Raspi2-3_GenImage Commit - r589:ce9333651b6a · Collaboration Tremplin des Sciences

Merge pull request #22 from drtyhlpr/master...

Gérard Vidal -

r589:ce9333651b6a

parent child

Context file:

r589:ce9333651b6a

Expand all files

bootstrap.d/44-nexmon_monitor_patch.sh created 644 +97 0

@@ -0,0 +1,97
	1	#!/bin/sh
	2	#
	3	# Build and Setup nexmon with monitor mode patch
	4	#
	5
	6	# Load utility functions
	7	. ./functions.sh
	8
	9	if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
	10	# Copy existing nexmon sources into chroot directory
	11	if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
	12	# Copy local U-Boot sources
	13	cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
	14	else
	15	# Create temporary directory for nexmon sources
	16	temp_dir=$(as_nobody mktemp -d)
	17
	18	# Fetch nexmon sources
	19	as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
	20
	21	# Copy downloaded nexmon sources
	22	mv "${temp_dir}/nexmon" "${R}"/tmp/
	23
	24	# Set permissions of the nexmon sources
	25	chown -R root:root "${R}"/tmp/nexmon
	26
	27	# Remove temporary directory for nexmon sources
	28	rm -fr "${temp_dir}"
	29	fi
	30
	31	# Set script Root
	32	export NEXMON_ROOT="${R}"/tmp/nexmon
	33
	34	# Build nexmon firmware outside the build system, if we can.
	35	cd "${NEXMON_ROOT}" \|\| exit
	36
	37	# Make ancient isl build
	38	cd buildtools/isl-0.10 \|\| exit
	39	./configure
	40	make
	41	cd ../.. \|\| exit
	42
	43	# Disable statistics
	44	touch DISABLE_STATISTICS
	45
	46	# Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
	47	export KERNEL="${KERNEL_IMAGE}"
	48	export ARCH=arm
	49	export SUBARCH=arm
	50	export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
	51	export CC="${CC}"gcc
	52	export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
	53	export ZLIBFLATE="zlib-flate -compress"
	54	export Q=@
	55	export NEXMON_SETUP_ENV=1
	56	export HOSTUNAME=$(uname -s)
	57	export PLATFORMUNAME=$(uname -m)
	58
	59	# Make nexmon
	60	make
	61
	62	# build patches
	63	if [ "$RPI_MODEL" = 0 ] \|\| [ "$RPI_MODEL" = 3 ] ; then
	64	cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon \|\| exit
	65	sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
	66	make clean
	67
	68	# We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
	69	LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
	70
	71	# copy RPi0W & RPi3 firmware
	72	mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
	73	cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
	74	cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
	75	fi
	76
	77	if [ "$RPI_MODEL" = 3P ] ; then
	78	cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon \|\| exit
	79	sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
	80	make clean
	81
	82	# We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
	83	LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
	84
	85	# RPi3B+ firmware
	86	mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
	87	cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
	88	cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
	89	fi
	90
	91	#Revert to previous directory
	92	cd "${WORKDIR}" \|\| exit
	93
	94	# Remove nexmon sources
	95	rm -fr "${NEXMON_ROOT}"
	96
	97	fi

files/firstboot/23-restart-dphys-swapfile.sh created 644 +5 0

@@ -0,0 +1,5
	1	# Restart dphys-swapfile service if it exists
	2	logger -t "rc.firstboot" "Restarting dphys-swapfile"
	3
	4	systemctl enable dphys-swapfile
	5	systemctl restart dphys-swapfile

files/initramfs/crypt_unlock.sh created 644 +45 0

@@ -0,0 +1,45
	1	#!/bin/sh
	2
	3	PREREQ="dropbear"
	4
	5	prereqs() {
	6	echo "$PREREQ"
	7	}
	8
	9	case "$1" in
	10	prereqs)
	11	prereqs
	12	exit 0
	13	;;
	14	esac
	15
	16	. "${CONFDIR}/initramfs.conf"
	17	. /usr/share/initramfs-tools/hook-functions
	18
	19	if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
	20	cat > "${DESTDIR}/bin/unlock" << EOF
	21	#!/bin/sh
	22	if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
	23	kill \`ps \| grep cryptroot \| grep -v "grep" \| awk '{print \$1}'\`
	24	# following line kill the remote shell right after the passphrase has
	25	# been entered.
	26	kill -9 \`ps \| grep "\-sh" \| grep -v "grep" \| awk '{print \$1}'\`
	27	exit 0
	28	fi
	29	exit 1
	30	EOF
	31
	32	chmod 755 "${DESTDIR}/bin/unlock"
	33
	34	mkdir -p "${DESTDIR}/lib/unlock"
	35	cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
	36	#!/bin/sh
	37	[ "\$1" == "--ping" ] && exit 1
	38	/bin/plymouth "\$@"
	39	EOF
	40
	41	chmod 755 "${DESTDIR}/lib/unlock/plymouth"
	42
	43	echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd
	44
	45	fi No newline at end of file

files/sysctl.d/84-rpi-ASLR.conf created 644 +2 0

@@ -0,0 +1,2
	1	# ASLR
	2	kernel.randomize_va_space = 2 No newline at end of file

README.md +48 0

             # rpi23-gen-image
             ## Introduction
             `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
             ## Build dependencies
             The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
               ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
             It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
             The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
             ## Command-line parameters
             The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
             ##### Command-line examples:
             ```shell
             ENABLE_UBOOT=true ./rpi23-gen-image.sh
             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
             ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ./rpi23-gen-image.sh
             BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
             BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
             ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
             RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
             ```
             ## Configuration template files
             To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
             ##### Command-line examples:
             ```shell
             CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
             CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
             ```
             ## Supported parameters and settings
             #### APT settings:
             ##### `APT_SERVER`="ftp.debian.org"
             Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
             ##### `APT_PROXY`=""
             Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
+            ##### `KEEP_APT_PROXY`=false
+            Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
             ##### `APT_INCLUDES`=""
             A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
             ##### `APT_INCLUDES_LATE`=""
             A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up.  This is useful for packages with pre-depends, which debootstrap do not handle well.
             ---
             #### General system settings:
             ##### `SET_ARCH`=32
             Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
             ##### `RPI_MODEL`=2
             Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
             - `0`  = Raspberry Pi 0 and Raspberry Pi 0 W
             - `1`  = Raspberry Pi 1 model A and B
             - `1P` = Raspberry Pi 1 model B+ and A+
             - `2`  = Raspberry Pi 2 model B
             - `3`  = Raspberry Pi 3 model B
             - `3P` = Raspberry Pi 3 model B+
             ##### `RELEASE`="buster"
             Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
             ##### `RELEASE_ARCH`="armhf"
             Set the desired Debian release architecture.
             ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
             Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
             Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
             ##### `USER_PASSWORD`="raspberry"
             Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
             Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             ##### `EXPANDROOT`=true
             Expand the root partition and filesystem automatically on first boot.
+            ##### `ENABLE_DPHYSSWAP`=true
+            Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
             ##### `ENABLE_QEMU`=false
             Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
             ---
             #### Keyboard settings:
             These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
             ##### `XKB_MODEL`=""
             Set the name of the model of your keyboard type.
             ##### `XKB_LAYOUT`=""
             Set the supported keyboard layout(s).
             ##### `XKB_VARIANT`=""
             Set the supported variant(s) of the keyboard layout(s).
             ##### `XKB_OPTIONS`=""
             Set extra xkb configuration options.
             ---
             #### Networking settings (DHCP):
             This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
             ##### `ENABLE_DHCP`=true
             Set the system to use DHCP. This requires an DHCP server.
             ---
             #### Networking settings (static):
             These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
             ##### `NET_ADDRESS`=""
             Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
             ##### `NET_GATEWAY`=""
             Set the IP address for the default gateway.
             ##### `NET_DNS_1`=""
             Set the IP address for the first DNS server.
             ##### `NET_DNS_2`=""
             Set the IP address for the second DNS server.
             ##### `NET_DNS_DOMAINS`=""
             Set the default DNS search domains to use for non fully qualified hostnames.
             ##### `NET_NTP_1`=""
             Set the IP address for the first NTP server.
             ##### `NET_NTP_2`=""
             Set the IP address for the second NTP server.
             ---
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
             Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
             ##### `ENABLE_PRINTK`=false
             Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
             ##### `ENABLE_BLUETOOTH`=false
             Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
             ##### `ENABLE_MINIUART_OVERLAY`=false
             Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
             ##### `ENABLE_TURBO`=false
             Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
             ##### `ENABLE_I2C`=false
             Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
             ##### `ENABLE_SPI`=false
             Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
             ##### `ENABLE_IPV6`=true
             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
             ##### `ENABLE_NONFREE`=false
             Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
             ##### `ENABLE_WIRELESS`=false
             Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
             ##### `ENABLE_RSYSLOG`=true
             If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
             ##### `ENABLE_SOUND`=true
             Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
             Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
             Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
             Install Xorg open-source X Window System.
             ##### `ENABLE_WM`=""
             Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
             ##### `ENABLE_SYSVINIT`=false
             Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
             ---
             #### Advanced system features:
+            ##### `ENABLE_SYSTEMDSWAP`=false
+            Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
             ##### `ENABLE_MINBASE`=false
             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_REDUCE`=false
             Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
             ##### `ENABLE_UBOOT`=false
             Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `UBOOTSRC_DIR`=""
             Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_FBTURBO`=false
             Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `FBTURBOSRC_DIR`=""
             Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_VIDEOCORE`=false
             Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
             ##### `VIDEOCORESRC_DIR`=""
             Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
+            ##### `ENABLE_NEXMON`=false
+            Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
+            ##### `NEXMONSRC_DIR`=""
+            Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
             ##### `ENABLE_IPTABLES`=false
             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_USER`=true
             Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
             ##### `USER_NAME`=pi
             Non-root user to create.  Ignored if `ENABLE_USER`=false
             ##### `ENABLE_ROOT`=false
             Set root user password so root login will be enabled
             ##### `ENABLE_HARDNET`=false
             Enable IPv4/IPv6 network stack hardening settings.
             ##### `ENABLE_SPLITFS`=false
             Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
             ##### `CHROOT_SCRIPTS`=""
             Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
             ##### `ENABLE_INITRAMFS`=false
             Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
             ##### `ENABLE_IFNAMES`=true
             Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
+            ##### `ENABLE_SPLASH`=true
+            Enable default Raspberry Pi boot up rainbow splash screen.
+            ##### `ENABLE_LOGO`=true
+            Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
+            ##### `ENABLE_SILENT_BOOT`=false
+            Set the verbosity of console messages shown during boot up to a strict minimum.
             ##### `DISABLE_UNDERVOLT_WARNINGS`=
             Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
             ---
             #### SSH settings:
             ##### `SSH_ENABLE_ROOT`=false
             Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
             ##### `SSH_DISABLE_PASSWORD_AUTH`=false
             Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
             ##### `SSH_LIMIT_USERS`=false
             Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
             ##### `SSH_ROOT_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
             ##### `SSH_USER_PUB_KEY`=""
             Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
             ---
             #### Kernel compilation:
             ##### `BUILD_KERNEL`=true
             Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
             ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
             This sets the cross-compile environment for the compiler.
             ##### `KERNEL_ARCH`="arm"
             This sets the kernel architecture for the compiler.
             ##### `KERNEL_IMAGE`="kernel7.img"
             Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
             ##### `KERNEL_BRANCH`=""
             Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
             ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
             Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
             ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
             Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
             ##### `KERNEL_REDUCE`=false
             Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
             ##### `KERNEL_THREADS`=1
             Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
             ##### `KERNEL_HEADERS`=true
             Install kernel headers with the built kernel.
             ##### `KERNEL_MENUCONFIG`=false
             Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
             ##### `KERNEL_OLDDEFCONFIG`=false
             Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
             ##### `KERNEL_CCACHE`=false
             Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
             ##### `KERNEL_REMOVESRC`=true
             Remove all kernel sources from the generated OS image after it was built and installed.
             ##### `KERNELSRC_DIR`=""
             Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
             ##### `KERNELSRC_CLEAN`=false
             Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_CONFIG`=true
             Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
             ##### `KERNELSRC_USRCONFIG`=""
             Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
             ##### `KERNELSRC_PREBUILT`=false
             With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
             ##### `RPI_FIRMWARE_DIR`=""
             The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
+            ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
+            Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
+            ##### `KERNEL_NF`=false
+            Enable Netfilter modules as kernel modules
+            ##### `KERNEL_VIRT`=false
+            Enable Kernel KVM support (/dev/kvm)
+            ##### `KERNEL_ZSWAP`=false
+            Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
+            ##### `KERNEL_BPF`=true
+            Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
+            ##### `KERNEL_SECURITY`=false
+            Enables Apparmor, integrity subsystem, auditing.
             ---
             #### Reduce disk usage:
             The following list of parameters is ignored if `ENABLE_REDUCE`=false.
             ##### `REDUCE_APT`=true
             Configure APT to use compressed package repository lists and no package caching files.
             ##### `REDUCE_DOC`=true
             Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
             ##### `REDUCE_MAN`=true
             Remove all man pages and info files (harsh).  Configure APT to not include man pages on future `apt-get` package installations.
             ##### `REDUCE_VIM`=false
             Replace `vim-tiny` package by `levee` a tiny vim clone.
             ##### `REDUCE_BASH`=false
             Remove `bash` package and switch to `dash` shell (experimental).
             ##### `REDUCE_HWDB`=true
             Remove PCI related hwdb files (experimental).
             ##### `REDUCE_SSHD`=true
             Replace `openssh-server` with `dropbear`.
             ##### `REDUCE_LOCALE`=true
             Remove all `locale` translation files.
             ---
             #### Encrypted root partition:
             ##### `ENABLE_CRYPTFS`=false
             Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
             ##### `CRYPTFS_PASSWORD`=""
             Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
             ##### `CRYPTFS_MAPPING`="secure"
             Set name of dm-crypt managed device-mapper mapping.
             ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
             Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
             ##### `CRYPTFS_XTSKEYSIZE`=512
             Sets key size in bits. The argument has to be a multiple of 8.
+            ##### `CRYPTFS_DROPBEAR`=false
+            Enable Dropbear Initramfs support
+            ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
+            Provide path to dropbear Public RSA-OpenSSH Key
             ---
             #### Build settings:
             ##### `BASEDIR`=$(pwd)/images/${RELEASE}
             Set a path to a working directory used by the script to generate an image.
             ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
             Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
             ## Understanding the script
             The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
             | Script | Description |
             | --- | --- |
             | `10-bootstrap.sh` | Debootstrap basic system |
             | `11-apt.sh` | Setup APT repositories |
             | `12-locale.sh` | Setup Locales and keyboard settings |
             | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
             | `14-fstab.sh` | Setup fstab and initramfs |
             | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
             | `20-networking.sh` | Setup Networking |
             | `21-firewall.sh` | Setup Firewall |
             | `30-security.sh` | Setup Users and Security settings |
             | `31-logging.sh` | Setup Logging |
             | `32-sshd.sh` | Setup SSH and public keys |
             | `41-uboot.sh` | Build and Setup U-Boot |
             | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
             | `43-videocore.sh` | Build and Setup videocore libraries |
             | `50-firstboot.sh` | First boot actions |
             | `99-reduce.sh` | Reduce the disk space usage |
             All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
             | Directory | Description |
             | --- | --- |
             | `apt` | APT management configuration files |
             | `boot` | Boot and RPi 0/1/2/3 configuration files |
             | `dpkg` | Package Manager configuration |
             | `etc` | Configuration files and rc scripts |
             | `firstboot` | Scripts that get executed on first boot  |
             | `initramfs` | Initramfs scripts |
             | `iptables` | Firewall configuration files |
             | `locales` | Locales configuration |
             | `modules` | Kernel Modules configuration |
             | `mount` | Fstab configuration |
             | `network` | Networking configuration files |
             | `sysctl.d` | Swapping and Network Hardening configuration |
             | `xorg` | fbturbo Xorg driver configuration |
             ## Custom packages and scripts
             Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
             Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
             ```shell
             script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
             ```
             ## Flashing the image file
             After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
             ##### Flashing examples:
             ```shell
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
             dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
             ```
             If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
             ```shell
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
             bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
             ```
             ## QEMU emulation
             Start QEMU full system emulation:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
             ```
             Start QEMU full system emulation and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with SMP and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             Start QEMU full system emulation with cryptfs, initramfs and output to console:
             ```shell
             qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
             ```
             ## External links and references
             * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
             * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
             * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
             * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
             * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
             * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
             * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
             * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
             * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)

bootstrap.d/11-apt.sh +7 0

             #
             # Setup APT repositories
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup APT proxy configuration
             if [ -z "$APT_PROXY" ] ; then
               install_readonly files/apt/10proxy "${ETC_DIR}/apt/apt.conf.d/10proxy"
               sed -i "s/\"\"/\"${APT_PROXY}\"/" "${ETC_DIR}/apt/apt.conf.d/10proxy"
             fi
+            # Install APT sources.list
+            install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
+            # Use specified APT server and release
+            sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list"
+            sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list"
             # Upgrade package index and update all installed packages and changed dependencies
             chroot_exec apt-get -qq -y update
             chroot_exec apt-get -qq -y -u dist-upgrade
             # Install additional packages
             if [ "$APT_INCLUDES_LATE" ] ; then
               chroot_exec apt-get -qq -y install "$(echo "$APT_INCLUDES_LATE" |tr , ' ')"
             fi
             # Install Debian custom packages
             if [ -d packages ] ; then
               for package in packages/*.deb ; do
                 cp "$package" "${R}"/tmp
                 chroot_exec dpkg --unpack /tmp/"$(basename "$package")"
               done
             fi
             chroot_exec apt-get -qq -y -f install
             chroot_exec apt-get -qq -y check

bootstrap.d/13-kernel.sh +370 -10

@@ -1,255 +1,615
1	#	1	#
2	# Build and Setup RPi2/3 Kernel	2	# Build and Setup RPi2/3 Kernel
3	#	3	#
4		4
5	# Load utility functions	5	# Load utility functions
6	. ./functions.sh	6	. ./functions.sh
7		7
		8	# Need to use kali kernel src if nexmon is enabled
		9	if [ "$ENABLE_NEXMON" = true ] ; then
		10	KERNEL_URL="${KALI_KERNEL_URL}"
		11	# Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
		12	KERNEL_BRANCH=""
		13	KERNELSRC_DIR=""
		14	fi
		15
8	# Fetch and build latest raspberry kernel	16	# Fetch and build latest raspberry kernel
9	if [ "$BUILD_KERNEL" = true ] ; then	17	if [ "$BUILD_KERNEL" = true ] ; then
10	# Setup source directory	18	# Setup source directory
11	mkdir -p "${KERNEL_DIR}"	19	mkdir -p "${KERNEL_DIR}"
12		20
13	# Copy existing kernel sources into chroot directory	21	# Copy existing kernel sources into chroot directory
14	if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then	22	if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
15	# Copy kernel sources and include hidden files	23	# Copy kernel sources and include hidden files
16	cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"	24	cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
17		25
18	# Clean the kernel sources	26	# Clean the kernel sources
19	if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then	27	if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
20	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper	28	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
21	fi	29	fi
22	else # KERNELSRC_DIR=""	30	else # KERNELSRC_DIR=""
23	# Create temporary directory for kernel sources	31	# Create temporary directory for kernel sources
24	temp_dir=$(as_nobody mktemp -d)	32	temp_dir=$(as_nobody mktemp -d)
25		33
26	# Fetch current RPi2/3 kernel sources	34	# Fetch current RPi2/3 kernel sources
27	if [ -z "${KERNEL_BRANCH}" ] ; then	35	if [ -z "${KERNEL_BRANCH}" ] ; then
28	as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux	36	as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
29	else	37	else
30	as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux	38	as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
31	fi	39	fi
32		40
33	# Copy downloaded kernel sources	41	# Copy downloaded kernel sources
34	cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"	42	cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
35		43
36	# Remove temporary directory for kernel sources	44	# Remove temporary directory for kernel sources
37	rm -fr "${temp_dir}"	45	rm -fr "${temp_dir}"
38		46
39	# Set permissions of the kernel sources	47	# Set permissions of the kernel sources
40	chown -R root:root "${R}/usr/src"	48	chown -R root:root "${R}/usr/src"
41	fi	49	fi
42		50
43	# Calculate optimal number of kernel building threads	51	# Calculate optimal number of kernel building threads
44	if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then	52	if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
45	KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)	53	KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
46	fi	54	fi
47		55
48	# Configure and build kernel	56	# Configure and build kernel
49	if [ "$KERNELSRC_PREBUILT" = false ] ; then	57	if [ "$KERNELSRC_PREBUILT" = false ] ; then
50	# Remove device, network and filesystem drivers from kernel configuration	58	# Remove device, network and filesystem drivers from kernel configuration
51	if [ "$KERNEL_REDUCE" = true ] ; then	59	if [ "$KERNEL_REDUCE" = true ] ; then
52	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"	60	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
53	sed -i\	61	sed -i\
54	-e "s/$^CONFIG_SND.\=$./\1n/"\	62	-e "s/$^CONFIG_SND.\=$./\1n/"\
55	-e "s/$^CONFIG_SOUND.\=$./\1n/"\	63	-e "s/$^CONFIG_SOUND.\=$./\1n/"\
56	-e "s/$^CONFIG_AC97.\=$./\1n/"\	64	-e "s/$^CONFIG_AC97.\=$./\1n/"\
57	-e "s/$^CONFIG_VIDEO_.\=$./\1n/"\	65	-e "s/$^CONFIG_VIDEO_.\=$./\1n/"\
58	-e "s/$^CONFIG_MEDIA_TUNER.\=$./\1n/"\	66	-e "s/$^CONFIG_MEDIA_TUNER.\=$./\1n/"\
59	-e "s/$^CONFIG_DVB.*\=$[ym]/\1n/"\	67	-e "s/$^CONFIG_DVB.*\=$[ym]/\1n/"\
60	-e "s/$^CONFIG_REISERFS.\=$./\1n/"\	68	-e "s/$^CONFIG_REISERFS.\=$./\1n/"\
61	-e "s/$^CONFIG_JFS.\=$./\1n/"\	69	-e "s/$^CONFIG_JFS.\=$./\1n/"\
62	-e "s/$^CONFIG_XFS.\=$./\1n/"\	70	-e "s/$^CONFIG_XFS.\=$./\1n/"\
63	-e "s/$^CONFIG_GFS2.\=$./\1n/"\	71	-e "s/$^CONFIG_GFS2.\=$./\1n/"\
64	-e "s/$^CONFIG_OCFS2.\=$./\1n/"\	72	-e "s/$^CONFIG_OCFS2.\=$./\1n/"\
65	-e "s/$^CONFIG_BTRFS.\=$./\1n/"\	73	-e "s/$^CONFIG_BTRFS.\=$./\1n/"\
66	-e "s/$^CONFIG_HFS.\=$./\1n/"\	74	-e "s/$^CONFIG_HFS.\=$./\1n/"\
67	-e "s/$^CONFIG_JFFS2.*\=$[ym]/\1n/"\	75	-e "s/$^CONFIG_JFFS2.*\=$[ym]/\1n/"\
68	-e "s/$^CONFIG_UBIFS.\=$./\1n/"\	76	-e "s/$^CONFIG_UBIFS.\=$./\1n/"\
69	-e "s/$^CONFIG_SQUASHFS.*\=$[ym]/\1n/"\	77	-e "s/$^CONFIG_SQUASHFS.*\=$[ym]/\1n/"\
70	-e "s/$^CONFIG_W1.*\=$[ym]/\1n/"\	78	-e "s/$^CONFIG_W1.*\=$[ym]/\1n/"\
71	-e "s/$^CONFIG_HAMRADIO.\=$./\1n/"\	79	-e "s/$^CONFIG_HAMRADIO.\=$./\1n/"\
72	-e "s/$^CONFIG_CAN.\=$./\1n/"\	80	-e "s/$^CONFIG_CAN.\=$./\1n/"\
73	-e "s/$^CONFIG_IRDA.\=$./\1n/"\	81	-e "s/$^CONFIG_IRDA.\=$./\1n/"\
74	-e "s/$^CONFIG_BT_.\=$./\1n/"\	82	-e "s/$^CONFIG_BT_.\=$./\1n/"\
75	-e "s/$^CONFIG_WIMAX.*\=$[ym]/\1n/"\	83	-e "s/$^CONFIG_WIMAX.*\=$[ym]/\1n/"\
76	-e "s/$^CONFIG_6LOWPAN.\=$./\1n/"\	84	-e "s/$^CONFIG_6LOWPAN.\=$./\1n/"\
77	-e "s/$^CONFIG_IEEE802154.\=$./\1n/"\	85	-e "s/$^CONFIG_IEEE802154.\=$./\1n/"\
78	-e "s/$^CONFIG_NFC.\=$./\1n/"\	86	-e "s/$^CONFIG_NFC.\=$./\1n/"\
79	-e "s/$^CONFIG_FB_TFT=.\=$./\1n/"\	87	-e "s/$^CONFIG_FB_TFT=.\=$./\1n/"\
80	-e "s/$^CONFIG_TOUCHSCREEN.\=$./\1n/"\	88	-e "s/$^CONFIG_TOUCHSCREEN.\=$./\1n/"\
81	-e "s/$^CONFIG_USB_GSPCA_.\=$./\1n/"\	89	-e "s/$^CONFIG_USB_GSPCA_.\=$./\1n/"\
82	-e "s/$^CONFIG_DRM.\=$./\1n/"\	90	-e "s/$^CONFIG_DRM.\=$./\1n/"\
83	"${KERNEL_DIR}/.config"	91	"${KERNEL_DIR}/.config"
84	fi	92	fi
85		93
86	if [ "$KERNELSRC_CONFIG" = true ] ; then	94	if [ "$KERNELSRC_CONFIG" = true ] ; then
87	# Load default raspberry kernel configuration	95	# Load default raspberry kernel configuration
88	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"	96	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
89		97
		98	#Switch to KERNELSRC_DIR so we can use set_kernel_config
		99	cd "${KERNEL_DIR}" \|\| exit
		100
		101	if [ "$KERNEL_ARCH" = arm64 ] ; then
		102	#Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
		103	# use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
		104	set_kernel_config CONFIG_MMC_BCM2835 n
		105	set_kernel_config CONFIG_MMC_SDHCI_IPROC n
		106	set_kernel_config CONFIG_USB_DWC2 n
		107	sed -i "s\|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA\|depends on MMC_BCM2835_MMC\|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
		108
		109	#VLAN got disabled without reason in arm64bit
		110	set_kernel_config CONFIG_IPVLAN m
		111	fi
		112
		113	# enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
		114	if [ "$KERNEL_ZSWAP" = true ] ; then
		115	set_kernel_config CONFIG_ZPOOL y
		116	set_kernel_config CONFIG_ZSWAP y
		117	set_kernel_config CONFIG_ZBUD y
		118	set_kernel_config CONFIG_Z3FOLD y
		119	set_kernel_config CONFIG_ZSMALLOC y
		120	set_kernel_config CONFIG_PGTABLE_MAPPING y
		121	set_kernel_config CONFIG_LZO_COMPRESS y
		122
		123	fi
		124
		125	# enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
		126	if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] \|\| [ "$RPI_MODEL" = 3 ] \|\| [ "$RPI_MODEL" = 3P ] ; } ; then
		127	set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
		128	set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
		129	set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
		130	set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
		131	set_kernel_config CONFIG_HAVE_KVM_IRQFD y
		132	set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
		133	set_kernel_config CONFIG_HAVE_KVM_MSI y
		134	set_kernel_config CONFIG_KVM y
		135	set_kernel_config CONFIG_KVM_ARM_HOST y
		136	set_kernel_config CONFIG_KVM_ARM_PMU y
		137	set_kernel_config CONFIG_KVM_COMPAT y
		138	set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
		139	set_kernel_config CONFIG_KVM_MMIO y
		140	set_kernel_config CONFIG_KVM_VFIO y
		141	set_kernel_config CONFIG_VHOST m
		142	set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
		143	set_kernel_config CONFIG_VHOST_NET m
		144	set_kernel_config CONFIG_VIRTUALIZATION y
		145
		146	set_kernel_config CONFIG_MMU_NOTIFIER y
		147
		148	# erratum
		149	set_kernel_config ARM64_ERRATUM_834220 y
		150
		151	# https://sourceforge.net/p/kvm/mailman/message/18440797/
		152	set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
		153	fi
		154
		155	# enable apparmor,integrity audit,
		156	if [ "$KERNEL_SECURITY" = true ] ; then
		157
		158	# security filesystem, security models and audit
		159	set_kernel_config CONFIG_SECURITYFS y
		160	set_kernel_config CONFIG_SECURITY y
		161	set_kernel_config CONFIG_AUDIT y
		162
		163	# harden strcpy and memcpy
		164	set_kernel_config CONFIG_HARDENED_USERCOPY y
		165	set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
		166	set_kernel_config CONFIG_FORTIFY_SOURCE y
		167
		168	# integrity sub-system
		169	set_kernel_config CONFIG_INTEGRITY y
		170	set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
		171	set_kernel_config CONFIG_INTEGRITY_AUDIT y
		172	set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
		173	set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
		174
		175	# This option provides support for retaining authentication tokens and access keys in the kernel.
		176	set_kernel_config CONFIG_KEYS y
		177	set_kernel_config CONFIG_KEYS_COMPAT y
		178
		179	# Apparmor
		180	set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
		181	set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
		182	set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
		183	set_kernel_config CONFIG_SECURITY_APPARMOR y
		184	set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
		185	set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
		186
		187	# restrictions on unprivileged users reading the kernel
		188	set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
		189
		190	# network security hooks
		191	set_kernel_config CONFIG_SECURITY_NETWORK y
		192	set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
		193	set_kernel_config CONFIG_SECURITY_PATH y
		194	set_kernel_config CONFIG_SECURITY_YAMA n
		195
		196	# New Options
		197	if [ "$KERNEL_NF" = true ] ; then
		198	set_kernel_config CONFIG_IP_NF_SECURITY m
		199	set_kernel_config CONFIG_NETLABEL y
		200	set_kernel_config CONFIG_IP6_NF_SECURITY m
		201	fi
		202	set_kernel_config CONFIG_SECURITY_SELINUX n
		203	set_kernel_config CONFIG_SECURITY_SMACK n
		204	set_kernel_config CONFIG_SECURITY_TOMOYO n
		205	set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
		206	set_kernel_config CONFIG_SECURITY_LOADPIN n
		207	set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
		208	set_kernel_config CONFIG_IMA n
		209	set_kernel_config CONFIG_EVM n
		210	set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
		211	set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
		212	set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
		213	set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
		214	set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
		215	set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
		216	set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
		217	set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
		218	set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
		219	set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
		220
		221	set_kernel_config CONFIG_ARM64_CRYPTO y
		222	set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
		223	set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
		224	set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
		225	set_kernel_config CRYPTO_GHASH_ARM64_CE m
		226	set_kernel_config CRYPTO_SHA2_ARM64_CE m
		227	set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
		228	set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
		229	set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
		230	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
		231	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
		232	set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
		233	set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
		234	set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
		235	set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
		236	set_kernel_config SYSTEM_TRUSTED_KEYS
		237	fi
		238
		239	# Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
		240	if [ "$KERNEL_NF" = true ] ; then
		241	set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
		242	set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
		243	set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
		244	set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
		245	set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
		246	set_kernel_config CONFIG_NFT_FIB_INET m
		247	set_kernel_config CONFIG_NFT_FIB_IPV4 m
		248	set_kernel_config CONFIG_NFT_FIB_IPV6 m
		249	set_kernel_config CONFIG_NFT_FIB_NETDEV m
		250	set_kernel_config CONFIG_NFT_OBJREF m
		251	set_kernel_config CONFIG_NFT_RT m
		252	set_kernel_config CONFIG_NFT_SET_BITMAP m
		253	set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
		254	set_kernel_config CONFIG_NF_LOG_ARP m
		255	set_kernel_config CONFIG_NF_SOCKET_IPV4 m
		256	set_kernel_config CONFIG_NF_SOCKET_IPV6 m
		257	set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
		258	set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
		259	set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
		260	set_kernel_config CONFIG_IP6_NF_IPTABLES m
		261	set_kernel_config CONFIG_IP6_NF_MATCH_AH m
		262	set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
		263	set_kernel_config CONFIG_IP6_NF_NAT m
		264	set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
		265	set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
		266	set_kernel_config CONFIG_IP_NF_SECURITY m
		267	set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
		268	set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
		269	set_kernel_config CONFIG_IP_SET_HASH_IP m
		270	set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
		271	set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
		272	set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
		273	set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
		274	set_kernel_config CONFIG_IP_SET_HASH_MAC m
		275	set_kernel_config CONFIG_IP_SET_HASH_NET m
		276	set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
		277	set_kernel_config CONFIG_IP_SET_HASH_NETNET m
		278	set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
		279	set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
		280	set_kernel_config CONFIG_IP_SET_LIST_SET m
		281	set_kernel_config CONFIG_NETFILTER_XTABLES m
		282	set_kernel_config CONFIG_NETFILTER_XTABLES m
		283	set_kernel_config CONFIG_NFT_BRIDGE_META m
		284	set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
		285	set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
		286	set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
		287	set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
