##// END OF EJS Templates
f
Unknown -
r694:f00be94729e5
parent child
Show More
@@ -837,6 +837,9 if [ "$ENABLE_CRYPTFS" = true ] ; then
837 837
838 838 # Initialize encrypted partition
839 839 cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password
840
841 # Update temporary loop device
842 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
840 843
841 844 # Open encrypted partition and setup mapping
842 845 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
@@ -844,9 +847,6 if [ "$ENABLE_CRYPTFS" = true ] ; then
844 847 # Secure delete password keyfile
845 848 shred -zu .password
846 849
847 # Update temporary loop device
848 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
849
850 850 # Wipe encrypted partition (encryption cipher is used for randomness)
851 851 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
852 852 fi
@@ -20,8 +20,8 ENABLE_USBBOOT=false
20 20 CRYPTFS_PASSWORD=Password123!
21 21 CRYPTFS_DROPBEAR=true
22 22 CRYPTFS_CIPHER=aes-xts-plain64
23 CRYPTFS_HASH=sha512
24 CRYPTFS_XTSKEYSIZE=512
23 CRYPTFS_HASH=sha256
24 CRYPTFS_XTSKEYSIZE=256
25 25 #CRYPTFS_DROPBEAR_PUBKEY=pathtokey
26 26
27 27 HOSTNAME=RPI
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant