1 files changed, 82 insertions, 58 deletions

diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index cc4828d..2652142 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -8,7 +8,7 @@
 # Fetch and build latest raspberry kernel
 if [ "$BUILD_KERNEL" = true ] ; then
   # Setup source directory
-  mkdir -p "$R/usr/src"
+  mkdir -p "${R}/usr/src"
 
   # Copy existing kernel sources into chroot directory
   if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
@@ -17,11 +17,11 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
     # Clean the kernel sources
     if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
-      make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
+      make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
     fi
   else # KERNELSRC_DIR=""
     # Fetch current raspberrypi kernel sources
-    git -C "$R/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
+    git -C "${R}/usr/src" clone --depth=1 https://github.com/raspberrypi/linux
   fi
 
   # Calculate optimal number of kernel building threads
@@ -33,7 +33,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
   if [ "$KERNELSRC_PREBUILT" = false ] ; then
     # Remove device, network and filesystem drivers from kernel configuration
     if [ "$KERNEL_REDUCE" = true ] ; then
-      make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+      make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
       sed -i\
       -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
       -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
@@ -64,25 +64,25 @@ if [ "$BUILD_KERNEL" = true ] ; then
       -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
       -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
       -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
-      "$R/usr/src/linux/.config"
+      "${KERNELDIR}/.config"
     fi
 
     if [ "$KERNELSRC_CONFIG" = true ] ; then
       # Load default raspberry kernel configuration
-      make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
+      make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
 
       # Start menu-driven kernel configuration (interactive)
       if [ "$KERNEL_MENUCONFIG" = true ] ; then
-        make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
+        make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
       fi
     fi
 
     # Cross compile kernel and modules
-    make -C "$R/usr/src/linux" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
+    make -C "${KERNELDIR}" -j${KERNEL_THREADS} ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" zImage modules dtbs
   fi
 
   # Check if kernel compilation was successful
-  if [ ! -r "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
+  if [ ! -r "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" ] ; then
     echo "error: kernel compilation failed! (zImage not found)"
     cleanup
     exit 1
@@ -90,50 +90,55 @@ if [ "$BUILD_KERNEL" = true ] ; then
 
   # Install kernel modules
   if [ "$ENABLE_REDUCE" = true ] ; then
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
   else
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
 
     # Install kernel firmware
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
   fi
 
   # Install kernel headers
   if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
-    make -C "$R/usr/src/linux" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
+    make -C "${KERNELDIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
   fi
 
   # Prepare boot (firmware) directory
-  mkdir "$R/boot/firmware/"
+  mkdir "${BOOTDIR}"
 
   # Get kernel release version
-  KERNEL_VERSION=`cat "$R/usr/src/linux/include/config/kernel.release"`
+  KERNEL_VERSION=`cat "${KERNELDIR}/include/config/kernel.release"`
 
   # Copy kernel configuration file to the boot directory
-  install_readonly "$R/usr/src/linux/.config" "$R/boot/config-${KERNEL_VERSION}"
+  install_readonly "${KERNELDIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
 
   # Copy dts and dtb device tree sources and binaries
-  mkdir "$R/boot/firmware/overlays/"
-  install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "$R/boot/firmware/"
-  install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "$R/boot/firmware/overlays/"
-  install_readonly "$R/usr/src/linux/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "$R/boot/firmware/overlays/README"
-
-  # Convert and copy zImage kernel to the boot directory
-  "$R/usr/src/linux/scripts/mkknlimg" "$R/usr/src/linux/arch/arm/boot/zImage" "$R/boot/firmware/kernel7.img"
+  mkdir "${BOOTDIR}/overlays"
+  install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb "${BOOTDIR}/"
+  install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtb* "${BOOTDIR}/overlays/"
+  install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOTDIR}/overlays/README"
+
+  if [ "$ENABLE_UBOOT" = false ] ; then
+    # Convert and copy zImage kernel to the boot directory
+    "${KERNELDIR}/scripts/mkknlimg" "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+  else
+    # Copy zImage kernel to the boot directory
+    install_readonly "${KERNELDIR}/arch/${KERNEL_ARCH}/boot/zImage" "${BOOTDIR}/${KERNEL_IMAGE}"
+  fi
 
   # Remove kernel sources
   if [ "$KERNEL_REMOVESRC" = true ] ; then
-    rm -fr "$R/usr/src/linux"
+    rm -fr "${KERNELDIR}"
   fi
 
   # Install latest boot binaries from raspberry/firmware github
-  wget -q -O "$R/boot/firmware/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
-  wget -q -O "$R/boot/firmware/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
-  wget -q -O "$R/boot/firmware/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
-  wget -q -O "$R/boot/firmware/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
-  wget -q -O "$R/boot/firmware/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
-  wget -q -O "$R/boot/firmware/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
-  wget -q -O "$R/boot/firmware/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
+  wget -q -O "${BOOTDIR}/bootcode.bin" https://github.com/raspberrypi/firmware/raw/master/boot/bootcode.bin
+  wget -q -O "${BOOTDIR}/fixup.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup.dat
+  wget -q -O "${BOOTDIR}/fixup_cd.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_cd.dat
+  wget -q -O "${BOOTDIR}/fixup_x.dat" https://github.com/raspberrypi/firmware/raw/master/boot/fixup_x.dat
+  wget -q -O "${BOOTDIR}/start.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start.elf
+  wget -q -O "${BOOTDIR}/start_cd.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_cd.elf
+  wget -q -O "${BOOTDIR}/start_x.elf" https://github.com/raspberrypi/firmware/raw/master/boot/start_x.elf
 
 else # BUILD_KERNEL=false
   # Kernel installation
@@ -143,14 +148,14 @@ else # BUILD_KERNEL=false
   chroot_exec apt-get -qq -y install flash-kernel
 
   # Check if kernel installation was successful
-  VMLINUZ="$(ls -1 $R/boot/vmlinuz-* | sort | tail -n 1)"
+  VMLINUZ="$(ls -1 ${R}/boot/vmlinuz-* | sort | tail -n 1)"
   if [ -z "$VMLINUZ" ] ; then
     echo "error: kernel installation failed! (/boot/vmlinuz-* not found)"
     cleanup
     exit 1
   fi
   # Copy vmlinuz kernel to the boot directory
-  install_readonly "$VMLINUZ" "$R/boot/firmware/kernel7.img"
+  install_readonly "${VMLINUZ}" "${BOOTDIR}/${KERNEL_IMAGE}"
 fi
 
 # Setup firmware boot cmdline
@@ -160,6 +165,15 @@ else
   CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait net.ifnames=1 console=tty1 ${CMDLINE}"
 fi
 
+# Add encrypted root partition to cmdline.txt
+if [ "$ENABLE_CRYPTFS" = true ] ; then
+  if [ "$ENABLE_SPLITFS" = true ] ; then
+    CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
+  else
+    CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
+  fi
+fi
+
 # Add serial console support
 if [ "$ENABLE_CONSOLE" = true ] ; then
   CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
@@ -171,69 +185,79 @@ if [ "$ENABLE_IPV6" = false ] ; then
 fi
 
 # Install firmware boot cmdline
-echo "${CMDLINE}" > "$R/boot/firmware/cmdline.txt"
-
-# Add encrypted root partition to cmdline.txt
-if [ "$ENABLE_CRYPTFS" = true ] ; then
-    sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/" "$R/boot/firmware/cmdline.txt"
-fi
+echo "${CMDLINE}" > "${BOOTDIR}/cmdline.txt"
 
 # Install firmware config
-install_readonly files/boot/config.txt "$R/boot/firmware/config.txt"
+install_readonly files/boot/config.txt "${BOOTDIR}/config.txt"
 
 # Setup minimal GPU memory allocation size: 16MB (no X)
 if [ "$ENABLE_MINGPU" = true ] ; then
-  echo "gpu_mem=16" >> "$R/boot/firmware/config.txt"
+  echo "gpu_mem=16" >> "${BOOTDIR}/config.txt"
 fi
 
 # Setup boot with initramfs
 if [ "$ENABLE_INITRAMFS" = true ] ; then
-  echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "$R/boot/firmware/config.txt"
+  echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOTDIR}/config.txt"
 fi
 
 # Create firmware configuration and cmdline symlinks
-ln -sf firmware/config.txt "$R/boot/config.txt"
-ln -sf firmware/cmdline.txt "$R/boot/cmdline.txt"
+ln -sf firmware/config.txt "${R}/boot/config.txt"
+ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
 
 # Install and setup kernel modules to load at boot
-mkdir -p "$R/lib/modules-load.d/"
-install_readonly files/modules/rpi2.conf "$R/lib/modules-load.d/rpi2.conf"
+mkdir -p "${R}/lib/modules-load.d/"
+install_readonly files/modules/rpi2.conf "${R}/lib/modules-load.d/rpi2.conf"
 
 # Load hardware random module at boot
-if [ "$ENABLE_HWRANDOM" = true ] ; then
-  sed -i "s/^# bcm2708_rng/bcm2708_rng/" "$R/lib/modules-load.d/rpi2.conf"
+if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
+  sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${R}/lib/modules-load.d/rpi2.conf"
 fi
 
 # Load sound module at boot
 if [ "$ENABLE_SOUND" = true ] ; then
-  sed -i "s/^# snd_bcm2835/snd_bcm2835/" "$R/lib/modules-load.d/rpi2.conf"
+  sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${R}/lib/modules-load.d/rpi2.conf"
 fi
 
 # Install kernel modules blacklist
-mkdir -p "$R/etc/modprobe.d/"
-install_readonly files/modules/raspi-blacklist.conf "$R/etc/modprobe.d/raspi-blacklist.conf"
+mkdir -p "${ETCDIR}/modprobe.d/"
+install_readonly files/modules/raspi-blacklist.conf "${ETCDIR}/modprobe.d/raspi-blacklist.conf"
 
 # Install and setup fstab
-install_readonly files/mount/fstab "$R/etc/fstab"
+install_readonly files/mount/fstab "${ETCDIR}/fstab"
 
 # Add usb/sda disk root partition to fstab
-if [ "$ENABLE_SPLITFS" = true ] ; then
-  sed -i "s/mmcblk0p2/sda1/" "$R/etc/fstab"
+if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then
+  sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/fstab"
 fi
 
 # Add encrypted root partition to fstab and crypttab
 if [ "$ENABLE_CRYPTFS" = true ] ; then
   # Replace fstab root partition with encrypted partition mapping
-  sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "$R/etc/fstab"
+  sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETCDIR}/fstab"
 
   # Add encrypted partition to crypttab and fstab
-  install_readonly files/mount/crypttab "$R/etc/crypttab"
-  echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "$R/etc/crypttab"
+  install_readonly files/mount/crypttab "${ETCDIR}/crypttab"
+  echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETCDIR}/crypttab"
+
+  if [ "$ENABLE_SPLITFS" = true ] ; then
+    # Add usb/sda disk to crypttab
+    sed -i "s/mmcblk0p2/sda1/" "${ETCDIR}/crypttab"
+  fi
 fi
 
 # Generate initramfs file
 if [ "$ENABLE_INITRAMFS" = true ] ; then
   if [ "$ENABLE_CRYPTFS" = true ] ; then
+    # Include initramfs scripts to auto expand encrypted root partition
+    if [ "$EXPANDROOT" = true ] ; then
+      install_exec files/initramfs/expand_encrypted_rootfs "${ETCDIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs"
+      install_exec files/initramfs/expand-premount "${ETCDIR}/initramfs-tools/scripts/local-premount/expand-premount"
+      install_exec files/initramfs/expand-tools "${ETCDIR}/initramfs-tools/hooks/expand-tools"
+    fi
+
+    # Disable SSHD inside initramfs
+    printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETCDIR}/initramfs-tools/initramfs.conf"
+
     # Dummy mapping required by mkinitramfs
     echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}"
 
@@ -249,4 +273,4 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then
 fi
 
 # Install sysctl.d configuration files
-install_readonly files/sysctl.d/81-rpi-vm.conf "$R/etc/sysctl.d/81-rpi-vm.conf"
+install_readonly files/sysctl.d/81-rpi-vm.conf "${ETCDIR}/sysctl.d/81-rpi-vm.conf"