		288	set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
		289	set_kernel_config CONFIG_NFT_COMPAT m
		290	set_kernel_config CONFIG_NFT_COUNTER m
		291	set_kernel_config CONFIG_NFT_CT m
		292	set_kernel_config CONFIG_NFT_DUP_IPV4 m
		293	set_kernel_config CONFIG_NFT_DUP_IPV6 m
		294	set_kernel_config CONFIG_NFT_DUP_NETDEV m
		295	set_kernel_config CONFIG_NFT_EXTHDR m
		296	set_kernel_config CONFIG_NFT_FWD_NETDEV m
		297	set_kernel_config CONFIG_NFT_HASH m
		298	set_kernel_config CONFIG_NFT_LIMIT m
		299	set_kernel_config CONFIG_NFT_LOG m
		300	set_kernel_config CONFIG_NFT_MASQ m
		301	set_kernel_config CONFIG_NFT_MASQ_IPV4 m
		302	set_kernel_config CONFIG_NFT_MASQ_IPV6 m
		303	set_kernel_config CONFIG_NFT_META m
		304	set_kernel_config CONFIG_NFT_NAT m
		305	set_kernel_config CONFIG_NFT_NUMGEN m
		306	set_kernel_config CONFIG_NFT_QUEUE m
		307	set_kernel_config CONFIG_NFT_QUOTA m
		308	set_kernel_config CONFIG_NFT_REDIR m
		309	set_kernel_config CONFIG_NFT_REDIR_IPV4 m
		310	set_kernel_config CONFIG_NFT_REDIR_IPV6 m
		311	set_kernel_config CONFIG_NFT_REJECT m
		312	set_kernel_config CONFIG_NFT_REJECT_INET m
		313	set_kernel_config CONFIG_NFT_REJECT_IPV4 m
		314	set_kernel_config CONFIG_NFT_REJECT_IPV6 m
		315	set_kernel_config CONFIG_NFT_SET_HASH m
		316	set_kernel_config CONFIG_NFT_SET_RBTREE m
		317	set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
		318	set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
		319	set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
		320	set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
		321	set_kernel_config CONFIG_NF_DUP_IPV4 m
		322	set_kernel_config CONFIG_NF_DUP_IPV6 m
		323	set_kernel_config CONFIG_NF_DUP_NETDEV m
		324	set_kernel_config CONFIG_NF_LOG_BRIDGE m
		325	set_kernel_config CONFIG_NF_LOG_IPV4 m
		326	set_kernel_config CONFIG_NF_LOG_IPV6 m
		327	set_kernel_config CONFIG_NF_NAT_IPV4 m
		328	set_kernel_config CONFIG_NF_NAT_IPV6 m
		329	set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
		330	set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
		331	set_kernel_config CONFIG_NF_NAT_PPTP m
		332	set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
		333	set_kernel_config CONFIG_NF_NAT_REDIRECT m
		334	set_kernel_config CONFIG_NF_NAT_SIP m
		335	set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
		336	set_kernel_config CONFIG_NF_NAT_TFTP m
		337	set_kernel_config CONFIG_NF_REJECT_IPV4 m
		338	set_kernel_config CONFIG_NF_REJECT_IPV6 m
		339	set_kernel_config CONFIG_NF_TABLES m
		340	set_kernel_config CONFIG_NF_TABLES_ARP m
		341	set_kernel_config CONFIG_NF_TABLES_BRIDGE m
		342	set_kernel_config CONFIG_NF_TABLES_INET m
		343	set_kernel_config CONFIG_NF_TABLES_IPV4 m
		344	set_kernel_config CONFIG_NF_TABLES_IPV6 m
		345	set_kernel_config CONFIG_NF_TABLES_NETDEV m
		346	fi
		347
		348	# Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
		349	if [ "$KERNEL_BPF" = true ] ; then
		350	set_kernel_config CONFIG_BPF_SYSCALL y
		351	set_kernel_config CONFIG_BPF_EVENTS y
		352	set_kernel_config CONFIG_BPF_STREAM_PARSER y
		353	set_kernel_config CONFIG_CGROUP_BPF y
		354	fi
		355
		356	# KERNEL_DEFAULT_GOV was set by user
		357	if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
		358
		359	case "$KERNEL_DEFAULT_GOV" in
		360	performance)
		361	set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
		362	;;
		363	userspace)
		364	set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
		365	;;
		366	ondemand)
		367	set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
		368	;;
		369	conservative)
		370	set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
		371	;;
		372	shedutil)
		373	set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
		374	;;
		375	*)
		376	echo "error: unsupported default cpu governor"
		377	exit 1
		378	;;
		379	esac
		380
		381	# unset previous default governor
		382	unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
		383	fi
		384
		385	#Revert to previous directory
		386	cd "${WORKDIR}" \|\| exit
		387
90	# Set kernel configuration parameters to enable qemu emulation	388	# Set kernel configuration parameters to enable qemu emulation
91	if [ "$ENABLE_QEMU" = true ] ; then	389	if [ "$ENABLE_QEMU" = true ] ; then
92	echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config	390	echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
93	echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config	391	echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
94		392
95	if [ "$ENABLE_CRYPTFS" = true ] ; then	393	if [ "$ENABLE_CRYPTFS" = true ] ; then
96	{	394	{
97	echo "CONFIG_EMBEDDED=y"	395	echo "CONFIG_EMBEDDED=y"
98	echo "CONFIG_EXPERT=y"	396	echo "CONFIG_EXPERT=y"
99	echo "CONFIG_DAX=y"	397	echo "CONFIG_DAX=y"
100	echo "CONFIG_MD=y"	398	echo "CONFIG_MD=y"
101	echo "CONFIG_BLK_DEV_MD=y"	399	echo "CONFIG_BLK_DEV_MD=y"
102	echo "CONFIG_MD_AUTODETECT=y"	400	echo "CONFIG_MD_AUTODETECT=y"
103	echo "CONFIG_BLK_DEV_DM=y"	401	echo "CONFIG_BLK_DEV_DM=y"
104	echo "CONFIG_BLK_DEV_DM_BUILTIN=y"	402	echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
105	echo "CONFIG_DM_CRYPT=y"	403	echo "CONFIG_DM_CRYPT=y"
106	echo "CONFIG_CRYPTO_BLKCIPHER=y"	404	echo "CONFIG_CRYPTO_BLKCIPHER=y"
107	echo "CONFIG_CRYPTO_CBC=y"	405	echo "CONFIG_CRYPTO_CBC=y"
108	echo "CONFIG_CRYPTO_XTS=y"	406	echo "CONFIG_CRYPTO_XTS=y"
109	echo "CONFIG_CRYPTO_SHA512=y"	407	echo "CONFIG_CRYPTO_SHA512=y"
110	echo "CONFIG_CRYPTO_MANAGER=y"	408	echo "CONFIG_CRYPTO_MANAGER=y"
111	} >> "${KERNEL_DIR}"/.config	409	} >> "${KERNEL_DIR}"/.config
112	fi	410	fi
113	fi	411	fi
114		412
115	# Copy custom kernel configuration file	413	# Copy custom kernel configuration file
116	if [ -n "$KERNELSRC_USRCONFIG" ] ; then	414	if [ -n "$KERNELSRC_USRCONFIG" ] ; then
117	cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config	415	cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
118	fi	416	fi
119		417
120	# Set kernel configuration parameters to their default values	418	# Set kernel configuration parameters to their default values
121	if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then	419	if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
122	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig	420	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
123	fi	421	fi
124		422
125	# Start menu-driven kernel configuration (interactive)	423	# Start menu-driven kernel configuration (interactive)
126	if [ "$KERNEL_MENUCONFIG" = true ] ; then	424	if [ "$KERNEL_MENUCONFIG" = true ] ; then
127	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig	425	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
128	fi	426	fi
		427	# end if "$KERNELSRC_CONFIG" = true
129	fi	428	fi
130		429
131	# Use ccache to cross compile the kernel	430	# Use ccache to cross compile the kernel
132	if [ "$KERNEL_CCACHE" = true ] ; then	431	if [ "$KERNEL_CCACHE" = true ] ; then
133	cc="ccache ${CROSS_COMPILE}gcc"	432	cc="ccache ${CROSS_COMPILE}gcc"
134	else	433	else
135	cc="${CROSS_COMPILE}gcc"	434	cc="${CROSS_COMPILE}gcc"
136	fi	435	fi
137		436
138	# Cross compile kernel and dtbs	437	# Cross compile kernel and dtbs
139	make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs	438	make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
140		439
141	# Cross compile kernel modules	440	# Cross compile kernel modules
142	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then	441	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
143	make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules	442	make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
144	fi	443	fi
		444	# end if "$KERNELSRC_PREBUILT" = false
145	fi	445	fi
146		446
147	# Check if kernel compilation was successful	447	# Check if kernel compilation was successful
148	if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then	448	if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
149	echo "error: kernel compilation failed! (kernel image not found)"	449	echo "error: kernel compilation failed! (kernel image not found)"
150	cleanup	450	cleanup
151	exit 1	451	exit 1
152	fi	452	fi
153		453
154	# Install kernel modules	454	# Install kernel modules
155	if [ "$ENABLE_REDUCE" = true ] ; then	455	if [ "$ENABLE_REDUCE" = true ] ; then
156	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then	456	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
157	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install	457	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
158	fi	458	fi
159	else	459	else
160	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then	460	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
161	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install	461	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
162	fi	462	fi
163		463
164	# Install kernel firmware	464	# Install kernel firmware
165	if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then	465	if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
166	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install	466	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
167	fi	467	fi
168	fi	468	fi
169		469
170	# Install kernel headers	470	# Install kernel headers
171	if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then	471	if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
172	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install	472	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
173	fi	473	fi
174		474
175	# Prepare boot (firmware) directory	475	# Prepare boot (firmware) directory
176	mkdir "${BOOT_DIR}"	476	mkdir "${BOOT_DIR}"
177		477
178	# Get kernel release version	478	# Get kernel release version
179	KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")	479	KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
180		480
181	# Copy kernel configuration file to the boot directory	481	# Copy kernel configuration file to the boot directory
182	install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"	482	install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
183		483
184	# Prepare device tree directory	484	# Prepare device tree directory
185	mkdir "${BOOT_DIR}/overlays"	485	mkdir "${BOOT_DIR}/overlays"
186		486
187	# Ensure the proper .dtb is located	487	# Ensure the proper .dtb is located
188	if [ "$KERNEL_ARCH" = "arm" ] ; then	488	if [ "$KERNEL_ARCH" = "arm" ] ; then
189	for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do	489	for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
190	if [ -f "${dtb}" ] ; then	490	if [ -f "${dtb}" ] ; then
191	install_readonly "${dtb}" "${BOOT_DIR}/"	491	install_readonly "${dtb}" "${BOOT_DIR}/"
192	fi	492	fi
193	done	493	done
194	else	494	else
195	for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do	495	for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
196	if [ -f "${dtb}" ] ; then	496	if [ -f "${dtb}" ] ; then
197	install_readonly "${dtb}" "${BOOT_DIR}/"	497	install_readonly "${dtb}" "${BOOT_DIR}/"
198	fi	498	fi
199	done	499	done
200	fi	500	fi
201		501
202	# Copy compiled dtb device tree files	502	# Copy compiled dtb device tree files
203	if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then	503	if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
204	for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb ; do	504	for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
205	if [ -f "${dtb}" ] ; then	505	if [ -f "${dtb}" ] ; then
206	install_readonly "${dtb}" "${BOOT_DIR}/overlays/"	506	install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
207	fi	507	fi
208	done	508	done
209		509
210	if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then	510	if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
211	install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"	511	install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
212	fi	512	fi
213	fi	513	fi
214		514
215	if [ "$ENABLE_UBOOT" = false ] ; then	515	if [ "$ENABLE_UBOOT" = false ] ; then
216	# Convert and copy kernel image to the boot directory	516	# Convert and copy kernel image to the boot directory
217	"${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"	517	"${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
218	else	518	else
219	# Copy kernel image to the boot directory	519	# Copy kernel image to the boot directory
220	install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"	520	install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
221	fi	521	fi
222		522
223	# Remove kernel sources	523	# Remove kernel sources
224	if [ "$KERNEL_REMOVESRC" = true ] ; then	524	if [ "$KERNEL_REMOVESRC" = true ] ; then
225	rm -fr "${KERNEL_DIR}"	525	rm -fr "${KERNEL_DIR}"
226	else	526	else
227	# Prepare compiled kernel modules	527	# Prepare compiled kernel modules
228	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then	528	if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
229	if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then	529	if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
230	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare	530	make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
231	fi	531	fi
232		532
233	# Create symlinks for kernel modules	533	# Create symlinks for kernel modules
234	chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"	534	chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
235	chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"	535	chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
236	fi	536	fi
237	fi	537	fi
238		538
239	else # BUILD_KERNEL=false	539	else # BUILD_KERNEL=false
240	# Kernel installation	540	if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] \|\| [ "$RPI_MODEL" = 3P ] ; } ; then
241	chroot_exec apt-get -qq -y --no-install-recommends install linux-image-"${COLLABORA_KERNEL}" raspberrypi-bootloader-nokernel	541
		542	# Use Sakakis modified kernel if ZSWAP is active
		543	if [ "$KERNEL_ZSWAP" = true ] \|\| [ "$KERNEL_VIRT" = true ] \|\| [ "$KERNEL_NF" = true ] \|\| [ "$KERNEL_BPF" = true ] ; then
		544	RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
		545	fi
		546
		547	# Create temporary directory for dl
		548	temp_dir=$(as_nobody mktemp -d)
		549
		550	# Fetch kernel dl
		551	as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
242		552
243	# Install flash-kernel last so it doesn't try (and fail) to detect the platform in the chroot	553	#extract download
244	chroot_exec apt-get -qq -y install flash-kernel	554	tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
		555
		556	#move extracted kernel to /boot/firmware
		557	mkdir "${R}/boot/firmware"
		558	cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
		559	cp -r "${temp_dir}"/lib/* "${R}"/lib/
		560
		561	# Remove temporary directory for kernel sources
		562	rm -fr "${temp_dir}"
		563
		564	# Set permissions of the kernel sources
		565	chown -R root:root "${R}/boot/firmware"
		566	chown -R root:root "${R}/lib/modules"
		567	fi
		568
		569	# Install Kernel from hypriot comptabile with all Raspberry PI
		570	if [ "$SET_ARCH" = 32 ] ; then
		571	# Create temporary directory for dl
		572	temp_dir=$(as_nobody mktemp -d)
		573
		574	# Fetch kernel
		575	as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
		576
		577	# Copy downloaded U-Boot sources
		578	mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
		579
		580	# Set permissions
		581	chown -R root:root "${R}"/tmp/kernel.deb
		582
		583	# Install kernel
		584	chroot_exec dpkg -i /tmp/kernel.deb
		585
		586	# move /boot to /boot/firmware to fit script env.
		587	#mkdir "${BOOT_DIR}"
		588	mkdir "${temp_dir}"/firmware
		589	mv "${R}"/boot/* "${temp_dir}"/firmware/
		590	mv "${temp_dir}"/firmware "${R}"/boot/
		591
		592	#same for kernel headers
		593	if [ "$KERNEL_HEADERS" = true ] ; then
		594	# Fetch kernel header
		595	as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
		596	mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
		597	chown -R root:root "${R}"/tmp/kernel-header.deb
		598	# Install kernel header
		599	chroot_exec dpkg -i /tmp/kernel-header.deb
		600	rm -f "${R}"/tmp/kernel-header.deb
		601	fi
		602
		603	# Remove temporary directory and files
		604	rm -fr "${temp_dir}"
		605	rm -f "${R}"/tmp/kernel.deb
		606	fi
245		607
246	# Check if kernel installation was successful	608	# Check if kernel installation was successful
247	~~VMLINUZ~~="$(ls -1 "${R}"/boot/~~vmlinuz-~~* \| sort \| tail -n 1)"	609	KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* \| sort \| tail -n 1)"
248	if [ -z "$~~VMLINUZ~~" ] ; then	610	if [ -z "$KERNEL" ] ; then
249	echo "error: kernel installation failed! (/boot/~~vmlinuz-~~* not found)"	611	echo "error: kernel installation failed! (/boot/kernel* not found)"
250	cleanup	612	cleanup
251	exit 1	613	exit 1
252	fi	614	fi
253	# Copy vmlinuz kernel to the boot directory
254	install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}"
255	fi	615	fi

bootstrap.d/14-fstab.sh +59 -2

             #
             # Setup fstab and initramfs
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup fstab
             install_readonly files/mount/fstab "${ETC_DIR}/fstab"
             # Add usb/sda disk root partition to fstab
             if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
               sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab"
             fi
             # Add encrypted root partition to fstab and crypttab
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Replace fstab root partition with encrypted partition mapping
               sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab"
               # Add encrypted partition to crypttab and fstab
               install_readonly files/mount/crypttab "${ETC_DIR}/crypttab"
               echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab"
               if [ "$ENABLE_SPLITFS" = true ] ; then
-                # Add usb/sda disk to crypttab
+                # Add usb/sda1 disk to crypttab
                 sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab"
               fi
             fi
+            if [ "$ENABLE_USBBOOT" = true ] ; then
+              sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab"
+              sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab"
+              # Add usb/sda2 disk to crypttab
+              sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab"
+            fi
             # Generate initramfs file
-            if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then
+            if [ "$ENABLE_INITRAMFS" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = true ] ; then
                 # Include initramfs scripts to auto expand encrypted root partition
                 if [ "$EXPANDROOT" = true ] ; then
                   install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
                   install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
                   install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
                 fi
+            	if [ "$ENABLE_DHCP" = false ] ; then
+                  # Get cdir from NET_ADDRESS e.g. 24
+                  cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
+                  # Convert cdir ro netmask e.g. 24 to 255.255.255.0
+                  NET_MASK=$(cdr2mask "$cdir")
+            	  # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
+                  sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
+            	  # Regenerate initramfs
+            	  chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
+                fi
+            	if [ "$CRYPTFS_DROPBEAR" = true ]; then
+            	  if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
+             	    install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
+             	    cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
+             	  else
+             	    # Create key
+             	    chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
+             	    # Convert dropbear key to openssh key
+             	    chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
+             	    # Get Public Key Part
+             	    chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
+             	    # Delete unwanted lines
+             	    sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
+             	    sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
+             	    # Trust the new key
+             	    cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
+             	    # Save Keys - convert with putty from rsa/openssh to puttkey
+             	    cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
+             	    # Get unlock script
+             	    install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
+             	    # Enable Dropbear inside initramfs
+             	    printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
+             	    # Enable Dropbear inside initramfs
+             	    sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
+            	  fi
+            	else
             	  # Disable SSHD inside initramfs
             	  printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
+            	fi
                 # Add cryptsetup modules to initramfs
                 printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook"
                 # Dummy mapping required by mkinitramfs
                 echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
                 # Generate initramfs with encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
                 # Remove dummy mapping
                 chroot_exec cryptsetup close "${CRYPTFS_MAPPING}"
               else
                 # Generate initramfs without encrypted root partition support
                 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
               fi
             fi

bootstrap.d/15-rpi-config.sh +109 -38

             #
             # Setup RPi2/3 config and cmdline
             #
             # Load utility functions
             . ./functions.sh
-            if [ "$BUILD_KERNEL" = true ] ; then
             if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
               # Install boot binaries from local directory
               cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
               cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
               cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
             else
               # Create temporary directory for boot binaries
               temp_dir=$(as_nobody mktemp -d)
               # Install latest boot binaries from raspberry/firmware github
               as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
               as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
               as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
               as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
               as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
               as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
               as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
               # Move downloaded boot binaries
               mv "${temp_dir}/"* "${BOOT_DIR}/"
               # Remove temporary directory for boot binaries
               rm -fr "${temp_dir}"
               # Set permissions of the boot binaries
               chown -R root:root "${BOOT_DIR}"
               chmod -R 600 "${BOOT_DIR}"
             fi
-            fi
             # Setup firmware boot cmdline
+            if [ "$ENABLE_USBBOOT" = true ] ; then
+              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
+            else
               if [ "$ENABLE_SPLITFS" = true ] ; then
-              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
+                CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
               else
-              CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait console=tty1 init=/bin/systemd"
+                CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
+              fi
             fi
             # Add encrypted root partition to cmdline.txt
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               if [ "$ENABLE_SPLITFS" = true ] ; then
                 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
               else
+                if [ "$ENABLE_USBBOOT" = true ] ; then
+                  CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
+                else
                   CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
                 fi
               fi
-            #locks cpu at max frequency
-            if [ "$ENABLE_TURBO" = true ] ; then
-              echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
             fi
+            # Enable Kernel messages on standard output
             if [ "$ENABLE_PRINTK" = true ] ; then
               install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
             fi
-            # Install udev rule for serial alias
+            # Enable Kernel messages on standard output
+            if [ "$KERNEL_SECURITY" = true ] ; then
+              install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
+            fi
+            # Install udev rule for serial alias - serial0 = console serial1=bluetooth
             install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
-            if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+            # Remove IPv6 networking support
+            if [ "$ENABLE_IPV6" = false ] ; then
+              CMDLINE="${CMDLINE} ipv6.disable=1"
+            fi
-              # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface
+            # Automatically assign predictable network interface names
-              SET_SERIAL="ttyS0"
+            if [ "$ENABLE_IFNAMES" = false ] ; then
+              CMDLINE="${CMDLINE} net.ifnames=0"
+            else
+              CMDLINE="${CMDLINE} net.ifnames=1"
+            fi
+            # Disable Raspberry Pi console logo
+            if [ "$ENABLE_LOGO" = false ] ; then
+              CMDLINE="${CMDLINE} logo.nologo"
+            fi
+            # Strictly limit verbosity of boot up console messages
+            if [ "$ENABLE_SILENT_BOOT" = true ] ; then
+              CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
+            fi
+            # Install firmware config
+            install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
+            # Disable Raspberry Pi console logo
+            if [ "$ENABLE_SLASH" = false ] ; then
+              echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
+            fi
+            # Locks CPU frequency at maximum
+            if [ "$ENABLE_TURBO" = true ] ; then
+              echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
+              # helps to avoid sdcard corruption when force_turbo is enabled.
+              echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
+            fi
+            if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
               # Bluetooth enabled
               if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 # Create temporary directory for Bluetooth sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch Bluetooth sources
                 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
                 # Copy downloaded sources
                 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
                 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
                 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
                 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://aur.archlinux.org/cgit/aur.git/plain/BCM43430A1.hcd?h=pi-bluetooth
                 # Set permissions
                 chown -R root:root "${R}/tmp/pi-bluetooth"
                 # Install tools
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
                 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
+            	# make scripts executable
+            	chmod +x "${R}/usr/bin/bthelper"
+            	chmod +x "${R}/usr/bin/btuart"
                 # Install bluetooth udev rule
                 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
                 # Install Firmware Flash file and apropiate licence
                 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
                 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
                 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
                 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
-                # Remove temporary directory
+                # Remove temporary directories
                 rm -fr "${temp_dir}"
+            	rm -fr "${R}"/tmp/pi-bluetooth
                 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
                 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
-            	  SET_SERIAL="ttyAMA0"
             	  # set overlay to swap ttyAMA0 and ttyS0
                   echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
-            	  # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
             	  if [ "$ENABLE_TURBO" = false ] ; then
                     echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
                   fi
+            	fi
             	# Activate services
             	chroot_exec systemctl enable pi-bluetooth.hciuart.service
-            	  #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
-            	else
-            	  chroot_exec systemctl enable pi-bluetooth.hciuart.service
-            	  #chroot_exec systemctl enable pi-bluetooth.bthelper@.service
-            	fi
               else # if ENABLE_BLUETOOTH = false
               	# set overlay to disable bluetooth
                 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
               fi # ENABLE_BLUETOOTH end
-            else
-              # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface
-              SET_SERIAL="ttyAMA0"
             fi
             # may need sudo systemctl disable hciuart
             if [ "$ENABLE_CONSOLE" = true ] ; then
               echo "enable_uart=1"  >> "${BOOT_DIR}/config.txt"
               # add string to cmdline
               CMDLINE="${CMDLINE} console=serial0,115200"
+              if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
+                # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
+                if [ "$ENABLE_TURBO" = false ] ; then
+                  echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
+                fi
+              fi
               # Enable serial console systemd style
-              chroot_exec systemctl enable serial-getty\@"$SET_SERIAL".service
+              chroot_exec systemctl enable serial-getty@serial0.service
             else
               echo "enable_uart=0"  >> "${BOOT_DIR}/config.txt"
-              # disable serial console systemd style
-              chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
             fi
-            # Remove IPv6 networking support
+            # Disable dphys-swapfile service. Will get enabled on first boot
-            if [ "$ENABLE_IPV6" = false ] ; then
+            if [ "$ENABLE_DPHYSSWAP" = true ] ; then
-              CMDLINE="${CMDLINE} ipv6.disable=1"
+              chroot_exec systemctl disable dphys-swapfile
             fi
-            # Automatically assign predictable network interface names
+            if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
-            if [ "$ENABLE_IFNAMES" = false ] ; then
+              # Create temporary directory for systemd-swap sources
-              CMDLINE="${CMDLINE} net.ifnames=0"
+              temp_dir=$(as_nobody mktemp -d)
+              # Fetch systemd-swap sources
+              as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
+              # Copy downloaded systemd-swap sources
+              mv "${temp_dir}/systemd-swap" "${R}/tmp/"
+              # Change into downloaded src dir
+              cd "${R}/tmp/systemd-swap" || exit
+              # Build package
+              bash ./package.sh debian
+              # Change back into script root dir
+              cd "${WORKDIR}" || exit
+              # Set permissions of the systemd-swap sources
+              chown -R root:root "${R}/tmp/systemd-swap"
+              # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
+              chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
+              # Enable service
+              chroot_exec systemctl enable systemd-swap
+              # Remove temporary directory for systemd-swap sources
+              rm -fr "${temp_dir}"
             else
-              CMDLINE="${CMDLINE} net.ifnames=1"
+              # Enable ZSWAP in cmdline if systemd-swap is not used
+              if [ "$KERNEL_ZSWAP" = true ] ; then
+                CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
+              fi
+            fi
+              if [ "$KERNEL_SECURITY" = true ] ; then
+                CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
               fi
             # Install firmware boot cmdline
             echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
-            # Install firmware config
-            install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
             # Setup minimal GPU memory allocation size: 16MB (no X)
             if [ "$ENABLE_MINGPU" = true ] ; then
               echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
             fi
             # Setup boot with initramfs
             if [ "$ENABLE_INITRAMFS" = true ] ; then
               echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
             fi
             # Create firmware configuration and cmdline symlinks
             ln -sf firmware/config.txt "${R}/boot/config.txt"
             ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
             # Install and setup kernel modules to load at boot
             mkdir -p "${LIB_DIR}/modules-load.d/"
             install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
             # Load hardware random module at boot
             if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
               sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Load sound module at boot
             if [ "$ENABLE_SOUND" = true ] ; then
               sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             else
               echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
             fi
             # Enable I2C interface
             if [ "$ENABLE_I2C" = true ] ; then
               echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
               sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
             fi
             # Enable SPI interface
             if [ "$ENABLE_SPI" = true ] ; then
               echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
               echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
               if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
                 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
               fi
             fi
             # Disable RPi2/3 under-voltage warnings
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
             fi
             # Install kernel modules blacklist
             mkdir -p "${ETC_DIR}/modprobe.d/"
             install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
             # Install sysctl.d configuration files
             install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"

bootstrap.d/20-networking.sh +4 0

             #
             # Setup Networking
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup hostname
             install_readonly files/network/hostname "${ETC_DIR}/hostname"
             sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
             # Install and setup hosts
             install_readonly files/network/hosts "${ETC_DIR}/hosts"
             sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
             # Setup hostname entry with static IP
             if [ "$NET_ADDRESS" != "" ] ; then
               NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
               sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
             fi
             # Remove IPv6 hosts
             if [ "$ENABLE_IPV6" = false ] ; then
               sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
             fi
             # Install hint about network configuration
             install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
             # Install configuration for interface eth0
             install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
+            if [ "$RPI_MODEL" = 3P ] ; then
+            printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
+            fi
             # Install configuration for interface wl*
             install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
             #always with dhcp since wpa_supplicant integration is missing
             sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
             if [ "$ENABLE_DHCP" = true ] ; then
               # Enable DHCP configuration for interface eth0
               sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
               # Set DHCP configuration to IPv4 only
               if [ "$ENABLE_IPV6" = false ] ; then
                 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
               fi
             else # ENABLE_DHCP=false
               # Set static network configuration for interface eth0
               sed -i\
               -e "s|DHCP=.*|DHCP=no|"\
               -e "s|Address=\$|Address=${NET_ADDRESS}|"\
               -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
               -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
               -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
               -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
               "${ETC_DIR}/systemd/network/eth.network"
             fi
             # Remove empty settings from network configuration
             sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
             # Remove empty settings from wlan configuration
             sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
             # Move systemd network configuration if required by Debian release
             mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
             # If WLAN is enabled copy wlan configuration too
             if [ "$ENABLE_WIRELESS" = true ] ; then
               mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
             fi
             rm -fr "${ETC_DIR}/systemd/network"
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Install host.conf resolver configuration
             install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               # Install sysctl.d configuration files
               install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
               # Setup resolver warnings about spoofed addresses
               sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
             fi
             # Enable time sync
             if [ "$NET_NTP_1" != "" ] ; then
               chroot_exec systemctl enable systemd-timesyncd.service
             fi
             # Download the firmware binary blob required to use the RPi3 wireless interface
             if [ "$ENABLE_WIRELESS" = true ] ; then
               if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
                 mkdir -p "${WLAN_FIRMWARE_DIR}"
               fi
               # Create temporary directory for firmware binary blob
               temp_dir=$(as_nobody mktemp -d)
               # Fetch firmware binary blob for RPI3B+
               if [ "$RPI_MODEL" = 3P ] ; then
                 # Fetch firmware binary blob for RPi3P
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
             	# Move downloaded firmware binary blob
             	mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
             	# Set permissions of the firmware binary blob
             	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
                 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
               elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
                 # Fetch firmware binary blob for RPi3
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
             	# Move downloaded firmware binary blob
             	mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
             	# Set permissions of the firmware binary blob
             	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
                 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
               fi
               # Remove temporary directory for firmware binary blob
               rm -fr "${temp_dir}"
             fi

bootstrap.d/21-firewall.sh +7 -1

             #
             # Setup Firewall
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "${ETC_DIR}/iptables"
-              # make sure iptables-legacy is the used alternatives
+              if [ "$KERNEL_NF" = false ] ; then
                 # iptables-save and -restore are slaves of iptables and thus are set accordingly
                 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
+              fi
               # Install iptables systemd service
               install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
               install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
               install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
+                if [ "$KERNEL_NF" = false ] ; then
+                  # iptables-save and -restore are slaves of iptables and thus are set accordingly
+                  chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
+            	fi
                 # Install ip6tables systemd service
                 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
                 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
               if [ "$ENABLE_SSHD" = false ] ; then
                # Remove SSHD related iptables rules
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
               fi
             fi

bootstrap.d/30-security.sh 0 -5

             #
             # Setup users and security settings
             #
             # Load utility functions
             . ./functions.sh
             # Generate crypt(3) password string
             ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}")
             ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}")
             # Setup default user
             if [ "$ENABLE_USER" = true ] ; then
               chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME"
               chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME"
             fi
             # Setup root password or not
             if [ "$ENABLE_ROOT" = true ] ; then
               chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
             else
               # Set no root password to disable root login
               chroot_exec usermod -p \'!\' root
             fi
-            # Enable serial console systemd style
-            if [ "$ENABLE_CONSOLE" = true ] ; then
-              chroot_exec systemctl enable serial-getty\@ttyAMA0.service
-            fi

bootstrap.d/41-uboot.sh +5 0

             #
             # Build and Setup U-Boot
             #
             # Load utility functions
             . ./functions.sh
             # Fetch and build U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               # Install c/c++ build environment inside the chroot
               chroot_install_cc
               # Copy existing U-Boot sources into chroot directory
               if [ -n "$UBOOTSRC_DIR" ] && [ -d "$UBOOTSRC_DIR" ] ; then
                 # Copy local U-Boot sources
                 cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
               else
                 # Create temporary directory for U-Boot sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch U-Boot sources
                 as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
                 # Copy downloaded U-Boot sources
                 mv "${temp_dir}/u-boot" "${R}/tmp/"
                 # Set permissions of the U-Boot sources
                 chown -R root:root "${R}/tmp/u-boot"
                 # Remove temporary directory for U-Boot sources
                 rm -fr "${temp_dir}"
               fi
               # Build and install U-Boot inside chroot
               chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all
               # Copy compiled bootloader binary and set config.txt to load it
               install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage"
               install_readonly "${R}/tmp/u-boot/u-boot.bin" "${BOOT_DIR}/u-boot.bin"
               printf "\n# boot u-boot kernel\nkernel=u-boot.bin\n" >> "${BOOT_DIR}/config.txt"
               # Install and setup U-Boot command file
               install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage"
               printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
               if [ "$ENABLE_INITRAMFS" = true ] ; then
                 # Convert generated initramfs for U-Boot using mkimage
                 chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "/boot/firmware/initramfs-${KERNEL_VERSION}" "/boot/firmware/initramfs-${KERNEL_VERSION}.uboot"
                 # Remove original initramfs file
                 rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}"
                 # Configure U-Boot to load generated initramfs
                 printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage"
                 printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
               else # ENABLE_INITRAMFS=false
                 # Remove initramfs from U-Boot mkfile
                 sed -i '/.*initramfs.*/d' "${BOOT_DIR}/uboot.mkimage"
                 if [ "$BUILD_KERNEL" = false ] ; then
                   # Remove dtbfile from U-Boot mkfile
                   sed -i '/.*dtbfile.*/d' "${BOOT_DIR}/uboot.mkimage"
                   printf "\nbootz \${kernel_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                 else
                   printf "\nbootz \${kernel_addr_r} - \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage"
                 fi
               fi
               if [ "$SET_ARCH" = 64 ] ; then
                 echo "Setting up config.txt to boot 64bit uboot"
                 {
                   printf "\n# 64bit-mode"
                   printf "\n# arm_control=0x200 is deprecated https://www.raspberrypi.org/documentation/configuration/config-txt/misc.md"
                   printf "\narm_64bit=1"
                 } >> "${BOOT_DIR}/config.txt"
                 #in 64bit uboot booti is used instead of bootz [like in KERNEL_BIN_IMAGE=zImage (armv7)|| Image(armv8)]
                 sed -i "s|bootz|booti|g" "${BOOT_DIR}/uboot.mkimage"
               fi
+              # instead of sd, boot from usb device
+              if [ "$ENABLE_USBBOOT" = true ] ; then
+                sed -i "s|mmc|usb|g" "${BOOT_DIR}/uboot.mkimage"
+              fi
               # Set mkfile to use the correct dtb file
               sed -i "s|bcm2709-rpi-2-b.dtb|${DTB_FILE}|" "${BOOT_DIR}/uboot.mkimage"
               # Set mkfile to use the correct mach id
               if [ "$ENABLE_QEMU" = true ] ; then
                 sed -i "s/^\(setenv machid \).*/\10x000008e0/" "${BOOT_DIR}/uboot.mkimage"
               fi
               # Set mkfile to use kernel image
               sed -i "s|kernel7.img|${KERNEL_IMAGE}|" "${BOOT_DIR}/uboot.mkimage"
               # Remove all leading blank lines
               sed -i "/./,\$!d" "${BOOT_DIR}/uboot.mkimage"
               # Generate U-Boot bootloader image
               chroot_exec /usr/sbin/mkimage -A "${KERNEL_ARCH}" -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi${RPI_MODEL}" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
               # Remove U-Boot sources
               rm -fr "${R}/tmp/u-boot"
             fi

bootstrap.d/43-videocore.sh +3 0

             #
             # Setup videocore - Raspberry Userland
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_VIDEOCORE" = true ] ; then
               # Copy existing videocore sources into chroot directory
               if [ -n "$VIDEOCORESRC_DIR" ] && [ -d "$VIDEOCORESRC_DIR" ] ; then
                 # Copy local videocore sources
                 cp -r "${VIDEOCORESRC_DIR}" "${R}/tmp/userland"
               else
                 # Create temporary directory for videocore sources
                 temp_dir=$(as_nobody mktemp -d)
                 # Fetch videocore sources
                 as_nobody git -C "${temp_dir}" clone "${VIDEOCORE_URL}"
                 # Copy downloaded videocore sources
                 mv "${temp_dir}/userland" "${R}/tmp/"
                 # Set permissions of the U-Boot sources
                 chown -R root:root "${R}/tmp/userland"
                 # Remove temporary directory for U-Boot sources
                 rm -fr "${temp_dir}"
               fi
               # Create build dir
               mkdir "${R}"/tmp/userland/build
               # push us to build directory
               cd "${R}"/tmp/userland/build
               if [ "$RELEASE_ARCH" = "arm64" ] ; then
               cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DARM64=ON -DCMAKE_C_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_CXX_COMPILER=aarch64-linux-gnu-g++ -DCMAKE_ASM_COMPILER=aarch64-linux-gnu-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
               fi
               if [ "$RELEASE_ARCH" = "armel" ] ; then
               cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_C_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_CXX_COMPILER=arm-linux-gnueabi-g++ -DCMAKE_ASM_COMPILER=arm-linux-gnueabi-gcc -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -U_FORTIFY_SOURCE" -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -c" -DCMAKE_SYSTEM_PROCESSOR="arm" -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
               fi
               if [ "$RELEASE_ARCH" = "armhf" ] ; then
               cmake -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_BUILD_TYPE=release -DCMAKE_TOOLCHAIN_FILE="${R}"/tmp/userland/makefiles/cmake/toolchains/arm-linux-gnueabihf.cmake -DVIDEOCORE_BUILD_DIR="${R}" "${R}/tmp/userland"
               fi
               #build userland
               make -j "$(nproc)"
               #back to root of scriptdir
               cd "${WORKDIR}"
+              # Remove videocore sources
+              rm -fr "${R}"/tmp/userland/
             fi

bootstrap.d/50-firstboot.sh +15 -10

             #
             # First boot actions
             #
             # Load utility functions
             . ./functions.sh
             # Prepare rc.firstboot script
             cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
-            # Ensure openssh server host keys are regenerated on first boot
-            if [ "$ENABLE_SSHD" = true ] ; then
-              cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
-            fi
             # Prepare filesystem auto expand
             if [ "$EXPANDROOT" = true ] ; then
               if [ "$ENABLE_CRYPTFS" = false ] ; then
-                cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
+                cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
               else
                 # Regenerate initramfs to remove encrypted root partition auto expand
-                cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
+                cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
+              fi
+              # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
+              if [ "$ENABLE_DPHYSSWAP" = true ] ; then
+                cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
+              fi
             fi
+            # Ensure openssh server host keys are regenerated on first boot
+            if [ "$ENABLE_SSHD" = true ] ; then
+              cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
             fi
             # Ensure that dbus machine-id exists
-            cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
+            cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
             # Create /etc/resolv.conf symlink
-            cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
+            cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
             # Configure automatic network interface names
             if [ "$ENABLE_IFNAMES" = true ] ; then
-              cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
+              cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
             fi
             # Finalize rc.firstboot script
             cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
             chmod +x "${ETC_DIR}/rc.firstboot"
             # Install default rc.local if it does not exist
             if [ ! -f "${ETC_DIR}/rc.local" ] ; then
               install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
             fi
             # Add rc.firstboot script to rc.local
             sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
             echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
             echo exit 0 >> "${ETC_DIR}/rc.local"

files/apt/sources.list +6 -6

@@ -1,8 +1,8
1	deb http://ftp.debian.org/debian ~~jessie~~ main contrib	1	deb http://ftp.debian.org/debian stretch main contrib
2	#deb-src http://ftp.debian.org/debian ~~jessie~~ main contrib	2	#deb-src http://ftp.debian.org/debian stretch main contrib
3		3
4	deb http://ftp.debian.org/debian/ ~~jessie~~-updates main contrib	4	deb http://ftp.debian.org/debian/ stretch-updates main contrib
5	#deb-src http://ftp.debian.org/debian/ ~~jessie~~-updates main contrib	5	#deb-src http://ftp.debian.org/debian/ stretch-updates main contrib
6		6
7	deb http://security.debian.org/ ~~jessie~~/updates main contrib	7	deb http://security.debian.org/ stretch/updates main contrib
8	#deb-src http://security.debian.org/ ~~jessie~~/updates main contrib	8	#deb-src http://security.debian.org/ stretch/updates main contrib

files/firstboot/20-expandroot.sh ~~files/firstboot/22-expandroot.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh

files/firstboot/21-regenerate-initramfs.sh ~~files/firstboot/23-regenerate-initramfs.sh~~ renamed +1 0

             logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
             KERNEL_VERSION=$(uname -r)
             KERNEL_ARCH=$(uname -m)
             INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
             INITRAMFS_UBOOT="${INITRAMFS}.uboot"
             # Extract kernel arch
             case "${KERNEL_ARCH}" in
               arm*) KERNEL_ARCH=arm ;;
+              aarch64) KERNEL_ARCH=arm64 ;;
             esac
             # Regenerate initramfs
             if [ -r "${INITRAMFS}" ] ; then
               rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
               rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
               rm -f /etc/initramfs-tools/hooks/expand-tools
               rm -f "${INITRAMFS}"
               mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
             fi
             # Convert generated initramfs for U-Boot using mkimage
             if [ -r "${INITRAMFS_UBOOT}" ] ; then
               rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
               rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
               rm -f /etc/initramfs-tools/hooks/expand-tools
               rm -f "${INITRAMFS_UBOOT}"
               mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
               mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
               rm -f "${INITRAMFS}"
             fi

files/firstboot/30-generate-ssh-keys.sh ~~files/firstboot/21-generate-ssh-keys.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh

files/firstboot/40-generate-machineid.sh ~~files/firstboot/24-generate-machineid.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh

files/firstboot/41-create-resolv-symlink.sh ~~files/firstboot/25-create-resolv-symlink.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh

files/firstboot/42-config-ifnames.sh ~~files/firstboot/26-config-ifnames.sh~~ renamed 0 0

NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh

functions.sh +42 -3

             # This file contains utility functions used by rpi23-gen-image.sh
             cleanup (){
               set +x
               set +e
+              # Remove exports from nexmon
+              unset KERNEL
+              unset ARCH
+              unset SUBARCH
+              unset CCPLUGIN
+              unset ZLIBFLATE
+              unset Q
+              unset NEXMON_SETUP_ENV
+              unset HOSTUNAME
+              unset PLATFORMUNAME
               # Identify and kill all processes still using files
               echo "killing processes using mount point ..."
               fuser -k "${R}"
               sleep 3
               fuser -9 -k -v "${R}"
               # Clean up temporary .password file
               if [ -r ".password" ] ; then
                 shred -zu .password
               fi
               # Clean up all temporary mount points
               echo "removing temporary mount points ..."
               umount -l "${R}/proc" 2> /dev/null
               umount -l "${R}/sys" 2> /dev/null
               umount -l "${R}/dev/pts" 2> /dev/null
               umount "$BUILDDIR/mount/boot/firmware" 2> /dev/null
               umount "$BUILDDIR/mount" 2> /dev/null
               cryptsetup close "${CRYPTFS_MAPPING}" 2> /dev/null
               losetup -d "$ROOT_LOOP" 2> /dev/null
               losetup -d "$FRMW_LOOP" 2> /dev/null
               trap - 0 1 2 3 6
             }
             chroot_exec() {
               # Exec command in chroot
               LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot "${R}" "$@"
             }
             as_nobody() {
               # Exec command as user nobody
               sudo -E -u nobody LANG=C LC_ALL=C "$@"
             }
             install_readonly() {
               # Install file with user read-only permissions
               install -o root -g root -m 644 "$@"
             }
             install_exec() {
               # Install file with root exec permissions
               install -o root -g root -m 744 "$@"
             }
             use_template () {
               # Test if configuration template file exists
               if [ ! -r "./templates/${CONFIG_TEMPLATE}" ] ; then
                 echo "error: configuration template ${CONFIG_TEMPLATE} not found"
                 exit 1
               fi
               # Load template configuration parameters
               . "./templates/${CONFIG_TEMPLATE}"
             }
             chroot_install_cc() {
               # Install c/c++ build environment inside the chroot
               if [ -z "${COMPILER_PACKAGES}" ] ; then
                 COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }')
-            	# Install COMPILER_PACKAGES in chroot
+            	# Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot
-                chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install "${COMPILER_PACKAGES}"
+                chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES}
               fi
             }
             chroot_remove_cc() {
               # Remove c/c++ build environment from the chroot
               if [ -n "${COMPILER_PACKAGES}" ] ; then
-                chroot_exec apt-get -qq -y --auto-remove purge "${COMPILER_PACKAGES}"
+                chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES}
                 COMPILER_PACKAGES=""
               fi
             }
+            # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0
+            cdr2mask ()
+            {
+               # Number of args to shift, 255..255, first non-255 byte, zeroes
+               set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
+               [ $1 -gt 1 ] && shift $1 || shift
+               echo ${1-0}.${2-0}.${3-0}.${4-0}
+            }
+            # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh
+            set_kernel_config() {
+              # flag as $1, value to set as $2, config must exist at "./.config"
+              TGT="CONFIG_${1#CONFIG_}"
+              REP="${2}"
+              if grep -q "^${TGT}[^_]" .config; then
+                sed -i "s/^\(${TGT}=.*\|# ${TGT} is not set\)/${TGT}=${REP}/" .config
+              else
+                echo "${TGT}"="${2}" >> .config
+              fi
+            }
+            # unset kernel config parameter
+            unset_kernel_config() {
+              # unsets flag with the value of $1, config must exist at "./.config"
+              TGT="CONFIG_${1#CONFIG_}"
+              sed -i "s/^${TGT}=.*/# ${TGT} is not set/" .config
+            }
  No newline at end of file

rpi23-gen-image.sh +84 -22

             #!/bin/sh
             ########################################################################
             # rpi23-gen-image.sh					       2015-2017
             #
             # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
             #
             # Big thanks for patches and enhancements by 20+ github contributors!
             ########################################################################
             # Are we running as root?
             if [ "$(id -u)" -ne "0" ] ; then
               echo "error: this script must be executed with root privileges!"
               exit 1
             fi
             # Check if ./functions.sh script exists
             if [ ! -r "./functions.sh" ] ; then
               echo "error: './functions.sh' required script not found!"
               exit 1
             fi
             # Load utility functions
             . ./functions.sh
             # Load parameters from configuration template file
             if [ -n "$CONFIG_TEMPLATE" ] ; then
               use_template
             fi
             # Introduce settings
             set -e
             echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
             set -x
             # Raspberry Pi model configuration
             RPI_MODEL=${RPI_MODEL:=2}
             # Debian release
             RELEASE=${RELEASE:=buster}
             # Kernel Branch
             KERNEL_BRANCH=${KERNEL_BRANCH:=""}
             # URLs
             KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
             FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
             WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
             COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
             FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
             UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
             VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
             BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
+            NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
+            SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
+            # Kernel deb packages for 32bit kernel
+            RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
+            RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
+            # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
+            RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
+            # Default precompiled 64bit kernel
+            RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
+            # Generic
+            RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
+            # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
+            KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
             # Build directories
             WORKDIR=$(pwd)
             BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
             BUILDDIR="${BASEDIR}/build"
             # Chroot directories
             R="${BUILDDIR}/chroot"
             ETC_DIR="${R}/etc"
             LIB_DIR="${R}/lib"
             BOOT_DIR="${R}/boot/firmware"
             KERNEL_DIR="${R}/usr/src/linux"
             WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
             BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
             # Firmware directory: Blank if download from github
             RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
             # General settings
             SET_ARCH=${SET_ARCH:=32}
             HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
             PASSWORD=${PASSWORD:=raspberry}
             USER_PASSWORD=${USER_PASSWORD:=raspberry}
             DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
             TIMEZONE=${TIMEZONE:="Europe/Berlin"}
             EXPANDROOT=${EXPANDROOT:=true}
+            ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
             # Keyboard settings
             XKB_MODEL=${XKB_MODEL:=""}
             XKB_LAYOUT=${XKB_LAYOUT:=""}
             XKB_VARIANT=${XKB_VARIANT:=""}
             XKB_OPTIONS=${XKB_OPTIONS:=""}
             # Network settings (DHCP)
             ENABLE_DHCP=${ENABLE_DHCP:=true}
             # Network settings (static)
             NET_ADDRESS=${NET_ADDRESS:=""}
             NET_GATEWAY=${NET_GATEWAY:=""}
             NET_DNS_1=${NET_DNS_1:=""}
             NET_DNS_2=${NET_DNS_2:=""}
             NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
             NET_NTP_1=${NET_NTP_1:=""}
             NET_NTP_2=${NET_NTP_2:=""}
             # APT settings
             APT_PROXY=${APT_PROXY:=""}
             APT_SERVER=${APT_SERVER:="ftp.debian.org"}
+            KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
             # Feature settings
             ENABLE_PRINTK=${ENABLE_PRINTK:=false}
             ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
             ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
             ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
             ENABLE_I2C=${ENABLE_I2C:=false}
             ENABLE_SPI=${ENABLE_SPI:=false}
             ENABLE_IPV6=${ENABLE_IPV6:=true}
             ENABLE_SSHD=${ENABLE_SSHD:=true}
             ENABLE_NONFREE=${ENABLE_NONFREE:=false}
             ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
             ENABLE_SOUND=${ENABLE_SOUND:=true}
             ENABLE_DBUS=${ENABLE_DBUS:=true}
             ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
             ENABLE_MINGPU=${ENABLE_MINGPU:=false}
             ENABLE_XORG=${ENABLE_XORG:=false}
             ENABLE_WM=${ENABLE_WM:=""}
             ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
             ENABLE_USER=${ENABLE_USER:=true}
             USER_NAME=${USER_NAME:="pi"}
             ENABLE_ROOT=${ENABLE_ROOT:=false}
             ENABLE_QEMU=${ENABLE_QEMU:=false}
             ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
             # SSH settings
             SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
             SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
             SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
             SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
             SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
             # Advanced settings
+            ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_REDUCE=${ENABLE_REDUCE:=false}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
+            ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
             ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
             ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
+            ENABLE_NEXMON=${ENABLE_NEXMON:=false}
             VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
             FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
+            NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
             ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
             ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
+            ENABLE_SPLASH=${ENABLE_SPLASH:=true}
+            ENABLE_LOGO=${ENABLE_LOGO:=true}
+            ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
             DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
             # Kernel compilation settings
             BUILD_KERNEL=${BUILD_KERNEL:=true}
             KERNEL_REDUCE=${KERNEL_REDUCE:=false}
             KERNEL_THREADS=${KERNEL_THREADS:=1}
             KERNEL_HEADERS=${KERNEL_HEADERS:=true}
             KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
             KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
             KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
             KERNEL_CCACHE=${KERNEL_CCACHE:=false}
+            KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
+            KERNEL_VIRT=${KERNEL_VIRT:=false}
+            KERNEL_BPF=${KERNEL_BPF:=false}
+            KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
+            KERNEL_SECURITY=${KERNEL_SECURITY:=false}
+            KERNEL_NF=${KERNEL_NF:=false}
             # Kernel compilation from source directory settings
             KERNELSRC_DIR=${KERNELSRC_DIR:=""}
             KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
             KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
             KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
             # Reduce disk usage settings
             REDUCE_APT=${REDUCE_APT:=true}
             REDUCE_DOC=${REDUCE_DOC:=true}
             REDUCE_MAN=${REDUCE_MAN:=true}
             REDUCE_VIM=${REDUCE_VIM:=false}
             REDUCE_BASH=${REDUCE_BASH:=false}
             REDUCE_HWDB=${REDUCE_HWDB:=true}
             REDUCE_SSHD=${REDUCE_SSHD:=true}
             REDUCE_LOCALE=${REDUCE_LOCALE:=true}
             # Encrypted filesystem settings
             ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
             CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
             CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
             CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
             CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
+            #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
+            CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
+            #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
+            CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
             # Chroot scripts directory
             CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
             # Packages required in the chroot build environment
             APT_INCLUDES=${APT_INCLUDES:=""}
             APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
             # Packages to exclude from chroot build environment
             APT_EXCLUDES=${APT_EXCLUDES:=""}
             # Packages required for bootstrapping
             REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
             MISSING_PACKAGES=""
             # Packages installed for c/c++ build environment in chroot (keep empty)
             COMPILER_PACKAGES=""
-            set +x
             # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
-            APT_CACHER_RUNNING=$(lsof -i :3142 | grep apt-cacher-ng |  cut -d ' ' -f3 | uniq)
+            APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
-            if [ -n "${APT_CACHER_RUNNING}" ] ; then
+            if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
               APT_PROXY=http://127.0.0.1:3142/
             fi
             # Setup architecture specific settings
             if [ -n "$SET_ARCH" ] ; then
               # 64-bit configuration
               if [ "$SET_ARCH" = 64 ] ; then
                 # General 64-bit depended settings
                 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
                 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
                 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
                 # Raspberry Pi model specific settings
                 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
                   KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
                   RELEASE_ARCH=${RELEASE_ARCH:=arm64}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
                 else
                   echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
                   exit 1
                 fi
               fi
               # 32-bit configuration
               if [ "$SET_ARCH" = 32 ] ; then
                 # General 32-bit dependend settings
                 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
                 KERNEL_ARCH=${KERNEL_ARCH:=arm}
                 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
                 # Raspberry Pi model specific settings
                 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
                   KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
                   RELEASE_ARCH=${RELEASE_ARCH:=armel}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
                 fi
                 # Raspberry Pi model specific settings
                 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
                   REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
                   KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
                   RELEASE_ARCH=${RELEASE_ARCH:=armhf}
                   KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
                   CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
                 fi
               fi
             # SET_ARCH not set
             else
               echo "error: Please set '32' or '64' as value for SET_ARCH"
               exit 1
             fi
             # Device specific configuration and U-Boot configuration
             case "$RPI_MODEL" in
 )
                 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
                 ;;
 P)
                 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
                 ;;
 )
                 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
                 ;;
 P)
                 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
                 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
                 ;;
               *)
                 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
                 exit 1
                 ;;
             esac
             # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
             if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
               # Include bluetooth packages on supported boards
-              if [ "$ENABLE_BLUETOOTH" = true ] && [ "$ENABLE_CONSOLE" = false ]; then
+              if [ "$ENABLE_BLUETOOTH" = true ] ; then
                 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
               fi
+              if [ "$ENABLE_WIRELESS" = true ] ; then
+                APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
+              fi
             else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
               # Check if the internal wireless interface is not supported by the RPi model
               if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
                 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
                 exit 1
               fi
             fi
+            if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
+              echo "error: You have to compile kernel sources, if you want to enable nexmon"
+              exit 1
+            fi
             # Prepare date string for default image file name
             DATE="$(date +%Y-%m-%d)"
             if [ -z "$KERNEL_BRANCH" ] ; then
               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
             else
               IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
             fi
             # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
             if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
               if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
                 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
                 exit 1
               fi
             fi
             # Add cmake to compile videocore sources
             if [ "$ENABLE_VIDEOCORE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
             fi
+            # Add deps for nexmon
+            if [ "$ENABLE_NEXMON" = true ] ; then
+              REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
+            fi
             # Add libncurses5 to enable kernel menuconfig
             if [ "$KERNEL_MENUCONFIG" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
             fi
             # Add ccache compiler cache for (faster) kernel cross (re)compilation
             if [ "$KERNEL_CCACHE" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
             fi
             # Add cryptsetup package to enable filesystem encryption
             if [ "$ENABLE_CRYPTFS" = true ]  && [ "$BUILD_KERNEL" = true ] ; then
               REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
               APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
+              # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
+              if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
+                APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
+              fi
               if [ -z "$CRYPTFS_PASSWORD" ] ; then
                 echo "error: no password defined (CRYPTFS_PASSWORD)!"
                 exit 1
               fi
               ENABLE_INITRAMFS=true
             fi
             # Add initramfs generation tools
             if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
             fi
             # Add device-tree-compiler required for building the U-Boot bootloader
             if [ "$ENABLE_UBOOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
             fi
-            if [ "$ENABLE_BLUETOOTH" = true ] ; then
+            if [ "$ENABLE_USBBOOT" = true ] ; then
-              if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
+              if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
-                if [ "$ENABLE_CONSOLE" = false ] ; then
+                echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
-            	  APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
+                exit 1
-            	fi
               fi
             fi
             # Check if root SSH (v2) public key file exists
             if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
               if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
                 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
                 exit 1
               fi
             fi
             # Check if $USER_NAME SSH (v2) public key file exists
             if [ -n "$SSH_USER_PUB_KEY" ] ; then
               if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
                 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
                 exit 1
               fi
             fi
+            if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
+              echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
+              exit 1
+            fi
             # Check if all required packages are installed on the build system
             for package in $REQUIRED_PACKAGES ; do
               if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
                 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
               fi
             done
             # If there are missing packages ask confirmation for install, or exit
             if [ -n "$MISSING_PACKAGES" ] ; then
               echo "the following packages needed by this script are not installed:"
               echo "$MISSING_PACKAGES"
               printf "\ndo you want to install the missing packages right now? [y/n] "
               read -r confirm
               [ "$confirm" != "y" ] && exit 1
               # Make sure all missing required packages are installed
               apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
             fi
             # Check if ./bootstrap.d directory exists
             if [ ! -d "./bootstrap.d/" ] ; then
               echo "error: './bootstrap.d' required directory not found!"
               exit 1
             fi
             # Check if ./files directory exists
             if [ ! -d "./files/" ] ; then
               echo "error: './files' required directory not found!"
               exit 1
             fi
             # Check if specified KERNELSRC_DIR directory exists
             if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
               echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
               exit 1
             fi
             # Check if specified UBOOTSRC_DIR directory exists
             if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
               echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
               exit 1
             fi
             # Check if specified VIDEOCORESRC_DIR directory exists
             if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
               echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
               exit 1
             fi
             # Check if specified FBTURBOSRC_DIR directory exists
             if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
               echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
               exit 1
             fi
+            # Check if specified NEXMONSRC_DIR directory exists
+            if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
+              echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
+              exit 1
+            fi
             # Check if specified CHROOT_SCRIPTS directory exists
             if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
                echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
                exit 1
             fi
             # Check if specified device mapping already exists (will be used by cryptsetup)
             if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
               echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
               exit 1
             fi
             # Don't clobber an old build
             if [ -e "$BUILDDIR" ] ; then
               echo "error: directory ${BUILDDIR} already exists, not proceeding"
               exit 1
             fi
             # Setup chroot directory
             mkdir -p "${R}"
             # Check if build directory has enough of free disk space >512MB
             if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
               echo "error: ${BUILDDIR} not enough space left to generate the output image!"
               exit 1
             fi
             set -x
             # Call "cleanup" function on various signals and errors
             trap cleanup 0 1 2 3 6
             # Add required packages for the minbase installation
             if [ "$ENABLE_MINBASE" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
             fi
             # Add parted package, required to get partprobe utility
             if [ "$EXPANDROOT" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},parted"
             fi
+            # Add dphys-swapfile package, required to enable swap
+            if [ "$ENABLE_DPHYSSWAP" = true ] ; then
+              APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
+            fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
             fi
             # Add iptables IPv4/IPv6 package
             if [ "$ENABLE_IPTABLES" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
             fi
+            # Add apparmor for KERNEL_SECURITY
+            if [ "$KERNEL_SECURITY" = true ] ; then
+              APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
+            fi
             # Add openssh server package
             if [ "$ENABLE_SSHD" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},openssh-server"
             fi
             # Add alsa-utils package
             if [ "$ENABLE_SOUND" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},alsa-utils"
             fi
             # Add rng-tools package
             if [ "$ENABLE_HWRANDOM" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},rng-tools"
             fi
             # Add fbturbo video driver
             if [ "$ENABLE_FBTURBO" = true ] ; then
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add user defined window manager package
             if [ -n "$ENABLE_WM" ] ; then
               APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
               # Enable xorg package dependencies
               ENABLE_XORG=true
             fi
             # Add xorg package
             if [ "$ENABLE_XORG" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
             fi
             # Replace selected packages with smaller clones
             if [ "$ENABLE_REDUCE" = true ] ; then
               # Add levee package instead of vim-tiny
               if [ "$REDUCE_VIM" = true ] ; then
                 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
               fi
               # Add dropbear package instead of openssh-server
               if [ "$REDUCE_SSHD" = true ] ; then
                 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
               fi
             fi
             # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
             if [ "$ENABLE_SYSVINIT" = false ] ; then
               APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
             fi
-            # Check if kernel is getting compiled
-            if [ "$BUILD_KERNEL" = false ] ; then
-              echo "Downloading precompiled kernel"
-              echo "error: not configured"
-              exit 1;
-            # BUILD_KERNEL=true
-            else
-              echo "No precompiled kernel repositories were added"
-            fi
             # Configure kernel sources if no KERNELSRC_DIR
             if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
               KERNELSRC_CONFIG=true
             fi
             # Configure reduced kernel
             if [ "$KERNEL_REDUCE" = true ] ; then
               KERNELSRC_CONFIG=false
             fi
             # Configure qemu compatible kernel
             if [ "$ENABLE_QEMU" = true ] ; then
               DTB_FILE=vexpress-v2p-ca15_a7.dtb
               UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
               KERNEL_DEFCONFIG="vexpress_defconfig"
               if [ "$KERNEL_MENUCONFIG" = false ] ; then
                 KERNEL_OLDDEFCONFIG=true
               fi
             fi
             # Execute bootstrap scripts
             for SCRIPT in bootstrap.d/*.sh; do
               head -n 3 "$SCRIPT"
               . "$SCRIPT"
             done
             ## Execute custom bootstrap scripts
             if [ -d "custom.d" ] ; then
               for SCRIPT in custom.d/*.sh; do
                 . "$SCRIPT"
               done
             fi
             # Execute custom scripts inside the chroot
             if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
               cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
               chroot_exec /bin/bash -x <<'EOF'
             for SCRIPT in /chroot_scripts/* ; do
               if [ -f $SCRIPT -a -x $SCRIPT ] ; then
                 $SCRIPT
               fi
             done
             EOF
               rm -rf "${R}/chroot_scripts"
             fi
             # Remove c/c++ build environment from the chroot
             chroot_remove_cc
             # Generate required machine-id
             MACHINE_ID=$(dbus-uuidgen)
             echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
             echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
             # APT Cleanup
             chroot_exec apt-get -y clean
             chroot_exec apt-get -y autoclean
             chroot_exec apt-get -y autoremove
             # Unmount mounted filesystems
             umount -l "${R}/proc"
             umount -l "${R}/sys"
             # Clean up directories
             rm -rf "${R}/run/*"
             rm -rf "${R}/tmp/*"
+            # Clean up APT proxy settings
+            if [ "$KEEP_APT_PROXY" = false ] ; then
+              rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
+            fi
             # Clean up files
             rm -f "${ETC_DIR}/ssh/ssh_host_*"
             rm -f "${ETC_DIR}/dropbear/dropbear_*"
             rm -f "${ETC_DIR}/apt/sources.list.save"
             rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
             rm -f "${ETC_DIR}/*-"
-            rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
             rm -f "${ETC_DIR}/resolv.conf"
             rm -f "${R}/root/.bash_history"
             rm -f "${R}/var/lib/urandom/random-seed"
             rm -f "${R}/initrd.img"
             rm -f "${R}/vmlinuz"
             rm -f "${R}${QEMU_BINARY}"
             if [ "$ENABLE_QEMU" = true ] ; then
               # Setup QEMU directory
               mkdir "${BASEDIR}/qemu"
               # Copy kernel image to QEMU directory
               install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
               # Copy kernel config to QEMU directory
               install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
               # Copy kernel dtbs to QEMU directory
               for dtb in "${BOOT_DIR}/"*.dtb ; do
                 if [ -f "${dtb}" ] ; then
                   install_readonly "${dtb}" "${BASEDIR}/qemu/"
                 fi
               done
               # Copy kernel overlays to QEMU directory
               if [ -d "${BOOT_DIR}/overlays" ] ; then
                 # Setup overlays dtbs directory
                 mkdir "${BASEDIR}/qemu/overlays"
-                for dtb in "${BOOT_DIR}/overlays/"*.dtb ; do
+                for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
                   if [ -f "${dtb}" ] ; then
                     install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
                   fi
                 done
               fi
               # Copy u-boot files to QEMU directory
               if [ "$ENABLE_UBOOT" = true ] ; then
                 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
                   install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
                 fi
                 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
                   install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
                 fi
                 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
                   install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
                 fi
               fi
               # Copy initramfs to QEMU directory
               if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
                 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
               fi
             fi
             # Calculate size of the chroot directory in KB
             CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
             # Calculate the amount of needed 512 Byte sectors
             TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
             FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
             ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
             # The root partition is EXT4
             # This means more space than the actual used space of the chroot is used.
             # As overhead for journaling and reserved blocks 35% are added.
             ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
             # Calculate required image size in 512 Byte sectors
             IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
             # Prepare image file
             if [ "$ENABLE_SPLITFS" = true ] ; then
               dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
               # Write firmware/boot partition tables
               sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             EOM
               # Write root partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
               ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
             else # ENABLE_SPLITFS=false
               dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
               dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
               # Write partition table
               sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
             ${TABLE_SECTORS},${FRMW_SECTORS},c,*
             ${ROOT_OFFSET},${ROOT_SECTORS},83
             EOM
               # Setup temporary loop devices
               FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
               ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
             fi
             if [ "$ENABLE_CRYPTFS" = true ] ; then
               # Create dummy ext4 fs
               mkfs.ext4 "$ROOT_LOOP"
               # Setup password keyfile
               touch .password
               chmod 600 .password
               echo -n ${CRYPTFS_PASSWORD} > .password
               # Initialize encrypted partition
               echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
               # Open encrypted partition and setup mapping
               cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
               # Secure delete password keyfile
               shred -zu .password
               # Update temporary loop device
               ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
               # Wipe encrypted partition (encryption cipher is used for randomness)
               dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
             fi
             # Build filesystems
             mkfs.vfat "$FRMW_LOOP"
             mkfs.ext4 "$ROOT_LOOP"
             # Mount the temporary loop devices
             mkdir -p "$BUILDDIR/mount"
             mount "$ROOT_LOOP" "$BUILDDIR/mount"
             mkdir -p "$BUILDDIR/mount/boot/firmware"
             mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
             # Copy all files from the chroot to the loop device mount point directory
             rsync -a "${R}/" "$BUILDDIR/mount/"
             # Unmount all temporary loop devices and mount points
             cleanup
             # Create block map file(s) of image(s)
             if [ "$ENABLE_SPLITFS" = true ] ; then
               # Create block map files for "bmaptool"
               bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
               bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
               # Image was successfully created
               echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
             else
               # Create block map file for "bmaptool"
               bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
               # Image was successfully created
               echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
               # Create qemu qcow2 image
               if [ "$ENABLE_QEMU" = true ] ; then
                 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
                 QEMU_SIZE=16G
                 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
                 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
                 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
               fi
             fi

files/apt/flash-kernel removed 0 -3

NO CONTENT: file was removed

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages