@@ -0,0 +1,131 | |||
|
1 | # | |
|
2 | # Setup RPi2/3 config and cmdline | |
|
3 | # | |
|
4 | ||
|
5 | # Load utility functions | |
|
6 | . ./functions.sh | |
|
7 | ||
|
8 | if [ "$BUILD_KERNEL" = true ] ; then | |
|
9 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then | |
|
10 | # Install boot binaries from local directory | |
|
11 | cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin | |
|
12 | cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat | |
|
13 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat | |
|
14 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat | |
|
15 | cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf | |
|
16 | cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf | |
|
17 | cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf | |
|
18 | else | |
|
19 | # Install latest boot binaries from raspberry/firmware github | |
|
20 | wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" | |
|
21 | wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" | |
|
22 | wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" | |
|
23 | wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" | |
|
24 | wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf" | |
|
25 | wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" | |
|
26 | wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" | |
|
27 | fi | |
|
28 | fi | |
|
29 | ||
|
30 | # Setup firmware boot cmdline | |
|
31 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
32 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" | |
|
33 | else | |
|
34 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" | |
|
35 | fi | |
|
36 | ||
|
37 | # Add encrypted root partition to cmdline.txt | |
|
38 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
39 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
40 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
41 | else | |
|
42 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
43 | fi | |
|
44 | fi | |
|
45 | ||
|
46 | # Add serial console support | |
|
47 | if [ "$ENABLE_CONSOLE" = true ] ; then | |
|
48 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" | |
|
49 | fi | |
|
50 | ||
|
51 | # Remove IPv6 networking support | |
|
52 | if [ "$ENABLE_IPV6" = false ] ; then | |
|
53 | CMDLINE="${CMDLINE} ipv6.disable=1" | |
|
54 | fi | |
|
55 | ||
|
56 | # Automatically assign predictable network interface names | |
|
57 | if [ "$ENABLE_IFNAMES" = false ] ; then | |
|
58 | CMDLINE="${CMDLINE} net.ifnames=0" | |
|
59 | else | |
|
60 | CMDLINE="${CMDLINE} net.ifnames=1" | |
|
61 | fi | |
|
62 | ||
|
63 | # Set init to systemd if required by Debian release | |
|
64 | if [ "$RELEASE" = "stretch" ] ; then | |
|
65 | CMDLINE="${CMDLINE} init=/bin/systemd" | |
|
66 | fi | |
|
67 | ||
|
68 | # Install firmware boot cmdline | |
|
69 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
|
70 | ||
|
71 | # Install firmware config | |
|
72 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" | |
|
73 | ||
|
74 | # Setup minimal GPU memory allocation size: 16MB (no X) | |
|
75 | if [ "$ENABLE_MINGPU" = true ] ; then | |
|
76 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" | |
|
77 | fi | |
|
78 | ||
|
79 | # Setup boot with initramfs | |
|
80 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
81 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" | |
|
82 | fi | |
|
83 | ||
|
84 | # Disable RPi3 Bluetooth and restore ttyAMA0 serial device | |
|
85 | if [ "$RPI_MODEL" = 3 ] ; then | |
|
86 | if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then | |
|
87 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
|
88 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |
|
89 | fi | |
|
90 | fi | |
|
91 | ||
|
92 | # Create firmware configuration and cmdline symlinks | |
|
93 | ln -sf firmware/config.txt "${R}/boot/config.txt" | |
|
94 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" | |
|
95 | ||
|
96 | # Install and setup kernel modules to load at boot | |
|
97 | mkdir -p "${R}/lib/modules-load.d/" | |
|
98 | install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" | |
|
99 | ||
|
100 | # Load hardware random module at boot | |
|
101 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then | |
|
102 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
103 | fi | |
|
104 | ||
|
105 | # Load sound module at boot | |
|
106 | if [ "$ENABLE_SOUND" = true ] ; then | |
|
107 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
108 | fi | |
|
109 | ||
|
110 | # Enable I2C interface | |
|
111 | if [ "$ENABLE_I2C" = true ] ; then | |
|
112 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" | |
|
113 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
114 | sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
115 | fi | |
|
116 | ||
|
117 | # Enable SPI interface | |
|
118 | if [ "$ENABLE_SPI" = true ] ; then | |
|
119 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" | |
|
120 | echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf" | |
|
121 | if [ "$RPI_MODEL" = 3 ] ; then | |
|
122 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
123 | fi | |
|
124 | fi | |
|
125 | ||
|
126 | # Install kernel modules blacklist | |
|
127 | mkdir -p "${ETC_DIR}/modprobe.d/" | |
|
128 | install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" | |
|
129 | ||
|
130 | # Install sysctl.d configuration files | |
|
131 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" |
@@ -320,6 +320,7 The functions of this script that are required for the different stages of the b | |||
|
320 | 320 | | `11-apt.sh` | Setup APT repositories | |
|
321 | 321 | | `12-locale.sh` | Setup Locales and keyboard settings | |
|
322 | 322 | | `13-kernel.sh` | Build and install RPi2/3 Kernel | |
|
323 | | `14-rpi-config.sh` | Setup RPi2/3 config and cmdline | | |
|
323 | 324 | | `20-networking.sh` | Setup Networking | |
|
324 | 325 | | `21-firewall.sh` | Setup Firewall | |
|
325 | 326 | | `30-security.sh` | Setup Users and Security settings | |
@@ -134,29 +134,7 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
134 | 134 | if [ "$KERNEL_REMOVESRC" = true ] ; then |
|
135 | 135 | rm -fr "${KERNEL_DIR}" |
|
136 | 136 | else |
|
137 | #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" oldconfig | |
|
138 | 137 |
|
|
139 | #make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper | |
|
140 | fi | |
|
141 | ||
|
142 | if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then | |
|
143 | # Install boot binaries from local directory | |
|
144 | cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin | |
|
145 | cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat | |
|
146 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat | |
|
147 | cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat | |
|
148 | cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf | |
|
149 | cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf | |
|
150 | cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf | |
|
151 | else | |
|
152 | # Install latest boot binaries from raspberry/firmware github | |
|
153 | wget -q -O "${BOOT_DIR}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin" | |
|
154 | wget -q -O "${BOOT_DIR}/fixup.dat" "${FIRMWARE_URL}/fixup.dat" | |
|
155 | wget -q -O "${BOOT_DIR}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat" | |
|
156 | wget -q -O "${BOOT_DIR}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat" | |
|
157 | wget -q -O "${BOOT_DIR}/start.elf" "${FIRMWARE_URL}/start.elf" | |
|
158 | wget -q -O "${BOOT_DIR}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf" | |
|
159 | wget -q -O "${BOOT_DIR}/start_x.elf" "${FIRMWARE_URL}/start_x.elf" | |
|
160 | 138 | fi |
|
161 | 139 | |
|
162 | 140 | else # BUILD_KERNEL=false |
@@ -177,105 +155,9 else # BUILD_KERNEL=false | |||
|
177 | 155 | install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
178 | 156 | fi |
|
179 | 157 | |
|
180 | # Setup firmware boot cmdline | |
|
181 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
182 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" | |
|
183 | else | |
|
184 | CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1" | |
|
185 | fi | |
|
186 | ||
|
187 | # Add encrypted root partition to cmdline.txt | |
|
188 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
189 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
190 | CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") | |
|
191 | else | |
|
192 | CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") | |
|
193 | fi | |
|
194 | fi | |
|
195 | ||
|
196 | # Add serial console support | |
|
197 | if [ "$ENABLE_CONSOLE" = true ] ; then | |
|
198 | CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200" | |
|
199 | fi | |
|
200 | ||
|
201 | # Remove IPv6 networking support | |
|
202 | if [ "$ENABLE_IPV6" = false ] ; then | |
|
203 | CMDLINE="${CMDLINE} ipv6.disable=1" | |
|
204 | fi | |
|
205 | ||
|
206 | # Automatically assign predictable network interface names | |
|
207 | if [ "$ENABLE_IFNAMES" = false ] ; then | |
|
208 | CMDLINE="${CMDLINE} net.ifnames=0" | |
|
209 | else | |
|
210 | CMDLINE="${CMDLINE} net.ifnames=1" | |
|
211 | fi | |
|
212 | ||
|
213 | # Set init to systemd if required by Debian release | |
|
214 | if [ "$RELEASE" = "stretch" ] ; then | |
|
215 | CMDLINE="${CMDLINE} init=/bin/systemd" | |
|
216 | fi | |
|
217 | ||
|
218 | # Install firmware boot cmdline | |
|
219 | echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt" | |
|
220 | ||
|
221 | # Install firmware config | |
|
222 | install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt" | |
|
223 | ||
|
224 | # Setup minimal GPU memory allocation size: 16MB (no X) | |
|
225 | if [ "$ENABLE_MINGPU" = true ] ; then | |
|
226 | echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt" | |
|
227 | fi | |
|
228 | ||
|
229 | # Setup boot with initramfs | |
|
230 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
231 | echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt" | |
|
232 | fi | |
|
233 | ||
|
234 | # Disable RPi3 Bluetooth and restore ttyAMA0 serial device | |
|
235 | if [ "$RPI_MODEL" = 3 ] ; then | |
|
236 | if [ "$ENABLE_CONSOLE" = true ] && [ "$ENABLE_UBOOT" = false ] ; then | |
|
237 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
|
238 | echo "enable_uart=1" >> "${BOOT_DIR}/config.txt" | |
|
239 | fi | |
|
240 | fi | |
|
241 | ||
|
242 | # Create firmware configuration and cmdline symlinks | |
|
243 | ln -sf firmware/config.txt "${R}/boot/config.txt" | |
|
244 | ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt" | |
|
245 | ||
|
246 | # Install and setup kernel modules to load at boot | |
|
247 | mkdir -p "${R}/lib/modules-load.d/" | |
|
248 | install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf" | |
|
249 | ||
|
250 | # Load hardware random module at boot | |
|
251 | if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then | |
|
252 | sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
253 | fi | |
|
254 | ||
|
255 | # Load sound module at boot | |
|
256 | if [ "$ENABLE_SOUND" = true ] ; then | |
|
257 | sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
258 | fi | |
|
259 | ||
|
260 | # Enable I2C interface | |
|
261 | if [ "$ENABLE_I2C" = true ] ; then | |
|
262 | echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt" | |
|
263 | sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
264 | sed -i "s/^# i2c-dev/i2c-dev/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
265 | fi | |
|
266 | ||
|
267 | # Enable SPI interface | |
|
268 | if [ "$ENABLE_SPI" = true ] ; then | |
|
269 | echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt" | |
|
270 | echo "spi-bcm2708" >> "${R}/lib/modules-load.d/rpi2.conf" | |
|
271 | if [ "$RPI_MODEL" = 3 ] ; then | |
|
272 | sed -i "s/spi-bcm2708/spi-bcm2835/" "${R}/lib/modules-load.d/rpi2.conf" | |
|
273 | fi | |
|
274 | fi | |
|
275 | ||
|
276 | # Install kernel modules blacklist | |
|
277 | mkdir -p "${ETC_DIR}/modprobe.d/" | |
|
278 | install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf" | |
|
158 | # Create symlinks for kernel modules | |
|
159 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" | |
|
160 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" | |
|
279 | 161 | |
|
280 | 162 | # Install and setup fstab |
|
281 | 163 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" |
@@ -326,11 +208,3 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||
|
326 | 208 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" |
|
327 | 209 | fi |
|
328 | 210 | fi |
|
329 | ||
|
330 | # Install sysctl.d configuration files | |
|
331 | install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" | |
|
332 | ||
|
333 | # make symlinks | |
|
334 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" | |
|
335 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" | |
|
336 |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant