Adjust luksFormat options to reduce time to open luks device on boot (#430)
This is a workaround for #429, until the iteration count can be specified directly in cryptsetup. * Add default iter-time option, and option to override * set SHA1 default hash for luksFormat, add option to override * [RX51] load omap-sham in initramfs for HW accel. sha1
This commit is contained in:
parent
70aa50ff50
commit
558cd40fbf
|
@ -1,6 +1,6 @@
|
|||
pkgname=device-nokia-rx51
|
||||
pkgver=1
|
||||
pkgrel=15
|
||||
pkgrel=16
|
||||
pkgdesc="Nokia N900"
|
||||
url="https://github.com/postmarketOS"
|
||||
arch="noarch"
|
||||
|
@ -56,7 +56,7 @@ package() {
|
|||
"$pkgdir"/usr/share/bkeymaps/us/rx51_us.bmap.gz
|
||||
}
|
||||
|
||||
sha512sums="cecba9a4a5ba6ddd736e4a46eecac20865d6c4d7a2d95efbbc33d1e8cacf9e3583aa80118fd5044da6ee08997d9d2c59af4f896692859b6e2e39e55fa515b566 deviceinfo
|
||||
sha512sums="998790a43f6994ef919ac5b629ef23d76e3bcdf5e80987af996bec71c86bace7510e1ca59c20b14faf79dc986ad8c74c5cb5c44c9043905e877ebecc06232b4c deviceinfo
|
||||
1b89309dd4fe7ee0ba37c6224a0152d6864bb1c7bc4e96918a57e01bebc4173559855ae9673887223de4a8baa3191c8ad88ec8594776a4110cdb19a7be790db4 uboot-script.cmd
|
||||
3d55e34b95791636e44a5f41754f3d0de039dbba41f7a556d43a95c9e64afcfa930046b4b96b40020b6f196096ffba93514682927e32fa4488686fdd19c6da5a backlight-enable.sh
|
||||
98c554a709d6e8da5835bd792d833355d830fca1cfea12ec7fe4f41d1d1126389c51a8a392a7f94093473c19263cc6846cc40d7e179c2facf12db2d68ff923f9 90-touchscreen-dev.rules
|
||||
|
|
|
@ -9,7 +9,7 @@ deviceinfo_keyboard="true"
|
|||
deviceinfo_keymaps="us/rx51_us"
|
||||
deviceinfo_nonfree="????"
|
||||
deviceinfo_dtb="omap3-n900"
|
||||
deviceinfo_modules_initfs="tsc2005 tsc200x-core omap_wdt twl4030_wdt"
|
||||
deviceinfo_modules_initfs="tsc2005 tsc200x-core omap_wdt twl4030_wdt omap-sham"
|
||||
deviceinfo_external_disk="true"
|
||||
deviceinfo_external_disk_install="true"
|
||||
deviceinfo_flash_methods="0xFFFF"
|
||||
|
|
|
@ -60,7 +60,11 @@ defaults = {
|
|||
|
||||
# aes-xts-plain64 would be better, but this is not supported on LineageOS
|
||||
# kernel configs
|
||||
"cipher": "aes-cbc-plain64"
|
||||
"cipher": "aes-cbc-plain64",
|
||||
# A higher value is typically desired, but this can lead to VERY long open
|
||||
# times on slower devices due to host systems being MUCH faster than the
|
||||
# target device: <https://github.com/postmarketOS/pmbootstrap/issues/429>
|
||||
"iter_time": "200"
|
||||
}
|
||||
|
||||
#
|
||||
|
|
|
@ -40,7 +40,8 @@ def format_and_mount_root(args):
|
|||
logging.info(
|
||||
" *** TYPE IN THE FULL DISK ENCRYPTION PASSWORD (TWICE!) ***")
|
||||
pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom",
|
||||
"--cipher", args.cipher, "-q", device], log=False)
|
||||
"--cipher", args.cipher, "-q", device,
|
||||
"--iter-time", args.iter_time], log=False)
|
||||
pmb.chroot.root(args, ["cryptsetup", "luksOpen", device,
|
||||
"pm_crypt"], log=False)
|
||||
if not os.path.exists(args.work + "/chroot_native" + mountpoint):
|
||||
|
|
|
@ -203,6 +203,9 @@ def arguments():
|
|||
" eg. /dev/mmcblk0")
|
||||
install.add_argument("--cipher", help="cryptsetup cipher used to"
|
||||
" encrypt the system partition, eg. aes-xts-plain64")
|
||||
install.add_argument("--iter-time", help="cryptsetup iteration time (in"
|
||||
" miliseconds) to use when encrypting the system"
|
||||
" partiton")
|
||||
install.add_argument("--add", help="comma separated list of packages to be"
|
||||
" added to the rootfs (e.g. 'vim,gcc')")
|
||||
install.add_argument("--no-fde", help="do not use full disk encryption",
|
||||
|
@ -218,7 +221,7 @@ def arguments():
|
|||
action="store_true", dest="recovery_flash_bootimg")
|
||||
install.add_argument("--recovery-install-partition", default="system",
|
||||
help="partition to flash from recovery,"
|
||||
"eg. external_sd",
|
||||
" eg. external_sd",
|
||||
dest="recovery_install_partition")
|
||||
|
||||
# Action: menuconfig / parse_apkbuild
|
||||
|
|
Loading…
Reference in New Issue