Hi Sky, Pls can you advise how to override this "LibreELEC-Generic-BT2020.x86_64-sky42-11.0.3-#231022.img" to the community version" each that I try to upgrade to LE 12 alpher or downgrade to LE 10 , it wont work, I get this error message on the screen.
Any suggestions.
Thanks
Any suggestions.
Read the message on the screen?
Thank you sky42 for great job! Are there any instructions on how to actually use the encryption feature? I want /storage to be fully encrypted, but unsure how to do that. Is there some hook I could pre-load to run from boot partition (or specify on kernel command line)? My goal is to decrypt user data by fetching key from network, so this would definitely require some hook to run
I think I found what I was looking for... I need to create /flash/post-sysroot.sh`, and get my initialization there, right?
Hi sky42: thanks for the pointers, and they are the good ones, and I'm pretty sure they would have worked should I have relied on wired network, but I'm making it difficult for myself by trying to build this for my raspberry pi3 boxes which work over wifi.
My ultimate goal is to be able to disable every player in my network by turning off a single machine, not just from playing content, but also from third party accessing any logs, history, or caches after physically removing device. My previous setup was with OSMC over initrd, with initializing interface using wpa_supplicant and then asking NAS for disk decryption key and decrypting root; however lately I cannot make initrd work with osmc. Approach that LibreELEC has (read/only root) also works, as root partition is static, so encrypting only /storage is sufficient.
With your build I almost succeeded, and here were the issues I faced:
- wlan driver will not work, as it requires loaded modules
- once you get modules loaded, they still don't work due to missing firmware
I used a plugin in /flash/post-sysroot.sh , and made it invoke a variant of /usr/sbin/kernel-overlays-setup, but was still unable to make a builtin wifi module work. With that said, an external 802.11AC module did work, and I was looking to use it anyway, so that hurdle I did pass, but then without wpa_supplicant I had to use something else;
- connmanctl requires interactive session to connect, and
- iwctl hangs, I think because it too requires an agent service running (the one spawned by systemd later)
for now I settled with just shrinking /storage partition to make space for encrypted data, and creating systemd service, which forces itself before kodi, and it mounts encrypted partition over .kodi and all other non-dot directories
If you are willing to have wpa_supplicant added to the build (which really serves no other purpose than my specific configuration) I could try again making /storage fully encrypted using air-supplied key. Not sure if that is worth the effort, but I leave it up to you.
Thanks again for the build, it got me much further than before
Display Morele3b nice to see somebody else to be interessted to encrypt user data
here is the place you can use
https://github.com/sky42src/Libre…ripts/init#L604
last line in your "mount-storage.sh" should be
mount_part "$disk" "/storage" "rw,noatime"
or something else that does the job
for fast testing i use kernel command line and nfs backend (that is encrypted)
add to your kernel command line "ip=dhcp disk=NFS=server:/kodi/21/client,vers=4 ipv6.disable=1" normally in /flash/syslinux.cfg
that works with the official image too
And i already build LE12 Generic, but did not upload it or opened a new thread for it. Testing it for 4 days now with my new Intel N100 box (not yet checked out the part encrypotion).
Sorry LE and WLAN we are not friends. I always use wired.
The .kodi mount in a extra partition I did too for testing. You even can do that with ext4 FS encryption without extra partition. But the ext4 in FS encryptuon is kind of bad documented.
My goal was/is the same: take out one fully encrypted system and all the rest is gone no cache or metadata left.
NBDE with tang and clevis is very cool for that. I do that all the time with any RHEL and clones. At work with hundreds of servers.
TIL about tang & clevis!
I just downloaded your build for raspberry pi 5. Libreelec starts, Kodi starts. Now I would like to try crypt components: I have an external hard disk with one truecrypt partition and I would like this partition is automounted (without manually insert password) when I connect it through USB port. Can I have a guide to test it?
Release version 11.0.4-231221
download link sky42 LibreELEC community builds
based on https://libreelec.tv/2023/12/23/libreelec-nexus-11-0-4/
231221
- upstream update 11.0.4
my source diff
https://github.com/LibreELEC/Libr…v:11.0.4-231221
thanks sky42
i want ask for your build "Generic-BT2020 11.0.4-231221" is can work HDR & HLG in pvr live ?
Zuma for me HDR is working, HLG with PVR i can not test, but you need to have the right hardware too. I only included patches from here HDR on x86 Hardware and there you probably find more infos about what hardware should work. My NUC8 works.
i try last your build : HLG not work and i get black screen
only hdr work
