@@ -837,6 +837,9 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
837 | 837 | |
|
838 | 838 | # Initialize encrypted partition |
|
839 | 839 | cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password |
|
840 | ||
|
841 | # Update temporary loop device | |
|
842 | ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" | |
|
840 | 843 | |
|
841 | 844 | # Open encrypted partition and setup mapping |
|
842 | 845 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" |
@@ -844,9 +847,6 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||
|
844 | 847 | # Secure delete password keyfile |
|
845 | 848 | shred -zu .password |
|
846 | 849 | |
|
847 | # Update temporary loop device | |
|
848 | ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" | |
|
849 | ||
|
850 | 850 | # Wipe encrypted partition (encryption cipher is used for randomness) |
|
851 | 851 | dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" |
|
852 | 852 | fi |
@@ -20,8 +20,8 ENABLE_USBBOOT=false | |||
|
20 | 20 | CRYPTFS_PASSWORD=Password123! |
|
21 | 21 | CRYPTFS_DROPBEAR=true |
|
22 | 22 | CRYPTFS_CIPHER=aes-xts-plain64 |
|
23 |
CRYPTFS_HASH=sha |
|
|
24 |
CRYPTFS_XTSKEYSIZE= |
|
|
23 | CRYPTFS_HASH=sha256 | |
|
24 | CRYPTFS_XTSKEYSIZE=256 | |
|
25 | 25 | #CRYPTFS_DROPBEAR_PUBKEY=pathtokey |
|
26 | 26 | |
|
27 | 27 | HOSTNAME=RPI |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant