Add comments to two functions, that if they are changed, the logic also
needs to be updated in ondev-preapre-internal-storage.sh of
postmarketos-ondev.git.
Change 'cryptsetup luksFormat' arguments to use --use-random instead of
--use-urandom. urandom is not recommended for the generation of long-term
cryptographic keys, as it may generate weak keys in low entropy
situations.
format_and_mount_root() => format_luks_root():
* Rename to reflect what it's actually doing
* Move the FDE check from format_luks_root to the only caller
* Make arguments to "cryptsetup luksFormat" more readable
format_and_mount_pm_crypt() => format_and_mount_root():
* Rename to reflect what it's actually doing
* Don't overwrite device if doing FDE; instead provide the proper device
in the caller
The old function names were for historic reasons, early on it was only
possible to create encrypted installations with pmbootstrap.
While at it, also remove unnecessary "#!/usr/bin/env python3" in files
that only get imported, and adjust other empty/comment lines in the
beginnings of the files for consistency.
This makes files easier to read, and makes the pmbootstrap codebase more
consistent with the build.postmarketos.org codebase.
This fixes#1845 without breaking #1717 (closed). The amount of inodes
only needs to be explicitly set when we don't know the size of the
filesystem before hand, for example when using fastboot or Heimdall. In
all other cases it's actually better to let it figure out automatically
how many inodes is set.
On my 16GB sdcard the amount of available inodes got increased by 10
times (from ~100K to ~1M).
This drops the --apparent-size parameter when calculating the size
required for rootfs, which seemed to return a size that was too small
for some devices. This also includes specifying the number of inodes to
support when formatting rootfs.
Fixes#1717
This is a workaround for #429, until the iteration count can be
specified directly in cryptsetup.
* Add default iter-time option, and option to override
* set SHA1 default hash for luksFormat, add option to override
* [RX51] load omap-sham in initramfs for HW accel. sha1
