##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

0
Unknown -
r526:bc17ab4c512d
parent child
Show More
Show file before | Show file after | Hide comments
@@ -1,593 +1,602
1 1 #
2 2 # Build and Setup RPi2/3 Kernel
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 # Need to use kali kernel src if nexmon is enabled
9 9 if [ "$ENABLE_NEXMON" = true ] ; then
10 10 KERNEL_URL="${KALI_KERNEL_URL}"
11 11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 12 KERNEL_BRANCH=""
13 13 KERNELSRC_DIR=""
14 14 fi
15 15
16 16 # Fetch and build latest raspberry kernel
17 17 if [ "$BUILD_KERNEL" = true ] ; then
18 18 # Setup source directory
19 19 mkdir -p "${KERNEL_DIR}"
20 20
21 21 # Copy existing kernel sources into chroot directory
22 22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 23 # Copy kernel sources and include hidden files
24 24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25 25
26 26 # Clean the kernel sources
27 27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 29 fi
30 30 else # KERNELSRC_DIR=""
31 31 # Create temporary directory for kernel sources
32 32 temp_dir=$(as_nobody mktemp -d)
33 33
34 34 # Fetch current RPi2/3 kernel sources
35 35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 37 else
38 38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 39 fi
40 40
41 41 # Copy downloaded kernel sources
42 42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43 43
44 44 # Remove temporary directory for kernel sources
45 45 rm -fr "${temp_dir}"
46 46
47 47 # Set permissions of the kernel sources
48 48 chown -R root:root "${R}/usr/src"
49 49 fi
50 50
51 51 # Calculate optimal number of kernel building threads
52 52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 54 fi
55 55
56 56 # Configure and build kernel
57 57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 58 # Remove device, network and filesystem drivers from kernel configuration
59 59 if [ "$KERNEL_REDUCE" = true ] ; then
60 60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 61 sed -i\
62 62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 91 "${KERNEL_DIR}/.config"
92 92 fi
93 93
94 94 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 95 # Load default raspberry kernel configuration
96 96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97 97
98 98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 99 cd "${KERNEL_DIR}" || exit
100 100
101 101 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
102 102 if [ "$KERNEL_ZSWAP" = true ] ; then
103 103 set_kernel_config CONFIG_ZPOOL y
104 104 set_kernel_config CONFIG_ZSWAP y
105 105 set_kernel_config CONFIG_ZBUD y
106 106 set_kernel_config CONFIG_Z3FOLD y
107 107 set_kernel_config CONFIG_ZSMALLOC y
108 108 set_kernel_config CONFIG_PGTABLE_MAPPING y
109 set_kernel_config CONFIG_LZO_COMPRESS y
109 110 fi
110 111
111 112 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
112 113 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
113 114 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
114 115 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
115 116 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
116 117 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
117 118 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
118 119 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
119 120 set_kernel_config CONFIG_HAVE_KVM_MSI y
120 121 set_kernel_config CONFIG_KVM y
121 122 set_kernel_config CONFIG_KVM_ARM_HOST y
122 123 set_kernel_config CONFIG_KVM_ARM_PMU y
123 124 set_kernel_config CONFIG_KVM_COMPAT y
124 125 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
125 126 set_kernel_config CONFIG_KVM_MMIO y
126 127 set_kernel_config CONFIG_KVM_VFIO y
127 128 set_kernel_config CONFIG_VHOST m
128 129 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
129 130 set_kernel_config CONFIG_VHOST_NET m
130 131 set_kernel_config CONFIG_VIRTUALIZATION y
132
133 set_kernel_config CONFIG_MMU_NOTIFIER y
134
135 # erratum
136 set_kernel_config ARM64_ERRATUM_834220 y
137
138 # https://sourceforge.net/p/kvm/mailman/message/18440797/
139 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
131 140 fi
132 141
133 142 # enable apparmor,integrity audit,
134 143 if [ "$KERNEL_SECURITY" = true ] ; then
135 144
136 145 # security filesystem, security models and audit
137 146 set_kernel_config CONFIG_SECURITYFS y
138 147 set_kernel_config CONFIG_SECURITY y
139 148 set_kernel_config CONFIG_AUDIT y
140 149
141 150 # harden strcpy and memcpy
142 151 set_kernel_config CONFIG_HARDENED_USERCOPY=y
143 152 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
144 153 set_kernel_config CONFIG_FORTIFY_SOURCE=y
145 154
146 155 # integrity sub-system
147 156 set_kernel_config CONFIG_INTEGRITY=y
148 157 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
149 158 set_kernel_config CONFIG_INTEGRITY_AUDIT=y
150 159 set_kernel_config CONFIG_INTEGRITY_SIGNATURE=y
151 160 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING=y
152 161
153 162 # This option provides support for retaining authentication tokens and access keys in the kernel.
154 163 set_kernel_config CONFIG_KEYS=y
155 164 set_kernel_config CONFIG_KEYS_COMPAT=y
156 165
157 166 # Apparmor
158 167 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
159 168 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
160 169 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
161 170 set_kernel_config CONFIG_SECURITY_APPARMOR y
162 171 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
163 172 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
164 173
165 174 # restrictions on unprivileged users reading the kernel
166 175 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT=y
167 176
168 177 # network security hooks
169 178 set_kernel_config CONFIG_SECURITY_NETWORK y
170 179 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM=y
171 180 set_kernel_config CONFIG_SECURITY_PATH=y
172 181 set_kernel_config CONFIG_SECURITY_YAMA=y
173 182
174 183 # New Options
175 184 if [ "$KERNEL_NF" = true ] ; then
176 185 set_kernel_config CONFIG_IP_NF_SECURITY m
177 186 set_kernel_config CONFIG_NETLABEL y
178 187 set_kernel_config CONFIG_IP6_NF_SECURITY m
179 188 fi
180 189 set_kernel_config CONFIG_SECURITY_SELINUX n
181 190 set_kernel_config CONFIG_SECURITY_SMACK n
182 191 set_kernel_config CONFIG_SECURITY_TOMOYO n
183 192 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
184 193 set_kernel_config CONFIG_SECURITY_LOADPIN n
185 194 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
186 195 set_kernel_config CONFIG_IMA n
187 196 set_kernel_config CONFIG_EVM n
188 197 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
189 198 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
190 199 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
191 200 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
192 201 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
193 202 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
194 203 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
195 204 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
196 205 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
197 206 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
198 207
199 208 set_kernel_config CONFIG_ARM64_CRYPTO y
200 209 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
201 210 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
202 211 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
203 212 set_kernel_config CRYPTO_GHASH_ARM64_CE m
204 213 set_kernel_config CRYPTO_SHA2_ARM64_CE m
205 214 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
206 215 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
207 216 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
208 217 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
209 218 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
210 219 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
211 220 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
212 221 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
213 222 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
214 set_kernel_config SYSTEM_TRUSTED_KEYS
223 echo SYSTEM_TRUSTED_KEYS >> .config
215 224 fi
216 225
217 226 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
218 227 if [ "$KERNEL_NF" = true ] ; then
219 228 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
220 229 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
221 230 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
222 231 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
223 232 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
224 233 set_kernel_config CONFIG_NFT_FIB_INET m
225 234 set_kernel_config CONFIG_NFT_FIB_IPV4 m
226 235 set_kernel_config CONFIG_NFT_FIB_IPV6 m
227 236 set_kernel_config CONFIG_NFT_FIB_NETDEV m
228 237 set_kernel_config CONFIG_NFT_OBJREF m
229 238 set_kernel_config CONFIG_NFT_RT m
230 239 set_kernel_config CONFIG_NFT_SET_BITMAP m
231 240 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
232 241 set_kernel_config CONFIG_NF_LOG_ARP m
233 242 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
234 243 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
235 244 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
236 245 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
237 246 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
238 247 set_kernel_config CONFIG_IP6_NF_IPTABLES m
239 248 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
240 249 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
241 250 set_kernel_config CONFIG_IP6_NF_NAT m
242 251 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
243 252 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
244 253 set_kernel_config CONFIG_IP_NF_SECURITY m
245 254 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
246 255 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
247 256 set_kernel_config CONFIG_IP_SET_HASH_IP m
248 257 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
249 258 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
250 259 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
251 260 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
252 261 set_kernel_config CONFIG_IP_SET_HASH_MAC m
253 262 set_kernel_config CONFIG_IP_SET_HASH_NET m
254 263 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
255 264 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
256 265 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
257 266 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
258 267 set_kernel_config CONFIG_IP_SET_LIST_SET m
259 268 set_kernel_config CONFIG_NETFILTER_XTABLES m
260 269 set_kernel_config CONFIG_NETFILTER_XTABLES m
261 270 set_kernel_config CONFIG_NFT_BRIDGE_META m
262 271 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
263 272 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
264 273 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
265 274 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
266 275 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
267 276 set_kernel_config CONFIG_NFT_COMPAT m
268 277 set_kernel_config CONFIG_NFT_COUNTER m
269 278 set_kernel_config CONFIG_NFT_CT m
270 279 set_kernel_config CONFIG_NFT_DUP_IPV4 m
271 280 set_kernel_config CONFIG_NFT_DUP_IPV6 m
272 281 set_kernel_config CONFIG_NFT_DUP_NETDEV m
273 282 set_kernel_config CONFIG_NFT_EXTHDR m
274 283 set_kernel_config CONFIG_NFT_FWD_NETDEV m
275 284 set_kernel_config CONFIG_NFT_HASH m
276 285 set_kernel_config CONFIG_NFT_LIMIT m
277 286 set_kernel_config CONFIG_NFT_LOG m
278 287 set_kernel_config CONFIG_NFT_MASQ m
279 288 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
280 289 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
281 290 set_kernel_config CONFIG_NFT_META m
282 291 set_kernel_config CONFIG_NFT_NAT m
283 292 set_kernel_config CONFIG_NFT_NUMGEN m
284 293 set_kernel_config CONFIG_NFT_QUEUE m
285 294 set_kernel_config CONFIG_NFT_QUOTA m
286 295 set_kernel_config CONFIG_NFT_REDIR m
287 296 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
288 297 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
289 298 set_kernel_config CONFIG_NFT_REJECT m
290 299 set_kernel_config CONFIG_NFT_REJECT_INET m
291 300 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
292 301 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
293 302 set_kernel_config CONFIG_NFT_SET_HASH m
294 303 set_kernel_config CONFIG_NFT_SET_RBTREE m
295 304 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
296 305 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
297 306 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
298 307 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
299 308 set_kernel_config CONFIG_NF_DUP_IPV4 m
300 309 set_kernel_config CONFIG_NF_DUP_IPV6 m
301 310 set_kernel_config CONFIG_NF_DUP_NETDEV m
302 311 set_kernel_config CONFIG_NF_LOG_BRIDGE m
303 312 set_kernel_config CONFIG_NF_LOG_IPV4 m
304 313 set_kernel_config CONFIG_NF_LOG_IPV6 m
305 314 set_kernel_config CONFIG_NF_NAT_IPV4 m
306 315 set_kernel_config CONFIG_NF_NAT_IPV6 m
307 316 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
308 317 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
309 318 set_kernel_config CONFIG_NF_NAT_PPTP m
310 319 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
311 320 set_kernel_config CONFIG_NF_NAT_REDIRECT m
312 321 set_kernel_config CONFIG_NF_NAT_SIP m
313 322 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
314 323 set_kernel_config CONFIG_NF_NAT_TFTP m
315 324 set_kernel_config CONFIG_NF_REJECT_IPV4 m
316 325 set_kernel_config CONFIG_NF_REJECT_IPV6 m
317 326 set_kernel_config CONFIG_NF_TABLES m
318 327 set_kernel_config CONFIG_NF_TABLES_ARP m
319 328 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
320 329 set_kernel_config CONFIG_NF_TABLES_INET m
321 330 set_kernel_config CONFIG_NF_TABLES_IPV4 m
322 331 set_kernel_config CONFIG_NF_TABLES_IPV6 m
323 332 set_kernel_config CONFIG_NF_TABLES_NETDEV m
324 333 fi
325 334
326 335 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
327 336 if [ "$KERNEL_BPF" = true ] ; then
328 337 set_kernel_config CONFIG_BPF_SYSCALL y
329 338 set_kernel_config CONFIG_BPF_EVENTS y
330 339 set_kernel_config CONFIG_BPF_STREAM_PARSER y
331 340 set_kernel_config CONFIG_CGROUP_BPF y
332 341 fi
333 342
334 343 # KERNEL_DEFAULT_GOV was set by user
335 344 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
336 345
337 346 case "$KERNEL_DEFAULT_GOV" in
338 347 performance)
339 348 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
340 349 ;;
341 350 userspace)
342 351 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
343 352 ;;
344 353 ondemand)
345 354 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
346 355 ;;
347 356 conservative)
348 357 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
349 358 ;;
350 359 shedutil)
351 360 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
352 361 ;;
353 362 *)
354 363 echo "error: unsupported default cpu governor"
355 364 exit 1
356 365 ;;
357 366 esac
358 367
359 368 # unset previous default governor
360 369 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
361 370 fi
362 371
363 372 #Revert to previous directory
364 373 cd "${WORKDIR}" || exit
365 374
366 375 # Set kernel configuration parameters to enable qemu emulation
367 376 if [ "$ENABLE_QEMU" = true ] ; then
368 377 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
369 378 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
370 379
371 380 if [ "$ENABLE_CRYPTFS" = true ] ; then
372 381 {
373 382 echo "CONFIG_EMBEDDED=y"
374 383 echo "CONFIG_EXPERT=y"
375 384 echo "CONFIG_DAX=y"
376 385 echo "CONFIG_MD=y"
377 386 echo "CONFIG_BLK_DEV_MD=y"
378 387 echo "CONFIG_MD_AUTODETECT=y"
379 388 echo "CONFIG_BLK_DEV_DM=y"
380 389 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
381 390 echo "CONFIG_DM_CRYPT=y"
382 391 echo "CONFIG_CRYPTO_BLKCIPHER=y"
383 392 echo "CONFIG_CRYPTO_CBC=y"
384 393 echo "CONFIG_CRYPTO_XTS=y"
385 394 echo "CONFIG_CRYPTO_SHA512=y"
386 395 echo "CONFIG_CRYPTO_MANAGER=y"
387 396 } >> "${KERNEL_DIR}"/.config
388 397 fi
389 398 fi
390 399
391 400 # Copy custom kernel configuration file
392 401 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
393 402 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
394 403 fi
395 404
396 405 # Set kernel configuration parameters to their default values
397 406 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
398 407 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
399 408 fi
400 409
401 410 # Start menu-driven kernel configuration (interactive)
402 411 if [ "$KERNEL_MENUCONFIG" = true ] ; then
403 412 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
404 413 fi
405 414 # end if "$KERNELSRC_CONFIG" = true
406 415 fi
407 416
408 417 # Use ccache to cross compile the kernel
409 418 if [ "$KERNEL_CCACHE" = true ] ; then
410 419 cc="ccache ${CROSS_COMPILE}gcc"
411 420 else
412 421 cc="${CROSS_COMPILE}gcc"
413 422 fi
414 423
415 424 # Cross compile kernel and dtbs
416 425 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
417 426
418 427 # Cross compile kernel modules
419 428 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
420 429 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
421 430 fi
422 431 # end if "$KERNELSRC_PREBUILT" = false
423 432 fi
424 433
425 434 # Check if kernel compilation was successful
426 435 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
427 436 echo "error: kernel compilation failed! (kernel image not found)"
428 437 cleanup
429 438 exit 1
430 439 fi
431 440
432 441 # Install kernel modules
433 442 if [ "$ENABLE_REDUCE" = true ] ; then
434 443 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
435 444 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
436 445 fi
437 446 else
438 447 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
439 448 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
440 449 fi
441 450
442 451 # Install kernel firmware
443 452 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
444 453 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
445 454 fi
446 455 fi
447 456
448 457 # Install kernel headers
449 458 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
450 459 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
451 460 fi
452 461
453 462 # Prepare boot (firmware) directory
454 463 mkdir "${BOOT_DIR}"
455 464
456 465 # Get kernel release version
457 466 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
458 467
459 468 # Copy kernel configuration file to the boot directory
460 469 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
461 470
462 471 # Prepare device tree directory
463 472 mkdir "${BOOT_DIR}/overlays"
464 473
465 474 # Ensure the proper .dtb is located
466 475 if [ "$KERNEL_ARCH" = "arm" ] ; then
467 476 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
468 477 if [ -f "${dtb}" ] ; then
469 478 install_readonly "${dtb}" "${BOOT_DIR}/"
470 479 fi
471 480 done
472 481 else
473 482 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
474 483 if [ -f "${dtb}" ] ; then
475 484 install_readonly "${dtb}" "${BOOT_DIR}/"
476 485 fi
477 486 done
478 487 fi
479 488
480 489 # Copy compiled dtb device tree files
481 490 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
482 491 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do
483 492 if [ -f "${dtb}" ] ; then
484 493 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
485 494 fi
486 495 done
487 496
488 497 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
489 498 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
490 499 fi
491 500 fi
492 501
493 502 if [ "$ENABLE_UBOOT" = false ] ; then
494 503 # Convert and copy kernel image to the boot directory
495 504 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
496 505 else
497 506 # Copy kernel image to the boot directory
498 507 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
499 508 fi
500 509
501 510 # Remove kernel sources
502 511 if [ "$KERNEL_REMOVESRC" = true ] ; then
503 512 rm -fr "${KERNEL_DIR}"
504 513 else
505 514 # Prepare compiled kernel modules
506 515 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
507 516 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
508 517 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
509 518 fi
510 519
511 520 # Create symlinks for kernel modules
512 521 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
513 522 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
514 523 fi
515 524 fi
516 525
517 526 else # BUILD_KERNEL=false
518 527 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
519 528
520 529 # Use Sakakis modified kernel if ZSWAP is active
521 530 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
522 531 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
523 532 fi
524 533
525 534 # Create temporary directory for dl
526 535 temp_dir=$(as_nobody mktemp -d)
527 536
528 537 # Fetch kernel dl
529 538 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
530 539
531 540 #extract download
532 541 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
533 542
534 543 #move extracted kernel to /boot/firmware
535 544 mkdir "${R}/boot/firmware"
536 545 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
537 546 cp -r "${temp_dir}"/lib/* "${R}"/lib/
538 547
539 548 # Remove temporary directory for kernel sources
540 549 rm -fr "${temp_dir}"
541 550
542 551 # Set permissions of the kernel sources
543 552 chown -R root:root "${R}/boot/firmware"
544 553 chown -R root:root "${R}/lib/modules"
545 554 fi
546 555
547 556 # Install Kernel from hypriot comptabile with all Raspberry PI
548 557 if [ "$SET_ARCH" = 32 ] ; then
549 558 # Create temporary directory for dl
550 559 temp_dir=$(as_nobody mktemp -d)
551 560
552 561 # Fetch kernel
553 562 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
554 563
555 564 # Copy downloaded U-Boot sources
556 565 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
557 566
558 567 # Set permissions
559 568 chown -R root:root "${R}"/tmp/kernel.deb
560 569
561 570 # Install kernel
562 571 chroot_exec dpkg -i /tmp/kernel.deb
563 572
564 573 # move /boot to /boot/firmware to fit script env.
565 574 #mkdir "${BOOT_DIR}"
566 575 mkdir "${temp_dir}"/firmware
567 576 mv "${R}"/boot/* "${temp_dir}"/firmware/
568 577 mv "${temp_dir}"/firmware "${R}"/boot/
569 578
570 579 #same for kernel headers
571 580 if [ "$KERNEL_HEADERS" = true ] ; then
572 581 # Fetch kernel header
573 582 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
574 583 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
575 584 chown -R root:root "${R}"/tmp/kernel-header.deb
576 585 # Install kernel header
577 586 chroot_exec dpkg -i /tmp/kernel-header.deb
578 587 rm -f "${R}"/tmp/kernel-header.deb
579 588 fi
580 589
581 590 # Remove temporary directory and files
582 591 rm -fr "${temp_dir}"
583 592 rm -f "${R}"/tmp/kernel.deb
584 593 fi
585 594
586 595 # Check if kernel installation was successful
587 596 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
588 597 if [ -z "$KERNEL" ] ; then
589 598 echo "error: kernel installation failed! (/boot/kernel* not found)"
590 599 cleanup
591 600 exit 1
592 601 fi
593 602 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant