@@ -0,0 +1,131 | |||||
|
1 | # | |||
|
2 | # Setup RPi2/3 config and cmdline | |||
|
3 | # | |||
|
4 | ||||
|
5 | # Load utility functions | |||
|
6 | . ./functions.sh | |||
|
7 | ||||
|
8 | if [ "$BUILD_KERNEL" = true ] ; then | |||
|
9 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then | |||
|
10 | # Install boot binaries from local directory | |||
|
11 | cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin | |||
|
12 | cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat | |||
|
13 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat | |||
|
14 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat | |||
|
15 | cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf | |||
|
16 | cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf | |||
|
17 | cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf | |||
|
18 | else | |||
|
19 | # Install latest boot binaries from raspberry/firmware github | |||
|
20 | wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" | |||
|
21 | wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" | |||
|
22 | wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" | |||
|
23 | wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" | |||
|
24 | wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf" | |||
|
25 | wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" | |||
|
26 | wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" | |||
|
27 | fi | |||
|
28 | fi | |||
|
29 | ||||
|
30 | # Setup firmware boot cmdline | |||
|
31 | if [ "$ENABLE_SPLITFS" = true ] ; then | |||
|
32 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" | |||
|
33 | else | |||
|
34 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" | |||
|
35 | fi | |||
|
36 | ||||
|
37 | # Add encrypted root partition to cmdline.txt | |||
|
38 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
39 | if [ "$ENABLE_SPLITFS" = true ] ; then | |||
|
40 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |||
|
41 | else | |||
|
42 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |||
|
43 | fi | |||
|
44 | fi | |||
|
45 | ||||
|
46 | # Add serial console support | |||
|
47 | if [ "$ENABLE_CONSOLE" = true ] ; then | |||
|
48 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" | |||
|
49 | fi | |||
|
50 | ||||
|
51 | # Remove IPv6 networking support | |||
|
52 | if [ "$ENABLE_IPV6" = false ] ; then | |||
|
53 | CMDLINE="${CMDLINE} ipv6.disable=1" | |||
|
54 | fi | |||
|
55 | ||||
|
56 | # Automatically assign predictable network interface names | |||
|
57 | if [ "$ENABLE_IFNAMES" = false ] ; then | |||
|
58 | CMDLINE="${CMDLINE} net.ifnames=0" | |||
|
59 | else | |||
|
60 | CMDLINE="${CMDLINE} net.ifnames=1" | |||
|
61 | fi | |||
|
62 | ||||
|
63 | # Set init to systemd if required by Debian release | |||
|
64 | if [ "$RELEASE" = "stretch" ] ; then | |||
|
65 | CMDLINE="${CMDLINE} init=/bin/systemd" | |||
|
66 | fi | |||
|
67 | ||||
|
68 | # Install firmware boot cmdline | |||
|
69 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |||
|
70 | ||||
|
71 | # Install firmware config | |||
|
72 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" | |||
|
73 | ||||
|
74 | # Setup minimal GPU memory allocation size: 16MB (no X) | |||
|
75 | if [ "$ENABLE_MINGPU" = true ] ; then | |||
|
76 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" | |||
|
77 | fi | |||
|
78 | ||||
|
79 | # Setup boot with initramfs | |||
|
80 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
81 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" | |||
|
82 | fi | |||
|
83 | ||||
|
84 | # Disable RPi3 Bluetooth and restore ttyAMA0 serial device | |||
|
85 | if [ "$RPI_MODEL" = 3 ] ; then | |||
|
86 | if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then | |||
|
87 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |||
|
88 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |||
|
89 | fi | |||
|
90 | fi | |||
|
91 | ||||
|
92 | # Create firmware configuration and cmdline symlinks | |||
|
93 | ln -sf firmware/config.txt "${R}/boot/config.txt" | |||
|
94 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" | |||
|
95 | ||||
|
96 | # Install and setup kernel modules to load at boot | |||
|
97 | mkdir -p "${R}/lib/modules-load.d/" | |||
|
98 | install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" | |||
|
99 | ||||
|
100 | # Load hardware random module at boot | |||
|
101 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then | |||
|
102 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" | |||
|
103 | fi | |||
|
104 | ||||
|
105 | # Load sound module at boot | |||
|
106 | if [ "$ENABLE_SOUND" = true ] ; then | |||
|
107 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |||
|
108 | fi | |||
|
109 | ||||
|
110 | # Enable I2C interface | |||
|
111 | if [ "$ENABLE_I2C" = true ] ; then | |||
|
112 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" | |||
|
113 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf" | |||
|
114 | sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf" | |||
|
115 | fi | |||
|
116 | ||||
|
117 | # Enable SPI interface | |||
|
118 | if [ "$ENABLE_SPI" = true ] ; then | |||
|
119 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" | |||
|
120 | echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf" | |||
|
121 | if [ "$RPI_MODEL" = 3 ] ; then | |||
|
122 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |||
|
123 | fi | |||
|
124 | fi | |||
|
125 | ||||
|
126 | # Install kernel modules blacklist | |||
|
127 | mkdir -p "${ETC_DIR}/modprobe.d/" | |||
|
128 | install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" | |||
|
129 | ||||
|
130 | # Install sysctl.d configuration files | |||
|
131 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" |
@@ -320,6 +320,7 The functions of this script that are required for the different stages of the b | |||||
320 | | `11-apt.sh` | Setup APT repositories | |
|
320 | | `11-apt.sh` | Setup APT repositories | | |
321 | | `12-locale.sh` | Setup Locales and keyboard settings | |
|
321 | | `12-locale.sh` | Setup Locales and keyboard settings | | |
322 | | `13-kernel.sh` | Build and install RPi2/3 Kernel | |
|
322 | | `13-kernel.sh` | Build and install RPi2/3 Kernel | | |
|
323 | | `14-rpi-config.sh` | Setup RPi2/3 config and cmdline | | |||
323 | | `20-networking.sh` | Setup Networking | |
|
324 | | `20-networking.sh` | Setup Networking | | |
324 | | `21-firewall.sh` | Setup Firewall | |
|
325 | | `21-firewall.sh` | Setup Firewall | | |
325 | | `30-security.sh` | Setup Users and Security settings | |
|
326 | | `30-security.sh` | Setup Users and Security settings | |
@@ -71,8 +71,8 if [ "$BUILD_KERNEL" = true ] ; then | |||||
71 | # Load default raspberry kernel configuration |
|
71 | # Load default raspberry kernel configuration | |
72 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" |
|
72 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}" | |
73 |
|
73 | |||
74 |
if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then |
|
74 | if [ ! -z "$KERNELSRC_USRCONFIG" ] ; then | |
75 |
cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config |
|
75 | cp $KERNELSRC_USRCONFIG ${KERNEL_DIR}/.config | |
76 | fi |
|
76 | fi | |
77 |
|
77 | |||
78 | # Start menu-driven kernel configuration (interactive) |
|
78 | # Start menu-driven kernel configuration (interactive) | |
@@ -134,29 +134,7 if [ "$BUILD_KERNEL" = true ] ; then | |||||
134 | if [ "$KERNEL_REMOVESRC" = true ] ; then |
|
134 | if [ "$KERNEL_REMOVESRC" = true ] ; then | |
135 | rm -fr "${KERNEL_DIR}" |
|
135 | rm -fr "${KERNEL_DIR}" | |
136 | else |
|
136 | else | |
137 | #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" oldconfig |
|
|||
138 |
|
|
137 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare | |
139 | #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper |
|
|||
140 | fi |
|
|||
141 |
|
||||
142 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then |
|
|||
143 | # Install boot binaries from local directory |
|
|||
144 | cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin |
|
|||
145 | cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat |
|
|||
146 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat |
|
|||
147 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat |
|
|||
148 | cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf |
|
|||
149 | cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf |
|
|||
150 | cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf |
|
|||
151 | else |
|
|||
152 | # Install latest boot binaries from raspberry/firmware github |
|
|||
153 | wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" |
|
|||
154 | wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" |
|
|||
155 | wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" |
|
|||
156 | wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" |
|
|||
157 | wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf" |
|
|||
158 | wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" |
|
|||
159 | wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" |
|
|||
160 | fi |
|
138 | fi | |
161 |
|
139 | |||
162 | else # BUILD_KERNEL=false |
|
140 | else # BUILD_KERNEL=false | |
@@ -177,105 +155,9 else # BUILD_KERNEL=false | |||||
177 | install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
155 | install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" | |
178 | fi |
|
156 | fi | |
179 |
|
157 | |||
180 | # Setup firmware boot cmdline |
|
158 | # Create symlinks for kernel modules | |
181 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
159 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" | |
182 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" |
|
160 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" | |
183 | else |
|
|||
184 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" |
|
|||
185 | fi |
|
|||
186 |
|
||||
187 | # Add encrypted root partition to cmdline.txt |
|
|||
188 | if [ "$ENABLE_CRYPTFS" = true ] ; then |
|
|||
189 | if [ "$ENABLE_SPLITFS" = true ] ; then |
|
|||
190 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") |
|
|||
191 | else |
|
|||
192 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") |
|
|||
193 | fi |
|
|||
194 | fi |
|
|||
195 |
|
||||
196 | # Add serial console support |
|
|||
197 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
|||
198 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" |
|
|||
199 | fi |
|
|||
200 |
|
||||
201 | # Remove IPv6 networking support |
|
|||
202 | if [ "$ENABLE_IPV6" = false ] ; then |
|
|||
203 | CMDLINE="${CMDLINE} ipv6.disable=1" |
|
|||
204 | fi |
|
|||
205 |
|
||||
206 | # Automatically assign predictable network interface names |
|
|||
207 | if [ "$ENABLE_IFNAMES" = false ] ; then |
|
|||
208 | CMDLINE="${CMDLINE} net.ifnames=0" |
|
|||
209 | else |
|
|||
210 | CMDLINE="${CMDLINE} net.ifnames=1" |
|
|||
211 | fi |
|
|||
212 |
|
||||
213 | # Set init to systemd if required by Debian release |
|
|||
214 | if [ "$RELEASE" = "stretch" ] ; then |
|
|||
215 | CMDLINE="${CMDLINE} init=/bin/systemd" |
|
|||
216 | fi |
|
|||
217 |
|
||||
218 | # Install firmware boot cmdline |
|
|||
219 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" |
|
|||
220 |
|
||||
221 | # Install firmware config |
|
|||
222 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" |
|
|||
223 |
|
||||
224 | # Setup minimal GPU memory allocation size: 16MB (no X) |
|
|||
225 | if [ "$ENABLE_MINGPU" = true ] ; then |
|
|||
226 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" |
|
|||
227 | fi |
|
|||
228 |
|
||||
229 | # Setup boot with initramfs |
|
|||
230 | if [ "$ENABLE_INITRAMFS" = true ] ; then |
|
|||
231 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" |
|
|||
232 | fi |
|
|||
233 |
|
||||
234 | # Disable RPi3 Bluetooth and restore ttyAMA0 serial device |
|
|||
235 | if [ "$RPI_MODEL" = 3 ] ; then |
|
|||
236 | if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then |
|
|||
237 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" |
|
|||
238 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" |
|
|||
239 | fi |
|
|||
240 | fi |
|
|||
241 |
|
||||
242 | # Create firmware configuration and cmdline symlinks |
|
|||
243 | ln -sf firmware/config.txt "${R}/boot/config.txt" |
|
|||
244 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" |
|
|||
245 |
|
||||
246 | # Install and setup kernel modules to load at boot |
|
|||
247 | mkdir -p "${R}/lib/modules-load.d/" |
|
|||
248 | install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
249 |
|
||||
250 | # Load hardware random module at boot |
|
|||
251 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then |
|
|||
252 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
253 | fi |
|
|||
254 |
|
||||
255 | # Load sound module at boot |
|
|||
256 | if [ "$ENABLE_SOUND" = true ] ; then |
|
|||
257 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
258 | fi |
|
|||
259 |
|
||||
260 | # Enable I2C interface |
|
|||
261 | if [ "$ENABLE_I2C" = true ] ; then |
|
|||
262 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" |
|
|||
263 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
264 | sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
265 | fi |
|
|||
266 |
|
||||
267 | # Enable SPI interface |
|
|||
268 | if [ "$ENABLE_SPI" = true ] ; then |
|
|||
269 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" |
|
|||
270 | echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
271 | if [ "$RPI_MODEL" = 3 ] ; then |
|
|||
272 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" |
|
|||
273 | fi |
|
|||
274 | fi |
|
|||
275 |
|
||||
276 | # Install kernel modules blacklist |
|
|||
277 | mkdir -p "${ETC_DIR}/modprobe.d/" |
|
|||
278 | install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" |
|
|||
279 |
|
161 | |||
280 | # Install and setup fstab |
|
162 | # Install and setup fstab | |
281 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
|
163 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
@@ -326,11 +208,3 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
326 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
208 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
327 | fi |
|
209 | fi | |
328 | fi |
|
210 | fi | |
329 |
|
||||
330 | # Install sysctl.d configuration files |
|
|||
331 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" |
|
|||
332 |
|
||||
333 | # make symlinks |
|
|||
334 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" |
|
|||
335 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" |
|
|||
336 |
|
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant