cross-posted from: https://programming.dev/post/23945016

Hi,

I’ve recompiled my kernel^[1] of my raspberry pi 4 than run under Devuan rpi

some of the command used on the rpi to compile

apt install build-essential libncurses-dev bison flex libssl-dev libelf-dev
mkdir /RaspKernel_6_1_y && cd /RaspKernel_6_1_y
git clone --depth=1 --branch rpi-6.1.y https://github.com/raspberrypi/linux
cd linux
cp /boot/config-6.1.93 /RaspKernel_6_1_y/linux/.config
KERNEL=kernel8
make menuconfig
time make -j$((`nproc` - 2)) Image.gz modules dtbs
make -j$((`nproc` - 2)) modules_install
cp arch/arm64/boot/Image.gz /boot/broadcom/$KERNEL.img
cp arch/arm64/boot/dts/broadcom/*.dtb /boot/broadcom/
cp arch/arm64/boot/dts/overlays/*.dtb* /boot/firmware/overlays/
cp arch/arm64/boot/dts/overlays/README /boot/firmware/overlays/
reboot
apt install cryptsetup

In addition to have enabled some cipher/algorithm in the kernel config I have set a string ( TESTversionA ) in CONFIG_LOCALVERSION , may be I shouldn’t have :/ ?

I’m currently following this guide LUKS on Raspberry Pi ( for context my related lemmy post )

So now that the kernel has been updated, the cryptsetup benchmark -c xchacha20,aes-adiantum-plain64 command is successful

So in order to enable luks in initramfs I’m following the preparing-linux section of this guide.

we can read:

initramfs has to be recreated

I followed the guidance and edited the initramfs-rebuild file to match my setup

initramfs-rebuild file

#!/bin/sh -e

# Rebuild initrd.gz after kernel upgrade to include new kernel's modules.
# https://github.com/Robpol86/robpol86.com/blob/master/docs/_static/initramfs-rebuild.sh
# Save as (chmod +x): /etc/kernel/postinst.d/initramfs-rebuild

# Remove splash from cmdline.
if grep -q '\bsplash\b' /boot/cmdline.txt; then
  sed -i 's/ \?splash \?/ /' /boot/cmdline.txt
fi

# Exit if not building kernel for this Raspberry Pi's hardware version.
version="$1"
current_version="$(uname -r)"
case "${current_version}" in
  *-v7+)
    case "${version}" in
      *-v7+) ;;
      *) exit 0
    esac
  ;;
  *+)
    case "${version}" in
      *-v7+) exit 0 ;;
    esac
  ;;
esac

# Exit if rebuild cannot be performed or not needed.
[ -x /usr/sbin/mkinitramfs ] || exit 0
[ -f /boot/broadcom/initrd.gz ] || exit 0
lsinitramfs /boot/broadcom/initrd.gz |grep -q "/$version$" && exit 0  # Already in initramfs.

# Rebuild.
mkinitramfs -o /boot/broadcom/initrd.gz "$version"

and when I run mkinitramfs -o /boot/broadcom/initrd.gz I got

grep: /boot/config-6.1.93TEST+: No such file or directory

I’ve did

cp /RaspKernel_6_1_y/linux/.config /boot/config-6.1.93TEST+
mkinitramfs -o /boot/broadcom/initrd.gz

and it seemed worked. I’ve edit the remaining files

• /boot/broadcom/cmdline.txt
• /etc/fstab
• /etc/crypttab

rebooted. Landed in the initramfs shell as expected

but benchmark -c xchacha20,aes-adiantum-plain64 is no longer successful :'(

Cipher xchacha20,aes-adiantum-plain64 (with 256 bit key) is not available

Any ideas where might lay the problem ?

Thanks.