##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

0
Unknown -
r527:71446b4553f8
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,579 +1,602
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 # Configure and build kernel
57 57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 58 # Remove device, network and filesystem drivers from kernel configuration
59 59 if [ "$KERNEL_REDUCE" = true ] ; then
60 60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 61 sed -i\
62 62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 91 "${KERNEL_DIR}/.config"
92 92 fi
93 93
94 94 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 95 # Load default raspberry kernel configuration
96 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97 97
98 98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 99 cd "${KERNEL_DIR}" || exit
100 100
101 101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 103 set_kernel_config CONFIG_ZPOOL y
104 104 set_kernel_config CONFIG_ZSWAP y
105 105 set_kernel_config CONFIG_ZBUD y
106 106 set_kernel_config CONFIG_Z3FOLD y
107 107 set_kernel_config CONFIG_ZSMALLOC y
108 108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
109 110 fi
110 111
111 112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
112 113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
113 set_kernel_config CONFIG_VIRTUALIZATION y
114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
120 set_kernel_config CONFIG_HAVE_KVM_MSI y
114 121 set_kernel_config CONFIG_KVM y
115 set_kernel_config CONFIG_VHOST_NET m
122 set_kernel_config CONFIG_KVM_ARM_HOST y
123 set_kernel_config CONFIG_KVM_ARM_PMU y
124 set_kernel_config CONFIG_KVM_COMPAT y
125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
126 set_kernel_config CONFIG_KVM_MMIO y
127 set_kernel_config CONFIG_KVM_VFIO y
128 set_kernel_config CONFIG_VHOST m
116 129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
130 set_kernel_config CONFIG_VHOST_NET m
131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
117 140 fi
118 141
119 142 # enable apparmor,integrity audit,
120 143 if [ "$KERNEL_SECURITY" = true ] ; then
121 144
122 145 # security filesystem, security models and audit
123 146 set_kernel_config CONFIG_SECURITYFS y
124 147 set_kernel_config CONFIG_SECURITY y
125 148 set_kernel_config CONFIG_AUDIT y
126 149
127 150 # harden strcpy and memcpy
128 151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
129 152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
130 153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
131 154
132 155 # integrity sub-system
133 156 set_kernel_config CONFIG_INTEGRITY=y
134 157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
135 158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
136 159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
137 160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
138 161
139 162 # This option provides support for retaining authentication tokens and access keys in the kernel.
140 163 set_kernel_config CONFIG_KEYS=y
141 164 set_kernel_config CONFIG_KEYS_COMPAT=y
142 165
143 166 # Apparmor
144 167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
145 168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
146 169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
147 170 set_kernel_config CONFIG_SECURITY_APPARMOR y
148 171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
149 172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
150 173
151 174 # restrictions on unprivileged users reading the kernel
152 175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
153 176
154 177 # network security hooks
155 178 set_kernel_config CONFIG_SECURITY_NETWORK y
156 179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
157 180 set_kernel_config CONFIG_SECURITY_PATH=y
158 181 set_kernel_config CONFIG_SECURITY_YAMA=y
159 182
160 183 # New Options
161 184 if [ "$KERNEL_NF" = true ] ; then
162 185 set_kernel_config CONFIG_IP_NF_SECURITY m
163 186 set_kernel_config CONFIG_NETLABEL y
164 187 set_kernel_config CONFIG_IP6_NF_SECURITY m
165 188 fi
166 189 set_kernel_config CONFIG_SECURITY_SELINUX n
167 190 set_kernel_config CONFIG_SECURITY_SMACK n
168 191 set_kernel_config CONFIG_SECURITY_TOMOYO n
169 192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
170 193 set_kernel_config CONFIG_SECURITY_LOADPIN n
171 194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
172 195 set_kernel_config CONFIG_IMA n
173 196 set_kernel_config CONFIG_EVM n
174 197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
175 198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
176 199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
177 200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
178 201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
179 202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
180 203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
181 204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
182 205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
183 206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
184 207
185 208 set_kernel_config CONFIG_ARM64_CRYPTO y
186 209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
187 210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
188 211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
189 212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
190 213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
191 214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
192 215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
193 216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
194 217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
195 218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
196 219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
197 220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
198 221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
199 222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
200 223 set_kernel_config SYSTEM_TRUSTED_KEYS
201 224 fi
202 225
203 226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
204 227 if [ "$KERNEL_NF" = true ] ; then
205 228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
206 229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
207 230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
208 231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
209 232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
210 233 set_kernel_config CONFIG_NFT_FIB_INET m
211 234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
212 235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
213 236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
214 237 set_kernel_config CONFIG_NFT_OBJREF m
215 238 set_kernel_config CONFIG_NFT_RT m
216 239 set_kernel_config CONFIG_NFT_SET_BITMAP m
217 240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
218 241 set_kernel_config CONFIG_NF_LOG_ARP m
219 242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
220 243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
221 244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
222 245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
223 246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
224 247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
225 248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
226 249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
227 250 set_kernel_config CONFIG_IP6_NF_NAT m
228 251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
229 252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
230 253 set_kernel_config CONFIG_IP_NF_SECURITY m
231 254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
232 255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
233 256 set_kernel_config CONFIG_IP_SET_HASH_IP m
234 257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
235 258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
236 259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
237 260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
238 261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
239 262 set_kernel_config CONFIG_IP_SET_HASH_NET m
240 263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
241 264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
242 265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
243 266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
244 267 set_kernel_config CONFIG_IP_SET_LIST_SET m
245 268 set_kernel_config CONFIG_NETFILTER_XTABLES m
246 269 set_kernel_config CONFIG_NETFILTER_XTABLES m
247 270 set_kernel_config CONFIG_NFT_BRIDGE_META m
248 271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
249 272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
250 273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
251 274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
252 275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
253 276 set_kernel_config CONFIG_NFT_COMPAT m
254 277 set_kernel_config CONFIG_NFT_COUNTER m
255 278 set_kernel_config CONFIG_NFT_CT m
256 279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
257 280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
258 281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
259 282 set_kernel_config CONFIG_NFT_EXTHDR m
260 283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
261 284 set_kernel_config CONFIG_NFT_HASH m
262 285 set_kernel_config CONFIG_NFT_LIMIT m
263 286 set_kernel_config CONFIG_NFT_LOG m
264 287 set_kernel_config CONFIG_NFT_MASQ m
265 288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
266 289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
267 290 set_kernel_config CONFIG_NFT_META m
268 291 set_kernel_config CONFIG_NFT_NAT m
269 292 set_kernel_config CONFIG_NFT_NUMGEN m
270 293 set_kernel_config CONFIG_NFT_QUEUE m
271 294 set_kernel_config CONFIG_NFT_QUOTA m
272 295 set_kernel_config CONFIG_NFT_REDIR m
273 296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
274 297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
275 298 set_kernel_config CONFIG_NFT_REJECT m
276 299 set_kernel_config CONFIG_NFT_REJECT_INET m
277 300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
278 301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
279 302 set_kernel_config CONFIG_NFT_SET_HASH m
280 303 set_kernel_config CONFIG_NFT_SET_RBTREE m
281 304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
282 305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
283 306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
284 307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
285 308 set_kernel_config CONFIG_NF_DUP_IPV4 m
286 309 set_kernel_config CONFIG_NF_DUP_IPV6 m
287 310 set_kernel_config CONFIG_NF_DUP_NETDEV m
288 311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
289 312 set_kernel_config CONFIG_NF_LOG_IPV4 m
290 313 set_kernel_config CONFIG_NF_LOG_IPV6 m
291 314 set_kernel_config CONFIG_NF_NAT_IPV4 m
292 315 set_kernel_config CONFIG_NF_NAT_IPV6 m
293 316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
294 317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
295 318 set_kernel_config CONFIG_NF_NAT_PPTP m
296 319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
297 320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
298 321 set_kernel_config CONFIG_NF_NAT_SIP m
299 322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
300 323 set_kernel_config CONFIG_NF_NAT_TFTP m
301 324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
302 325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
303 326 set_kernel_config CONFIG_NF_TABLES m
304 327 set_kernel_config CONFIG_NF_TABLES_ARP m
305 328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
306 329 set_kernel_config CONFIG_NF_TABLES_INET m
307 330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
308 331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
309 332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
310 333 fi
311 334
312 335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
313 336 if [ "$KERNEL_BPF" = true ] ; then
314 337 set_kernel_config CONFIG_BPF_SYSCALL y
315 338 set_kernel_config CONFIG_BPF_EVENTS y
316 339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
317 340 set_kernel_config CONFIG_CGROUP_BPF y
318 341 fi
319 342
320 343 # KERNEL_DEFAULT_GOV was set by user
321 344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
322 345
323 346 case "$KERNEL_DEFAULT_GOV" in
324 347 performance)
325 348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
326 349 ;;
327 350 userspace)
328 351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
329 352 ;;
330 353 ondemand)
331 354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
332 355 ;;
333 356 conservative)
334 357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
335 358 ;;
336 359 shedutil)
337 360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
338 361 ;;
339 362 *)
340 363 echo "error: unsupported default cpu governor"
341 364 exit 1
342 365 ;;
343 366 esac
344 367
345 368 # unset previous default governor
346 369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
347 370 fi
348 371
349 372 #Revert to previous directory
350 373 cd "${WORKDIR}" || exit
351 374
352 375 # Set kernel configuration parameters to enable qemu emulation
353 376 if [ "$ENABLE_QEMU" = true ] ; then
354 377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
355 378 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
356 379
357 380 if [ "$ENABLE_CRYPTFS" = true ] ; then
358 381 {
359 382 echo "CONFIG_EMBEDDED=y"
360 383 echo "CONFIG_EXPERT=y"
361 384 echo "CONFIG_DAX=y"
362 385 echo "CONFIG_MD=y"
363 386 echo "CONFIG_BLK_DEV_MD=y"
364 387 echo "CONFIG_MD_AUTODETECT=y"
365 388 echo "CONFIG_BLK_DEV_DM=y"
366 389 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
367 390 echo "CONFIG_DM_CRYPT=y"
368 391 echo "CONFIG_CRYPTO_BLKCIPHER=y"
369 392 echo "CONFIG_CRYPTO_CBC=y"
370 393 echo "CONFIG_CRYPTO_XTS=y"
371 394 echo "CONFIG_CRYPTO_SHA512=y"
372 395 echo "CONFIG_CRYPTO_MANAGER=y"
373 396 } >> "${KERNEL_DIR}"/.config
374 397 fi
375 398 fi
376 399
377 400 # Copy custom kernel configuration file
378 401 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
379 402 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
380 403 fi
381 404
382 405 # Set kernel configuration parameters to their default values
383 406 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
384 407 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
385 408 fi
386 409
387 410 # Start menu-driven kernel configuration (interactive)
388 411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
389 412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
390 413 fi
391 414 # end if "$KERNELSRC_CONFIG" = true
392 415 fi
393 416
394 417 # Use ccache to cross compile the kernel
395 418 if [ "$KERNEL_CCACHE" = true ] ; then
396 419 cc="ccache ${CROSS_COMPILE}gcc"
397 420 else
398 421 cc="${CROSS_COMPILE}gcc"
399 422 fi
400 423
401 424 # Cross compile kernel and dtbs
402 425 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
403 426
404 427 # Cross compile kernel modules
405 428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
406 429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
407 430 fi
408 431 # end if "$KERNELSRC_PREBUILT" = false
409 432 fi
410 433
411 434 # Check if kernel compilation was successful
412 435 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
413 436 echo "error: kernel compilation failed! (kernel image not found)"
414 437 cleanup
415 438 exit 1
416 439 fi
417 440
418 441 # Install kernel modules
419 442 if [ "$ENABLE_REDUCE" = true ] ; then
420 443 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
421 444 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
422 445 fi
423 446 else
424 447 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
425 448 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
426 449 fi
427 450
428 451 # Install kernel firmware
429 452 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
430 453 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
431 454 fi
432 455 fi
433 456
434 457 # Install kernel headers
435 458 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
436 459 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
437 460 fi
438 461
439 462 # Prepare boot (firmware) directory
440 463 mkdir "${BOOT_DIR}"
441 464
442 465 # Get kernel release version
443 466 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
444 467
445 468 # Copy kernel configuration file to the boot directory
446 469 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
447 470
448 471 # Prepare device tree directory
449 472 mkdir "${BOOT_DIR}/overlays"
450 473
451 474 # Ensure the proper .dtb is located
452 475 if [ "$KERNEL_ARCH" = "arm" ] ; then
453 476 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
454 477 if [ -f "${dtb}" ] ; then
455 478 install_readonly "${dtb}" "${BOOT_DIR}/"
456 479 fi
457 480 done
458 481 else
459 482 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
460 483 if [ -f "${dtb}" ] ; then
461 484 install_readonly "${dtb}" "${BOOT_DIR}/"
462 485 fi
463 486 done
464 487 fi
465 488
466 489 # Copy compiled dtb device tree files
467 490 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
468 491 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
469 492 if [ -f "${dtb}" ] ; then
470 493 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
471 494 fi
472 495 done
473 496
474 497 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
475 498 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
476 499 fi
477 500 fi
478 501
479 502 if [ "$ENABLE_UBOOT" = false ] ; then
480 503 # Convert and copy kernel image to the boot directory
481 504 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
482 505 else
483 506 # Copy kernel image to the boot directory
484 507 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
485 508 fi
486 509
487 510 # Remove kernel sources
488 511 if [ "$KERNEL_REMOVESRC" = true ] ; then
489 512 rm -fr "${KERNEL_DIR}"
490 513 else
491 514 # Prepare compiled kernel modules
492 515 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
493 516 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
494 517 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
495 518 fi
496 519
497 520 # Create symlinks for kernel modules
498 521 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
499 522 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
500 523 fi
501 524 fi
502 525
503 526 else # BUILD_KERNEL=false
504 527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
505 528
506 529 # Use Sakakis modified kernel if ZSWAP is active
507 530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
508 531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
509 532 fi
510 533
511 534 # Create temporary directory for dl
512 535 temp_dir=$(as_nobody mktemp -d)
513 536
514 537 # Fetch kernel dl
515 538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
516 539
517 540 #extract download
518 541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
519 542
520 543 #move extracted kernel to /boot/firmware
521 544 mkdir "${R}/boot/firmware"
522 545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
523 546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
524 547
525 548 # Remove temporary directory for kernel sources
526 549 rm -fr "${temp_dir}"
527 550
528 551 # Set permissions of the kernel sources
529 552 chown -R root:root "${R}/boot/firmware"
530 553 chown -R root:root "${R}/lib/modules"
531 554 fi
532 555
533 556 # Install Kernel from hypriot comptabile with all Raspberry PI
534 557 if [ "$SET_ARCH" = 32 ] ; then
535 558 # Create temporary directory for dl
536 559 temp_dir=$(as_nobody mktemp -d)
537 560
538 561 # Fetch kernel
539 562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
540 563
541 564 # Copy downloaded U-Boot sources
542 565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
543 566
544 567 # Set permissions
545 568 chown -R root:root "${R}"/tmp/kernel.deb
546 569
547 570 # Install kernel
548 571 chroot_exec dpkg -i /tmp/kernel.deb
549 572
550 573 # move /boot to /boot/firmware to fit script env.
551 574 #mkdir "${BOOT_DIR}"
552 575 mkdir "${temp_dir}"/firmware
553 576 mv "${R}"/boot/* "${temp_dir}"/firmware/
554 577 mv "${temp_dir}"/firmware "${R}"/boot/
555 578
556 579 #same for kernel headers
557 580 if [ "$KERNEL_HEADERS" = true ] ; then
558 581 # Fetch kernel header
559 582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
560 583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
561 584 chown -R root:root "${R}"/tmp/kernel-header.deb
562 585 # Install kernel header
563 586 chroot_exec dpkg -i /tmp/kernel-header.deb
564 587 rm -f "${R}"/tmp/kernel-header.deb
565 588 fi
566 589
567 590 # Remove temporary directory and files
568 591 rm -fr "${temp_dir}"
569 592 rm -f "${R}"/tmp/kernel.deb
570 593 fi
571 594
572 595 # Check if kernel installation was successful
573 596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
574 597 if [ -z "$KERNEL" ] ; then
575 598 echo "error: kernel installation failed! (/boot/kernel* not found)"
576 599 cleanup
577 600 exit 1
578 601 fi
579 602 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant