL_DEFAULT_GOV" in |
|
609 | case "$KERNEL_DEFAULT_GOV" in | |
| 626 | performance) |
|
610 | performance) | |
| 627 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y |
|
611 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y | |
| 628 | ;; |
|
612 | ;; | |
| 629 | userspace) |
|
613 | userspace) | |
| 630 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y |
|
614 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y | |
| 631 | ;; |
|
615 | ;; | |
| 632 | ondemand) |
|
616 | ondemand) | |
| 633 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y |
|
617 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y | |
| 634 | ;; |
|
618 | ;; | |
| 635 | conservative) |
|
619 | conservative) | |
| 636 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y |
|
620 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y | |
| 637 | ;; |
|
621 | ;; | |
| 638 | shedutil) |
|
622 | shedutil) | |
| 639 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y |
|
623 | set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y | |
| 640 | ;; |
|
624 | ;; | |
| 641 | *) |
|
625 | *) | |
| 642 | echo "error: unsupported default cpu governor" |
|
626 | echo "error: unsupported default cpu governor" | |
| 643 | exit 1 |
|
627 | exit 1 | |
| 644 | ;; |
|
628 | ;; | |
| 645 | esac |
|
629 | esac | |
| 646 |
|
630 | |||
| 647 | # unset previous default governor |
|
631 | # unset previous default governor | |
| 648 | unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE |
|
632 | unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE | |
| 649 | fi |
|
633 | fi | |
| 650 |
|
634 | |||
| 651 | #Revert to previous directory |
|
635 | #Revert to previous directory | |
| 652 | cd "${WORKDIR}" || exit |
|
636 | cd "${WORKDIR}" || exit | |
| 653 |
|
637 | |||
| 654 | # Set kernel configuration parameters to enable qemu emulation |
|
638 | # Set kernel configuration parameters to enable qemu emulation | |
| 655 | if [ "$ENABLE_QEMU" = true ] ; then |
|
639 | if [ "$ENABLE_QEMU" = true ] ; then | |
| 656 | echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config |
|
640 | echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config | |
| 657 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config |
|
641 | echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config | |
| 658 |
|
642 | |||
| 659 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
643 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
| 660 | { |
|
644 | set_kernel_configCONFIG_EMBEDDED y | |
| 661 | echo "CONFIG_EMBEDDED=y" |
|
645 | set_kernel_config CONFIG_EXPERT y | |
| 662 | echo "CONFIG_EXPERT=y" |
|
646 | set_kernel_config CONFIG_DAX y | |
| 663 | echo "CONFIG_DAX=y" |
|
647 | set_kernel_config CONFIG_MD y | |
| 664 | echo "CONFIG_MD=y" |
|
648 | set_kernel_config CONFIG_BLK_DEV_MD y | |
| 665 | echo "CONFIG_BLK_DEV_MD=y" |
|
649 | set_kernel_config CONFIG_MD_AUTODETECT y | |
| 666 | echo "CONFIG_MD_AUTODETECT=y" |
|
650 | set_kernel_config CONFIG_BLK_DEV_DM y | |
| 667 | echo "CONFIG_BLK_DEV_DM=y" |
|
651 | set_kernel_config CONFIG_BLK_DEV_DM_BUILTIN y | |
| 668 | echo "CONFIG_BLK_DEV_DM_BUILTIN=y" |
|
652 | set_kernel_config CONFIG_DM_CRYPT y | |
| 669 | echo "CONFIG_DM_CRYPT=y" |
|
653 | set_kernel_config CONFIG_CRYPTO_BLKCIPHER y | |
| 670 | echo "CONFIG_CRYPTO_BLKCIPHER=y" |
|
654 | set_kernel_config CONFIG_CRYPTO_CBC y | |
| 671 | echo "CONFIG_CRYPTO_CBC=y" |
|
655 | set_kernel_config CONFIG_CRYPTO_XTS y | |
| 672 | echo "CONFIG_CRYPTO_XTS=y" |
|
656 | set_kernel_config CONFIG_CRYPTO_SHA512 y | |
| 673 | echo "CONFIG_CRYPTO_SHA512=y" |
|
657 | set_kernel_config CONFIG_CRYPTO_MANAGER y | |
| 674 | echo "CONFIG_CRYPTO_MANAGER=y" |
|
658 | set_kernel_config CONFIG_ARM64_CRYPTO y | |
| 675 | } >> "${KERNEL_DIR}"/.config |
|
659 | set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m | |
|
|
660 | set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m | |||
|
|
661 | set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m | |||
|
|
662 | set_kernel_config CRYPTO_GHASH_ARM64_CE m | |||
|
|
663 | set_kernel_config CRYPTO_SHA2_ARM64_CE m | |||
|
|
664 | set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m | |||
|
|
665 | set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m | |||
|
|
666 | set_kernel_config CONFIG_CRYPTO_AES_ARM64 m | |||
|
|
667 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m | |||
|
|
668 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y | |||
|
|
669 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y | |||
|
|
670 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m | |||
|
|
671 | set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m | |||
|
|
672 | set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m | |||
| 676 | fi |
|
673 | fi | |
| 677 | fi |
|
674 | fi | |
| 678 |
|
675 | |||
| 679 | # Copy custom kernel configuration file |
|
676 | # Copy custom kernel configuration file | |
| 680 | if [ -n "$KERNELSRC_USRCONFIG" ] ; then |
|
677 | if [ -n "$KERNELSRC_USRCONFIG" ] ; then | |
| 681 | cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config |
|
678 | cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config | |
| 682 | fi |
|
679 | fi | |
| 683 |
|
680 | |||
| 684 | # Set kernel configuration parameters to their default values |
|
681 | # Set kernel configuration parameters to their default values | |
| 685 | if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then |
|
682 | if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then | |
| 686 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig |
|
683 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig | |
| 687 | fi |
|
684 | fi | |
| 688 |
|
685 | |||
| 689 | # Start menu-driven kernel configuration (interactive) |
|
686 | # Start menu-driven kernel configuration (interactive) | |
| 690 | if [ "$KERNEL_MENUCONFIG" = true ] ; then |
|
687 | if [ "$KERNEL_MENUCONFIG" = true ] ; then | |
| 691 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig |
|
688 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig | |
| 692 | fi |
|
689 | fi | |
| 693 | # end if "$KERNELSRC_CONFIG" = true |
|
690 | # end if "$KERNELSRC_CONFIG" = true | |
| 694 | fi |
|
691 | fi | |
| 695 |
|
692 | |||
| 696 | # Use ccache to cross compile the kernel |
|
693 | # Use ccache to cross compile the kernel | |
| 697 | if [ "$KERNEL_CCACHE" = true ] ; then |
|
694 | if [ "$KERNEL_CCACHE" = true ] ; then | |
| 698 | cc="ccache ${CROSS_COMPILE}gcc" |
|
695 | cc="ccache ${CROSS_COMPILE}gcc" | |
| 699 | else |
|
696 | else | |
| 700 | cc="${CROSS_COMPILE}gcc" |
|
697 | cc="${CROSS_COMPILE}gcc" | |
| 701 | fi |
|
698 | fi | |
| 702 |
|
699 | |||
| 703 | # Cross compile kernel and dtbs |
|
700 | # Cross compile kernel and dtbs | |
| 704 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs |
|
701 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs | |
| 705 |
|
702 | |||
| 706 | # Cross compile kernel modules |
|
703 | # Cross compile kernel modules | |
| 707 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then |
|
704 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
| 708 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules |
|
705 | make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules | |
| 709 | fi |
|
706 | fi | |
| 710 | # end if "$KERNELSRC_PREBUILT" = false |
|
707 | # end if "$KERNELSRC_PREBUILT" = false | |
| 711 | fi |
|
708 | fi | |
| 712 |
|
709 | |||
| 713 | # Check if kernel compilation was successful |
|
710 | # Check if kernel compilation was successful | |
| 714 | if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then |
|
711 | if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then | |
| 715 | echo "error: kernel compilation failed! (kernel image not found)" |
|
712 | echo "error: kernel compilation failed! (kernel image not found)" | |
| 716 | cleanup |
|
713 | cleanup | |
| 717 | exit 1 |
|
714 | exit 1 | |
| 718 | fi |
|
715 | fi | |
| 719 |
|
716 | |||
| 720 | # Install kernel modules |
|
717 | # Install kernel modules | |
| 721 | if [ "$ENABLE_REDUCE" = true ] ; then |
|
718 | if [ "$ENABLE_REDUCE" = true ] ; then | |
| 722 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then |
|
719 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
| 723 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install |
|
720 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install | |
| 724 | fi |
|
721 | fi | |
| 725 | else |
|
722 | else | |
| 726 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then |
|
723 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
| 727 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install |
|
724 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install | |
| 728 | fi |
|
725 | fi | |
| 729 |
|
726 | |||
| 730 | # Install kernel firmware |
|
727 | # Install kernel firmware | |
| 731 | if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then |
|
728 | if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then | |
| 732 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install |
|
729 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install | |
| 733 | fi |
|
730 | fi | |
| 734 | fi |
|
731 | fi | |
| 735 |
|
732 | |||
| 736 | # Install kernel headers |
|
733 | # Install kernel headers | |
| 737 | if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then |
|
734 | if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then | |
| 738 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install |
|
735 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install | |
| 739 | fi |
|
736 | fi | |
| 740 |
|
737 | |||
| 741 | # Prepare boot (firmware) directory |
|
738 | # Prepare boot (firmware) directory | |
| 742 | mkdir "${BOOT_DIR}" |
|
739 | mkdir "${BOOT_DIR}" | |
| 743 |
|
740 | |||
| 744 | # Get kernel release version |
|
741 | # Get kernel release version | |
| 745 | KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") |
|
742 | KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release") | |
| 746 |
|
743 | |||
| 747 | # Copy kernel configuration file to the boot directory |
|
744 | # Copy kernel configuration file to the boot directory | |
| 748 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" |
|
745 | install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}" | |
| 749 |
|
746 | |||
| 750 | # Prepare device tree directory |
|
747 | # Prepare device tree directory | |
| 751 | mkdir "${BOOT_DIR}/overlays" |
|
748 | mkdir "${BOOT_DIR}/overlays" | |
| 752 |
|
749 | |||
| 753 | # Ensure the proper .dtb is located |
|
750 | # Ensure the proper .dtb is located | |
| 754 | if [ "$KERNEL_ARCH" = "arm" ] ; then |
|
751 | if [ "$KERNEL_ARCH" = "arm" ] ; then | |
| 755 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do |
|
752 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do | |
| 756 | if [ -f "${dtb}" ] ; then |
|
753 | if [ -f "${dtb}" ] ; then | |
| 757 | install_readonly "${dtb}" "${BOOT_DIR}/" |
|
754 | install_readonly "${dtb}" "${BOOT_DIR}/" | |
| 758 | fi |
|
755 | fi | |
| 759 | done |
|
756 | done | |
| 760 | else |
|
757 | else | |
| 761 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do |
|
758 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do | |
| 762 | if [ -f "${dtb}" ] ; then |
|
759 | if [ -f "${dtb}" ] ; then | |
| 763 | install_readonly "${dtb}" "${BOOT_DIR}/" |
|
760 | install_readonly "${dtb}" "${BOOT_DIR}/" | |
| 764 | fi |
|
761 | fi | |
| 765 | done |
|
762 | done | |
| 766 | fi |
|
763 | fi | |
| 767 |
|
764 | |||
| 768 | # Copy compiled dtb device tree files |
|
765 | # Copy compiled dtb device tree files | |
| 769 | if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then |
|
766 | if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then | |
| 770 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do |
|
767 | for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do | |
| 771 | if [ -f "${dtb}" ] ; then |
|
768 | if [ -f "${dtb}" ] ; then | |
| 772 | install_readonly "${dtb}" "${BOOT_DIR}/overlays/" |
|
769 | install_readonly "${dtb}" "${BOOT_DIR}/overlays/" | |
| 773 | fi |
|
770 | fi | |
| 774 | done |
|
771 | done | |
| 775 |
|
772 | |||
| 776 | if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then |
|
773 | if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then | |
| 777 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README" |
|
774 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README" | |
| 778 | fi |
|
775 | fi | |
| 779 | fi |
|
776 | fi | |
| 780 |
|
777 | |||
| 781 | if [ "$ENABLE_UBOOT" = false ] ; then |
|
778 | if [ "$ENABLE_UBOOT" = false ] ; then | |
| 782 | # Convert and copy kernel image to the boot directory |
|
779 | # Convert and copy kernel image to the boot directory | |
| 783 | "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
780 | "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" | |
| 784 | else |
|
781 | else | |
| 785 | # Copy kernel image to the boot directory |
|
782 | # Copy kernel image to the boot directory | |
| 786 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
783 | install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}" | |
| 787 | fi |
|
784 | fi | |
| 788 |
|
785 | |||
| 789 | # Remove kernel sources |
|
786 | # Remove kernel sources | |
| 790 | if [ "$KERNEL_REMOVESRC" = true ] ; then |
|
787 | if [ "$KERNEL_REMOVESRC" = true ] ; then | |
| 791 | rm -fr "${KERNEL_DIR}" |
|
788 | rm -fr "${KERNEL_DIR}" | |
| 792 | else |
|
789 | else | |
| 793 | # Prepare compiled kernel modules |
|
790 | # Prepare compiled kernel modules | |
| 794 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then |
|
791 | if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then | |
| 795 | if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then |
|
792 | if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then | |
| 796 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare |
|
793 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare | |
| 797 | fi |
|
794 | fi | |
| 798 |
|
795 | |||
| 799 | # Create symlinks for kernel modules |
|
796 | # Create symlinks for kernel modules | |
| 800 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build" |
|
797 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build" | |
| 801 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source" |
|
798 | chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source" | |
| 802 | fi |
|
799 | fi | |
| 803 | fi |
|
800 | fi | |
| 804 |
|
801 | |||
| 805 | else # BUILD_KERNEL=false |
|
802 | else # BUILD_KERNEL=false | |
| 806 | if [ "$SET_ARCH" = 64 ] ; then |
|
803 | if [ "$SET_ARCH" = 64 ] ; then | |
| 807 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
804 | if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
| 808 | # Use Sakakis modified kernel if ZSWAP is active |
|
805 | # Use Sakakis modified kernel if ZSWAP is active | |
| 809 | if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then |
|
806 | if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then | |
| 810 | RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" |
|
807 | RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}" | |
| 811 | fi |
|
808 | fi | |
| 812 |
|
809 | |||
| 813 | # Create temporary directory for dl |
|
810 | # Create temporary directory for dl | |
| 814 | temp_dir=$(as_nobody mktemp -d) |
|
811 | temp_dir=$(as_nobody mktemp -d) | |
| 815 |
|
812 | |||
| 816 | # Fetch kernel dl |
|
813 | # Fetch kernel dl | |
| 817 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" |
|
814 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL" | |
| 818 | fi |
|
815 | fi | |
| 819 | if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then |
|
816 | if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then | |
| 820 | # Create temporary directory for dl |
|
817 | # Create temporary directory for dl | |
| 821 | temp_dir=$(as_nobody mktemp -d) |
|
818 | temp_dir=$(as_nobody mktemp -d) | |
| 822 |
|
819 | |||
| 823 | # Fetch kernel dl |
|
820 | # Fetch kernel dl | |
| 824 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL" |
|
821 | as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL" | |
| 825 | fi |
|
822 | fi | |
| 826 |
|
823 | |||
| 827 | #extract download |
|
824 | #extract download | |
| 828 | tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" |
|
825 | tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}" | |
| 829 |
|
826 | |||
| 830 | #move extracted kernel to /boot/firmware |
|
827 | #move extracted kernel to /boot/firmware | |
| 831 | mkdir "${R}/boot/firmware" |
|
828 | mkdir "${R}/boot/firmware" | |
| 832 | cp "${temp_dir}"/boot/* "${R}"/boot/firmware/ |
|
829 | cp "${temp_dir}"/boot/* "${R}"/boot/firmware/ | |
| 833 | cp -r "${temp_dir}"/lib/* "${R}"/lib/ |
|
830 | cp -r "${temp_dir}"/lib/* "${R}"/lib/ | |
| 834 |
|
831 | |||
| 835 | # Remove temporary directory for kernel sources |
|
832 | # Remove temporary directory for kernel sources | |
| 836 | rm -fr "${temp_dir}" |
|
833 | rm -fr "${temp_dir}" | |
| 837 |
|
834 | |||
| 838 | # Set permissions of the kernel sources |
|
835 | # Set permissions of the kernel sources | |
| 839 | chown -R root:root "${R}/boot/firmware" |
|
836 | chown -R root:root "${R}/boot/firmware" | |
| 840 | chown -R root:root "${R}/lib/modules" |
|
837 | chown -R root:root "${R}/lib/modules" | |
| 841 | fi |
|
838 | fi | |
| 842 |
|
839 | |||
| 843 | # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel) |
|
840 | # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel) | |
| 844 | if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then |
|
841 | if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then | |
| 845 | # Create temporary directory for dl |
|
842 | # Create temporary directory for dl | |
| 846 | temp_dir=$(as_nobody mktemp -d) |
|
843 | temp_dir=$(as_nobody mktemp -d) | |
| 847 |
|
844 | |||
| 848 | # Fetch kernel |
|
845 | # Fetch kernel | |
| 849 | as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" |
|
846 | as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL" | |
| 850 |
|
847 | |||
| 851 | # Copy downloaded kernel package |
|
848 | # Copy downloaded kernel package | |
| 852 | mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb |
|
849 | mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb | |
| 853 |
|
850 | |||
| 854 | # Set permissions |
|
851 | # Set permissions | |
| 855 | chown -R root:root "${R}"/tmp/kernel.deb |
|
852 | chown -R root:root "${R}"/tmp/kernel.deb | |
| 856 |
|
853 | |||
| 857 | # Install kernel |
|
854 | # Install kernel | |
| 858 | chroot_exec dpkg -i /tmp/kernel.deb |
|
855 | chroot_exec dpkg -i /tmp/kernel.deb | |
| 859 |
|
856 | |||
| 860 | # move /boot to /boot/firmware to fit script env. |
|
857 | # move /boot to /boot/firmware to fit script env. | |
| 861 | #mkdir "${BOOT_DIR}" |
|
858 | #mkdir "${BOOT_DIR}" | |
| 862 | mkdir "${temp_dir}"/firmware |
|
859 | mkdir "${temp_dir}"/firmware | |
| 863 | mv "${R}"/boot/* "${temp_dir}"/firmware/ |
|
860 | mv "${R}"/boot/* "${temp_dir}"/firmware/ | |
| 864 | mv "${temp_dir}"/firmware "${R}"/boot/ |
|
861 | mv "${temp_dir}"/firmware "${R}"/boot/ | |
| 865 |
|
862 | |||
| 866 | #same for kernel headers |
|
863 | #same for kernel headers | |
| 867 | if [ "$KERNEL_HEADERS" = true ] ; then |
|
864 | if [ "$KERNEL_HEADERS" = true ] ; then | |
| 868 | # Fetch kernel header |
|
865 | # Fetch kernel header | |
| 869 | as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL" |
|
866 | as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL" | |
| 870 | mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb |
|
867 | mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb | |
| 871 | chown -R root:root "${R}"/tmp/kernel-header.deb |
|
868 | chown -R root:root "${R}"/tmp/kernel-header.deb | |
| 872 | # Install kernel header |
|
869 | # Install kernel header | |
| 873 | chroot_exec dpkg -i /tmp/kernel-header.deb |
|
870 | chroot_exec dpkg -i /tmp/kernel-header.deb | |
| 874 | rm -f "${R}"/tmp/kernel-header.deb |
|
871 | rm -f "${R}"/tmp/kernel-header.deb | |
| 875 | fi |
|
872 | fi | |
| 876 |
|
873 | |||
| 877 | # Remove temporary directory and files |
|
874 | # Remove temporary directory and files | |
| 878 | rm -fr "${temp_dir}" |
|
875 | rm -fr "${temp_dir}" | |
| 879 | rm -f "${R}"/tmp/kernel.deb |
|
876 | rm -f "${R}"/tmp/kernel.deb | |
| 880 | fi |
|
877 | fi | |
| 881 |
|
878 | |||
| 882 | # Check if kernel installation was successful |
|
879 | # Check if kernel installation was successful | |
| 883 | KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)" |
|
880 | KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)" | |
| 884 | if [ -z "$KERNEL" ] ; then |
|
881 | if [ -z "$KERNEL" ] ; then | |
| 885 | echo "error: kernel installation failed! (/boot/kernel* not found)" |
|
882 | echo "error: kernel installation failed! (/boot/kernel* not found)" | |
| 886 | cleanup |
|
883 | cleanup | |
| 887 | exit 1 |
|
884 | exit 1 | |
| 888 | fi |
|
885 | fi | |
| 889 | fi |
|
886 | fi | |
| @@ -1,121 +1,118 | |||||
| 1 | #!/bin/sh |
|
1 | #!/bin/sh | |
| 2 | # Setup fstab and initramfs |
|
2 | # Setup fstab and initramfs | |
| 3 | # |
|
3 | # | |
| 4 |
|
4 | |||
| 5 | # Load utility functions |
|
5 | # Load utility functions | |
| 6 | . ./functions.sh |
|
6 | . ./functions.sh | |
| 7 |
|
7 | |||
| 8 | # Install and setup fstab |
|
8 | # Install and setup fstab | |
| 9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
| 10 |
|
10 | |||
| 11 | # Add usb/sda disk root partition to fstab |
|
11 | # Add usb/sda disk root partition to fstab | |
| 12 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then |
|
12 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then | |
| 13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" |
|
13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" | |
| 14 | fi |
|
14 | fi | |
| 15 |
|
15 | |||
| 16 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
16 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
| 17 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" |
|
17 | sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" | |
| 18 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" |
|
18 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" | |
| 19 |
|
||||
| 20 | # Add usb/sda2 disk to crypttab |
|
|||
| 21 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" |
|
|||
| 22 | fi |
|
19 | fi | |
| 23 |
|
20 | |||
| 24 | # Generate initramfs file |
|
21 | # Generate initramfs file | |
| 25 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
22 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
| 26 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
23 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
| 27 | if [ "$ENABLE_USBBOOT" = true ] ; then |
|
24 | if [ "$ENABLE_USBBOOT" = true ] ; then | |
| 28 | # Add usb/sda2 disk to crypttab |
|
25 | # Add usb/sda2 disk to crypttab | |
| 29 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" |
|
26 | sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" | |
| 30 | fi |
|
27 | fi | |
| 31 |
|
28 | |||
| 32 | # Include initramfs scripts to auto expand encrypted root partition |
|
29 | # Include initramfs scripts to auto expand encrypted root partition | |
| 33 | if [ "$EXPANDROOT" = true ] ; then |
|
30 | if [ "$EXPANDROOT" = true ] ; then | |
| 34 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" |
|
31 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" | |
| 35 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" |
|
32 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" | |
| 36 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
33 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
| 37 | fi |
|
34 | fi | |
| 38 |
|
35 | |||
| 39 | # Replace fstab root partition with encrypted partition mapping |
|
36 | # Replace fstab root partition with encrypted partition mapping | |
| 40 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" |
|
37 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" | |
| 41 |
|
38 | |||
| 42 | # Add encrypted partition to crypttab and fstab |
|
39 | # Add encrypted partition to crypttab and fstab | |
| 43 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" |
|
40 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" | |
| 44 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" |
|
41 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" | |
| 45 |
|
42 | |||
| 46 | # Add encrypted root partition to fstab and crypttab |
|
43 | # Add encrypted root partition to fstab and crypttab | |
| 47 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
44 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
| 48 | # Add usb/sda1 disk to crypttab |
|
45 | # Add usb/sda1 disk to crypttab | |
| 49 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" |
|
46 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" | |
| 50 | fi |
|
47 | fi | |
| 51 |
|
48 | |||
| 52 | if [ "$CRYPTFS_DROPBEAR" = true ]; then |
|
49 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |
| 53 | if [ "$ENABLE_DHCP" = false ] ; then |
|
50 | if [ "$ENABLE_DHCP" = false ] ; then | |
| 54 | # Get cdir from NET_ADDRESS e.g. 24 |
|
51 | # Get cdir from NET_ADDRESS e.g. 24 | |
| 55 | cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2) |
|
52 | cdir=$(printf "%s" "${NET_ADDRESS}" | cut -d '/' -f2) | |
| 56 |
|
53 | |||
| 57 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 |
|
54 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |
| 58 | NET_MASK=$(cdr2mask "$cdir") |
|
55 | NET_MASK=$(cdr2mask "$cdir") | |
| 59 |
|
56 | |||
| 60 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
57 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
| 61 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf |
|
58 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |
| 62 |
|
59 | |||
| 63 |
# |
|
60 | #Regenerate initramfs | |
| 64 |
|
|
61 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
| 65 |
|
|
62 | fi | |
| 66 |
|
63 | |||
| 67 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then |
|
64 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |
| 68 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
65 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
| 69 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys |
|
66 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
| 70 | else |
|
67 | else | |
| 71 | # Create key |
|
68 | # Create key | |
| 72 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear |
|
69 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |
| 73 |
|
70 | |||
| 74 | # Convert dropbear key to openssh key |
|
71 | # Convert dropbear key to openssh key | |
| 75 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa |
|
72 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |
| 76 |
|
73 | |||
| 77 | # Get Public Key Part |
|
74 | # Get Public Key Part | |
| 78 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub |
|
75 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |
| 79 |
|
76 | |||
| 80 | # Delete unwanted lines |
|
77 | # Delete unwanted lines | |
| 81 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
78 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
| 82 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub |
|
79 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |
| 83 |
|
80 | |||
| 84 | # Trust the new key |
|
81 | # Trust the new key | |
| 85 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys |
|
82 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |
| 86 |
|
83 | |||
| 87 | # Save Keys - convert with putty from rsa/openssh to puttkey |
|
84 | # Save Keys - convert with putty from rsa/openssh to puttkey | |
| 88 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa |
|
85 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |
| 89 |
|
86 | |||
| 90 | # Get unlock script |
|
87 | # Get unlock script | |
| 91 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh |
|
88 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |
| 92 |
|
89 | |||
| 93 | # Enable Dropbear inside initramfs |
|
90 | # Enable Dropbear inside initramfs | |
| 94 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
91 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
| 95 |
|
92 | |||
| 96 | # Enable Dropbear inside initramfs |
|
93 | # Enable Dropbear inside initramfs | |
| 97 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear |
|
94 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |
| 98 | fi |
|
95 | fi | |
| 99 | # CRYPTFSDROPBEAR=false |
|
96 | # CRYPTFSDROPBEAR=false | |
| 100 | else |
|
97 | else | |
| 101 | # Disable SSHD inside initramfs |
|
98 | # Disable SSHD inside initramfs | |
| 102 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" |
|
99 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
| 103 | fi |
|
100 | fi | |
| 104 |
|
101 | |||
| 105 | # Add cryptsetup modules to initramfs |
|
102 | # Add cryptsetup modules to initramfs | |
| 106 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
103 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" | |
| 107 |
|
104 | |||
| 108 | # Dummy mapping required by mkinitramfs |
|
105 | # Dummy mapping required by mkinitramfs | |
| 109 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" |
|
106 | echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup --verbose create "${CRYPTFS_MAPPING}" | |
| 110 |
|
107 | |||
| 111 | # Generate initramfs with encrypted root partition support |
|
108 | # Generate initramfs with encrypted root partition support | |
| 112 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
109 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
| 113 |
|
110 | |||
| 114 | # Remove dummy mapping |
|
111 | # Remove dummy mapping | |
| 115 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" |
|
112 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" | |
| 116 | # CRYPTFS=false |
|
113 | # CRYPTFS=false | |
| 117 | else |
|
114 | else | |
| 118 | # Generate initramfs without encrypted root partition support |
|
115 | # Generate initramfs without encrypted root partition support | |
| 119 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
116 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
| 120 | fi |
|
117 | fi | |
| 121 | fi |
|
118 | fi | |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
