##// END OF EJS Templates
complete kvm
Unknown -
r525:b17ca7c26555
parent child
Show More
@@ -1,579 +1,593
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 # Configure and build kernel
57 57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 58 # Remove device, network and filesystem drivers from kernel configuration
59 59 if [ "$KERNEL_REDUCE" = true ] ; then
60 60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 61 sed -i\
62 62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 91 "${KERNEL_DIR}/.config"
92 92 fi
93 93
94 94 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 95 # Load default raspberry kernel configuration
96 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97 97
98 98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 99 cd "${KERNEL_DIR}" || exit
100 100
101 101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 103 set_kernel_config CONFIG_ZPOOL y
104 104 set_kernel_config CONFIG_ZSWAP y
105 105 set_kernel_config CONFIG_ZBUD y
106 106 set_kernel_config CONFIG_Z3FOLD y
107 107 set_kernel_config CONFIG_ZSMALLOC y
108 108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 109 fi
110 110
111 111 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
112 112 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
113 set_kernel_config CONFIG_VIRTUALIZATION y
113 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
114 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
115 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
116 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
117 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
118 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
119 set_kernel_config CONFIG_HAVE_KVM_MSI y
114 120 set_kernel_config CONFIG_KVM y
115 set_kernel_config CONFIG_VHOST_NET m
121 set_kernel_config CONFIG_KVM_ARM_HOST y
122 set_kernel_config CONFIG_KVM_ARM_PMU y
123 set_kernel_config CONFIG_KVM_COMPAT y
124 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
125 set_kernel_config CONFIG_KVM_MMIO y
126 set_kernel_config CONFIG_KVM_VFIO y
127 set_kernel_config CONFIG_VHOST m
116 128 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
129 set_kernel_config CONFIG_VHOST_NET m
130 set_kernel_config CONFIG_VIRTUALIZATION y
117 131 fi
118 132
119 133 # enable apparmor,integrity audit,
120 134 if [ "$KERNEL_SECURITY" = true ] ; then
121 135
122 136 # security filesystem, security models and audit
123 137 set_kernel_config CONFIG_SECURITYFS y
124 138 set_kernel_config CONFIG_SECURITY y
125 139 set_kernel_config CONFIG_AUDIT y
126 140
127 141 # harden strcpy and memcpy
128 142 set_kernel_config CONFIG_HARDENED_USERCOPY=y
129 143 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
130 144 set_kernel_config CONFIG_FORTIFY_SOURCE=y
131 145
132 146 # integrity sub-system
133 147 set_kernel_config CONFIG_INTEGRITY=y
134 148 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
135 149 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
136 150 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
137 151 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
138 152
139 153 # This option provides support for retaining authentication tokens and access keys in the kernel.
140 154 set_kernel_config CONFIG_KEYS=y
141 155 set_kernel_config CONFIG_KEYS_COMPAT=y
142 156
143 157 # Apparmor
144 158 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
145 159 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
146 160 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
147 161 set_kernel_config CONFIG_SECURITY_APPARMOR y
148 162 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
149 163 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
150 164
151 165 # restrictions on unprivileged users reading the kernel
152 166 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
153 167
154 168 # network security hooks
155 169 set_kernel_config CONFIG_SECURITY_NETWORK y
156 170 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
157 171 set_kernel_config CONFIG_SECURITY_PATH=y
158 172 set_kernel_config CONFIG_SECURITY_YAMA=y
159 173
160 174 # New Options
161 175 if [ "$KERNEL_NF" = true ] ; then
162 176 set_kernel_config CONFIG_IP_NF_SECURITY m
163 177 set_kernel_config CONFIG_NETLABEL y
164 178 set_kernel_config CONFIG_IP6_NF_SECURITY m
165 179 fi
166 180 set_kernel_config CONFIG_SECURITY_SELINUX n
167 181 set_kernel_config CONFIG_SECURITY_SMACK n
168 182 set_kernel_config CONFIG_SECURITY_TOMOYO n
169 183 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
170 184 set_kernel_config CONFIG_SECURITY_LOADPIN n
171 185 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
172 186 set_kernel_config CONFIG_IMA n
173 187 set_kernel_config CONFIG_EVM n
174 188 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
175 189 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
176 190 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
177 191 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
178 192 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
179 193 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
180 194 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
181 195 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
182 196 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
183 197 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
184 198
185 199 set_kernel_config CONFIG_ARM64_CRYPTO y
186 200 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
187 201 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
188 202 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
189 203 set_kernel_config CRYPTO_GHASH_ARM64_CE m
190 204 set_kernel_config CRYPTO_SHA2_ARM64_CE m
191 205 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
192 206 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
193 207 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
194 208 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
195 209 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
196 210 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
197 211 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
198 212 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
199 213 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
200 214 set_kernel_config SYSTEM_TRUSTED_KEYS
201 215 fi
202 216
203 217 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
204 218 if [ "$KERNEL_NF" = true ] ; then
205 219 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
206 220 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
207 221 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
208 222 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
209 223 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
210 224 set_kernel_config CONFIG_NFT_FIB_INET m
211 225 set_kernel_config CONFIG_NFT_FIB_IPV4 m
212 226 set_kernel_config CONFIG_NFT_FIB_IPV6 m
213 227 set_kernel_config CONFIG_NFT_FIB_NETDEV m
214 228 set_kernel_config CONFIG_NFT_OBJREF m
215 229 set_kernel_config CONFIG_NFT_RT m
216 230 set_kernel_config CONFIG_NFT_SET_BITMAP m
217 231 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
218 232 set_kernel_config CONFIG_NF_LOG_ARP m
219 233 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
220 234 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
221 235 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
222 236 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
223 237 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
224 238 set_kernel_config CONFIG_IP6_NF_IPTABLES m
225 239 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
226 240 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
227 241 set_kernel_config CONFIG_IP6_NF_NAT m
228 242 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
229 243 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
230 244 set_kernel_config CONFIG_IP_NF_SECURITY m
231 245 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
232 246 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
233 247 set_kernel_config CONFIG_IP_SET_HASH_IP m
234 248 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
235 249 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
236 250 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
237 251 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
238 252 set_kernel_config CONFIG_IP_SET_HASH_MAC m
239 253 set_kernel_config CONFIG_IP_SET_HASH_NET m
240 254 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
241 255 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
242 256 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
243 257 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
244 258 set_kernel_config CONFIG_IP_SET_LIST_SET m
245 259 set_kernel_config CONFIG_NETFILTER_XTABLES m
246 260 set_kernel_config CONFIG_NETFILTER_XTABLES m
247 261 set_kernel_config CONFIG_NFT_BRIDGE_META m
248 262 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
249 263 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
250 264 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
251 265 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
252 266 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
253 267 set_kernel_config CONFIG_NFT_COMPAT m
254 268 set_kernel_config CONFIG_NFT_COUNTER m
255 269 set_kernel_config CONFIG_NFT_CT m
256 270 set_kernel_config CONFIG_NFT_DUP_IPV4 m
257 271 set_kernel_config CONFIG_NFT_DUP_IPV6 m
258 272 set_kernel_config CONFIG_NFT_DUP_NETDEV m
259 273 set_kernel_config CONFIG_NFT_EXTHDR m
260 274 set_kernel_config CONFIG_NFT_FWD_NETDEV m
261 275 set_kernel_config CONFIG_NFT_HASH m
262 276 set_kernel_config CONFIG_NFT_LIMIT m
263 277 set_kernel_config CONFIG_NFT_LOG m
264 278 set_kernel_config CONFIG_NFT_MASQ m
265 279 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
266 280 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
267 281 set_kernel_config CONFIG_NFT_META m
268 282 set_kernel_config CONFIG_NFT_NAT m
269 283 set_kernel_config CONFIG_NFT_NUMGEN m
270 284 set_kernel_config CONFIG_NFT_QUEUE m
271 285 set_kernel_config CONFIG_NFT_QUOTA m
272 286 set_kernel_config CONFIG_NFT_REDIR m
273 287 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
274 288 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
275 289 set_kernel_config CONFIG_NFT_REJECT m
276 290 set_kernel_config CONFIG_NFT_REJECT_INET m
277 291 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
278 292 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
279 293 set_kernel_config CONFIG_NFT_SET_HASH m
280 294 set_kernel_config CONFIG_NFT_SET_RBTREE m
281 295 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
282 296 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
283 297 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
284 298 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
285 299 set_kernel_config CONFIG_NF_DUP_IPV4 m
286 300 set_kernel_config CONFIG_NF_DUP_IPV6 m
287 301 set_kernel_config CONFIG_NF_DUP_NETDEV m
288 302 set_kernel_config CONFIG_NF_LOG_BRIDGE m
289 303 set_kernel_config CONFIG_NF_LOG_IPV4 m
290 304 set_kernel_config CONFIG_NF_LOG_IPV6 m
291 305 set_kernel_config CONFIG_NF_NAT_IPV4 m
292 306 set_kernel_config CONFIG_NF_NAT_IPV6 m
293 307 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
294 308 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
295 309 set_kernel_config CONFIG_NF_NAT_PPTP m
296 310 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
297 311 set_kernel_config CONFIG_NF_NAT_REDIRECT m
298 312 set_kernel_config CONFIG_NF_NAT_SIP m
299 313 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
300 314 set_kernel_config CONFIG_NF_NAT_TFTP m
301 315 set_kernel_config CONFIG_NF_REJECT_IPV4 m
302 316 set_kernel_config CONFIG_NF_REJECT_IPV6 m
303 317 set_kernel_config CONFIG_NF_TABLES m
304 318 set_kernel_config CONFIG_NF_TABLES_ARP m
305 319 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
306 320 set_kernel_config CONFIG_NF_TABLES_INET m
307 321 set_kernel_config CONFIG_NF_TABLES_IPV4 m
308 322 set_kernel_config CONFIG_NF_TABLES_IPV6 m
309 323 set_kernel_config CONFIG_NF_TABLES_NETDEV m
310 324 fi
311 325
312 326 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
313 327 if [ "$KERNEL_BPF" = true ] ; then
314 328 set_kernel_config CONFIG_BPF_SYSCALL y
315 329 set_kernel_config CONFIG_BPF_EVENTS y
316 330 set_kernel_config CONFIG_BPF_STREAM_PARSER y
317 331 set_kernel_config CONFIG_CGROUP_BPF y
318 332 fi
319 333
320 334 # KERNEL_DEFAULT_GOV was set by user
321 335 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
322 336
323 337 case "$KERNEL_DEFAULT_GOV" in
324 338 performance)
325 339 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
326 340 ;;
327 341 userspace)
328 342 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
329 343 ;;
330 344 ondemand)
331 345 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
332 346 ;;
333 347 conservative)
334 348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
335 349 ;;
336 350 shedutil)
337 351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
338 352 ;;
339 353 *)
340 354 echo "error: unsupported default cpu governor"
341 355 exit 1
342 356 ;;
343 357 esac
344 358
345 359 # unset previous default governor
346 360 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
347 361 fi
348 362
349 363 #Revert to previous directory
350 364 cd "${WORKDIR}" || exit
351 365
352 366 # Set kernel configuration parameters to enable qemu emulation
353 367 if [ "$ENABLE_QEMU" = true ] ; then
354 368 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
355 369 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
356 370
357 371 if [ "$ENABLE_CRYPTFS" = true ] ; then
358 372 {
359 373 echo "CONFIG_EMBEDDED=y"
360 374 echo "CONFIG_EXPERT=y"
361 375 echo "CONFIG_DAX=y"
362 376 echo "CONFIG_MD=y"
363 377 echo "CONFIG_BLK_DEV_MD=y"
364 378 echo "CONFIG_MD_AUTODETECT=y"
365 379 echo "CONFIG_BLK_DEV_DM=y"
366 380 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
367 381 echo "CONFIG_DM_CRYPT=y"
368 382 echo "CONFIG_CRYPTO_BLKCIPHER=y"
369 383 echo "CONFIG_CRYPTO_CBC=y"
370 384 echo "CONFIG_CRYPTO_XTS=y"
371 385 echo "CONFIG_CRYPTO_SHA512=y"
372 386 echo "CONFIG_CRYPTO_MANAGER=y"
373 387 } >> "${KERNEL_DIR}"/.config
374 388 fi
375 389 fi
376 390
377 391 # Copy custom kernel configuration file
378 392 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
379 393 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
380 394 fi
381 395
382 396 # Set kernel configuration parameters to their default values
383 397 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
384 398 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
385 399 fi
386 400
387 401 # Start menu-driven kernel configuration (interactive)
388 402 if [ "$KERNEL_MENUCONFIG" = true ] ; then
389 403 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
390 404 fi
391 405 # end if "$KERNELSRC_CONFIG" = true
392 406 fi
393 407
394 408 # Use ccache to cross compile the kernel
395 409 if [ "$KERNEL_CCACHE" = true ] ; then
396 410 cc="ccache ${CROSS_COMPILE}gcc"
397 411 else
398 412 cc="${CROSS_COMPILE}gcc"
399 413 fi
400 414
401 415 # Cross compile kernel and dtbs
402 416 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
403 417
404 418 # Cross compile kernel modules
405 419 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
406 420 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
407 421 fi
408 422 # end if "$KERNELSRC_PREBUILT" = false
409 423 fi
410 424
411 425 # Check if kernel compilation was successful
412 426 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
413 427 echo "error: kernel compilation failed! (kernel image not found)"
414 428 cleanup
415 429 exit 1
416 430 fi
417 431
418 432 # Install kernel modules
419 433 if [ "$ENABLE_REDUCE" = true ] ; then
420 434 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
421 435 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
422 436 fi
423 437 else
424 438 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
425 439 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
426 440 fi
427 441
428 442 # Install kernel firmware
429 443 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
430 444 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
431 445 fi
432 446 fi
433 447
434 448 # Install kernel headers
435 449 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
436 450 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
437 451 fi
438 452
439 453 # Prepare boot (firmware) directory
440 454 mkdir "${BOOT_DIR}"
441 455
442 456 # Get kernel release version
443 457 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
444 458
445 459 # Copy kernel configuration file to the boot directory
446 460 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
447 461
448 462 # Prepare device tree directory
449 463 mkdir "${BOOT_DIR}/overlays"
450 464
451 465 # Ensure the proper .dtb is located
452 466 if [ "$KERNEL_ARCH" = "arm" ] ; then
453 467 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
454 468 if [ -f "${dtb}" ] ; then
455 469 install_readonly "${dtb}" "${BOOT_DIR}/"
456 470 fi
457 471 done
458 472 else
459 473 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
460 474 if [ -f "${dtb}" ] ; then
461 475 install_readonly "${dtb}" "${BOOT_DIR}/"
462 476 fi
463 477 done
464 478 fi
465 479
466 480 # Copy compiled dtb device tree files
467 481 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
468 482 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
469 483 if [ -f "${dtb}" ] ; then
470 484 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
471 485 fi
472 486 done
473 487
474 488 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
475 489 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
476 490 fi
477 491 fi
478 492
479 493 if [ "$ENABLE_UBOOT" = false ] ; then
480 494 # Convert and copy kernel image to the boot directory
481 495 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
482 496 else
483 497 # Copy kernel image to the boot directory
484 498 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
485 499 fi
486 500
487 501 # Remove kernel sources
488 502 if [ "$KERNEL_REMOVESRC" = true ] ; then
489 503 rm -fr "${KERNEL_DIR}"
490 504 else
491 505 # Prepare compiled kernel modules
492 506 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
493 507 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
494 508 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
495 509 fi
496 510
497 511 # Create symlinks for kernel modules
498 512 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
499 513 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
500 514 fi
501 515 fi
502 516
503 517 else # BUILD_KERNEL=false
504 518 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
505 519
506 520 # Use Sakakis modified kernel if ZSWAP is active
507 521 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
508 522 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
509 523 fi
510 524
511 525 # Create temporary directory for dl
512 526 temp_dir=$(as_nobody mktemp -d)
513 527
514 528 # Fetch kernel dl
515 529 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
516 530
517 531 #extract download
518 532 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
519 533
520 534 #move extracted kernel to /boot/firmware
521 535 mkdir "${R}/boot/firmware"
522 536 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
523 537 cp -r "${temp_dir}"/lib/* "${R}"/lib/
524 538
525 539 # Remove temporary directory for kernel sources
526 540 rm -fr "${temp_dir}"
527 541
528 542 # Set permissions of the kernel sources
529 543 chown -R root:root "${R}/boot/firmware"
530 544 chown -R root:root "${R}/lib/modules"
531 545 fi
532 546
533 547 # Install Kernel from hypriot comptabile with all Raspberry PI
534 548 if [ "$SET_ARCH" = 32 ] ; then
535 549 # Create temporary directory for dl
536 550 temp_dir=$(as_nobody mktemp -d)
537 551
538 552 # Fetch kernel
539 553 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
540 554
541 555 # Copy downloaded U-Boot sources
542 556 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
543 557
544 558 # Set permissions
545 559 chown -R root:root "${R}"/tmp/kernel.deb
546 560
547 561 # Install kernel
548 562 chroot_exec dpkg -i /tmp/kernel.deb
549 563
550 564 # move /boot to /boot/firmware to fit script env.
551 565 #mkdir "${BOOT_DIR}"
552 566 mkdir "${temp_dir}"/firmware
553 567 mv "${R}"/boot/* "${temp_dir}"/firmware/
554 568 mv "${temp_dir}"/firmware "${R}"/boot/
555 569
556 570 #same for kernel headers
557 571 if [ "$KERNEL_HEADERS" = true ] ; then
558 572 # Fetch kernel header
559 573 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
560 574 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
561 575 chown -R root:root "${R}"/tmp/kernel-header.deb
562 576 # Install kernel header
563 577 chroot_exec dpkg -i /tmp/kernel-header.deb
564 578 rm -f "${R}"/tmp/kernel-header.deb
565 579 fi
566 580
567 581 # Remove temporary directory and files
568 582 rm -fr "${temp_dir}"
569 583 rm -f "${R}"/tmp/kernel.deb
570 584 fi
571 585
572 586 # Check if kernel installation was successful
573 587 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
574 588 if [ -z "$KERNEL" ] ; then
575 589 echo "error: kernel installation failed! (/boot/kernel* not found)"
576 590 cleanup
577 591 exit 1
578 592 fi
579 593 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant