BOSSMAN 19.02.2025 (lkrg 95f12a6f4d1acbde1b65a94c79b12bedb8a98390) (.config_bossman updated with integrity and lockdown)
BOSSMAN 27.08.2024 (amd microcode, hardened kernel, kvm, amd, intel, sev, sev-es, lkrg, safeboot signing, dropbearssh)
-
Отлючаем secure boot для того, что бы загрузиться с кастомным ядром в первый раз - необходимо выключить secure boot после того, как мы убедимся что ядро собрано корректно и работает ожидаемым образом - мы подпишем его и включим secure boot.
-
ставим депенденсы cd /usr/src; apt-get -y build-dep linux-image-
uname -r-amd64-unsigned; apt install -y build-essential bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves bison sbsigntool gcc-12-plugin-dev debhelper-compat rsync git wget https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/snapshot/linux-firmware-20240811.tar.gz; tar xf linux-firmware-20240811.tar.gz; yes|cp -ruf linux-firmware-20240811/amd* /lib/firmware/ -
качаем ядро
!!! ЕСЛИ ВЫ ИСПОЛЬЗУЕТЕ ЯДРО ОТЛИЧНОЕ ОТ linux-6.11.10.tar.xz --- ВСЕ ПРОБЛЕМЫ КОМПИЛЯЦИИ ЯДРА И МОДУЛЕЙ ВКЛЮЧАЯ LKRG РЕШАЕТЕ САМОСТОЯТЕЛЬНО !!!
если мы хотим собрать такое же ядро, как загруженно в данный момент (для этого deb-src репозитории в sources.list должны быть включены):
apt-get source linux-image-uname -r-amd64-unsigned;
альтернативно, можно использовать ванильное ядро:
git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux
cd linux
git reset --hard 46d1907d1caaaaa422ae814c52065f243caa010a
но лучше качать архив без гит:
wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.11.10.tar.xz
tar xf linux-6.11.10.tar.xz;
mv linux-6.11.10 linux && cd linux
make mrproper && make olddefconfig && mv .config .config_local подготавливаем ядро: make mrproper
Далее определяемся что мы берем за основу. если мы хотим получить минималистичное ядро с набором драйверов, которые загружены на системе в данный момент то пишем: make localmodconfig иначе, если мы хотим собрать ядро где будут доступны все драйвера, то пишем: make olddefconfig либо же можем просто скопировать конфиг из папки /boot/
далее перемещаем полученный конфиг mv .config .config_local
- добавляем усиленный конфиг #если не обновлять ядро, то временный фикс дыры: echo "kernel.io_uring_disabled=2" >> /etc/sysctl.conf && sysctl -w kernel.io_uring_disabled=2 && sysctl -p #чтобы заблокировать io_uring #Debian-way correct config #echo "kernel.io_uring_disabled=2" > /etc/sysctl.d/99-disable-io_uring.conf && sysctl --system #если ядро обновлять, то делаем дальше по ману
Скопируйте и вставьте в терминал текст между пунктирными линиями не включительно
echo " /Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4BOVBiJdACGTxfcDwi7Fw/ip2C8gPu4Tc+VVMtmyiorCZl6WrE6J+hktklui50aS6lbVPr1oIL6c+6RglCjtmgL+KhoaPfI1AlhiX7Pb9XQEB68tSHkginHvHC8b8fvZ+1Eu3AO3rPlUWaOR571AMUL8vQegSfRhm1JAUe9aosFYhTCqc3mykT5TX7XRVDcZJ2SlpRsyzSxyPrVkLHdnEMoZZOeniXW HSODlx6Sn0+HwwEa2qDgoxlpONSRSPFqhREylcsMWln+Br+Bf33ltKPyzH/EkpH7zK3VTqakqLjhvCWbSz/vFtLYaPtE/AjIvj1IdSvuQetniWk4QDY7NmX/h3pwGuMRxXIHQ1NlFDNbl0b2mI9q7aRxEdv9Hm26V/0cRUO0uU0ubO3wLIq/fRtPfvFFqdSeC90z9xgZv7XhnKQ5W1ivlChHEhR1C4idu2PlpP/zjHQdoFasu6U0CP7pSsoQbIC RZDLxaQlADdy243rTQ/Olr4UYiVKxwGdYunJ1qS5PSuMQEioR8V2VlMlrRUs8oj3sg/AY0LtDg3+WFv4Qnm4t0kjkxCZLVNakzSopZYswnMcFxx83MWHYR3VfrKGd9qkiHivfnSvQVnXTn8D/XPOQsbq7Bc6O31nPIZIPDUohTAnnYjX97gmLT1ms9SB3oUffBdv/tKcQflu3StsIcutU1UTdsJrXUAL14U5yMR/FyXZwCMFLUrPK0RX1YQ2Jq1 /X7v1nqjJ93X+OqVxstdbjPHMDohK8+F55D3UYicIQLPAH2qlFVAqwbBs9CXIAaJx0pPGdoIpoprj+fRuGCPudzNShMPfVGAgGl1yZkOsFYqXiQi0hHY4gEPOdfcFRqXa+Xn3/MgZlqIqIw4gfCqOmBu6lw4AZo2CINh76KPlRcso0Qziu7woqT4+AR4bUBVUUg3WWGX8ifaVLrUtIK3k5bFeI4F1LOMJeB9ZV4JbVQWGhspOyhpeJk76nvq2Gm fh7CPLQI8h8/wiYmd2oisHcO0RPMfXPWsRAK1172/vPXzEDOEfc0DAHRAKmFtsZAlGAYBH8Ve+sDv+/MUn+tfS3SPhRwvwP0iniC+hNoOOQx2600xWiuqmlRGPzrp6QhxDT0DrfjJ8BeblS+JBb2u1kQtj8HCksXR4A31CWiNMT0bw0JmNNyWcxD7K8jhgkv79qM6Iy34+LmeiBOd2+fwCQI96WGIWw/1EjinzFsZ7cpdtKlEVWetChvbUsgOrq +JQG7WCcgSJvrXDGcRc6vA58kyyJJRYaWXjbYS3sxrhkCOp7cCsdoVHW9JwOLWZtHjcQqWLtv03h41IhuLzPIBiW6hgSeb5IlPCnR8hrL1PvZffosgcoUwrSpGO3ANC/fV5CYBckyUkOKwwzwLrIOoVbEqdtqr1x985ZY5dZ26LMkjRDRavFKWCoiDU2HMHQ0STROTtTiR+VrPxXol6hIw5nZjsMh9OjgUhO4K4HzUoGof0hC2iNbVygdVQuP6S 5lVfV4AKbv4OVDoH6kLq/Fn9MHfOIr7UMibX6V7rs7sERT5n1riZRfWp9FGe0nieIAQcf0DPEuNP9ARiNYp+FeFRcaZEQO8i4xonN64/TGLeTJUxOW4DHnzwq19KZWEY+XEKUnO0BvH2S9EpybatNStd5IP2158LY7Ycx0OZjL0rT072ABJl5XnirSZmb+0toP+pL5yt76UIWj5LriRtpUpVxbcWPbIENzooaL2g/nmCzrJlZX/4K8PG+e9G42t sBdtMWZfEFO/sNpwbBG1eWdFtnht7ScjGzJsBJu2EtG1GAk0iPzPKaYgN5MUclMguuiEE/7cbChegL6+k5p0ZYSQu9EySe8IO5xk41jKa1LCfWK7pJp4JsPdN+D0SoSyLfWNIWHai/OKZkMSvPJhFlaUJ3nki8FZCpq8LZhZy7VbgbqjppGFH+Mdw+yyIe7++N87sGBixAZpfZxMCkR+1dAaXZPVDdV/70prmfax1C+466CNfD5ZCYwoGdQ41Pf dSOnSaceG3JjLMkl67WZ/xZ9FxOBkBiEPK9kxq2x8sLQHSa9ycdvi/bEgsOR9X9Cw9b2cM2na0vu8oOkOAHHYkf96ppcCAAAAACvOzbCnmjqngABvgyWJwAAxKVMg7HEZ/sCAAAAAARZWg== " | base64 -d | xz -d > .config_bossman
проверяем наличие .config_bossman
Далее, в случае если Вы собираете ядро для PVE и в случае если Вы взяли за основу ванильное ядро, Вам необходимо применить патчи.
Если же Вы собираете ядро не для PVE - вы можете пропустить этот шаг.
Данные патчи были созданны для ванильного ядра 6.10 согласно требований PVE для версии 8.2, а так же были отдельно добавленны патчи для поддержки работы AMD SEV-ES.
Что бы создать патч выполните следующие действия находясь в корневой папке с исходными кодами ванильного ядра: Скопируйте и вставьте в терминал текст между пунктирными линиями не включительно
echo " /Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4DNAEpldADIaSQnC/BF9UN4KT0fVpS2eon9LsU3mbAlEfGt5VRmiun1QQAU4/EY+zY3DHHxuPIfxQUrHExSTzQB9kKGnq SMG38I/jKtZiEaQCbMGF/VAFQjGBpXVxpPMAcwW+wa+k6FsCETZEs0WBX7DUICyVlEoMPq02TKhElFRdTbR5Q8E7phpoND7PlddnLD7EmN09R14uSIEF6npnIQWg+ OietZrbaLJM2krGYxPMRw130hx/VnzB9itp+LeBHStMHqAEh+70Bdyjtg6Qrk49dEFD0hGrSAH5TiwSd0rs3hPryBVBw1VftA47mUmex6nWpylTMajEFOIuQ2NZom uiUe4GjU5t54tkwnJwiKYciJq8+TfbmtZegj/XMlXpTapMsXjDiv3SjM5kB+nrcyF8dcrXyXWZXNNxdcOZ9A3nnnALj1Bvuhr40lbKVtAtIKz9MvkjlXKrgILj5s+ BPk/q9wK5wUhBlx3qoZlCe7uYoBaE68vYg2FIA/prAp7CpDZ/eBQK1yCcHepjQg8PaVrsdBtULuqXoMneHviayLpJCzSjqBARGZjyepnK+/EEoQvuy0363Ddrv+n9 i9ZVkWJm1HSoC1xfdBFrfTtOfahS9sM8mhOdn8hHhQKF4TViGFpZ/u13J9nivxPJDZc3YhIFj2RiP5MY8JgE0OqpXnDKJFxOYOxWJYEzx99PnV9Gz8W4QWliDFDay +nZOzPqNeoPr2HxF7Oc/xeNShf10hcCnd0YvEUSU75VJLNhysfmrcuraWzN3lZ1YU196WEZaj6a9adB4wYQsNxrgEuEMMp84MPJAeLTqVRdykCcwFvHl1l2zpWw0v 3m1k/t7+8CYQ0DBSlx7uDjVZTEOCethBnF62Qc8dN+vp0FBAM2I3200dl71No2TZu/Kp56TEat0c3js3aOhFkUYdMyeS5G67i0KE2crEpRVIb6tWiabmugXWmNGcV 2zkuUltlK0A1S65+pvf1267+WxiAVTQmaQAK/Bke0XRXWfh6tiT1SQXyB0eN0+gcZgFZb7r5Y2s3GwSx3gO5Vg0HM2v0yuvSzFTcVb+gxuTnnBVmYM2+9CZI8EFSH Mw27wcUE8ZoxoU51NTmy3eM8979lxVksz4kiknh6mFsvjJXIFKKTq1hKnN/gjKxRVJ31PXKkkGAz6n5DAi0YehOaXwStYE0RydFG/Ig26hZ6CEbWL1RYQr5YrXk4b 7WIXwu24kKiNw1tUF8Dqw33WnwNF+aiYnUmiSnHlUflZMrysT5hXl9bnaDqn2oWOeCNTDYFdVS4IvRtL7QA4GSl8zZ+zQsFgcmUaH3n35CQ5xaPELg6YZS7qV4yPQ DAGrG7i7bloA5ArC6tUMS8GEVnqRNGLYIo0yZwoFjaMoxQhVh+GsPi+ddwLjtLBttXEnQ/Mweme4DloS7D1gWY/o/nUxJP7BPeY2/Ql2/e0aXvwppqTYfL/92DKSl 7eVBIYmDI4EQcQbi2VH3PdfMFdLLHdXNYyOeaKn2s3IhwyhIXwLkkx2vqdIHKThapMYUpVCXP26iYvtUIBX7YmOwjSfPmEpudLZlPZw72wNBWHh824ZRGOML9UKfa qI/k4wavJH7vfqa3OXok765PO/PnDVai1/inVtJSDofxJQs/TeDVRqeJ7eFmMeEajXEJC/rH8N6L4WtI+nDWJNjEljS69xj5uL7bh4O/YKFzz2CroCQp7UaFA4Igu QeQB94ss6nFNyQAkXvjRgMaR9DAMEHa0gRswh3hdClbgt6O8AtMBSBOigO1Ck1OcIbwi9V+pbMKfX2IYLq6Sa1WJ+PE6Q1dQ9FZlE+iI8Ue9yl2eJeITGSAymNWBn qun9qSuZUwzEIj9k+QErZdHJ68cOzZT6yWy6rG7ScrOEXOAT9BX7A2FltSJdh/wG5FUrSoiCanZuAF4dnoA4uNYIeaUNiF588KgJjdniQf15MeQtJmljFzjqSPbhx ykCc/lTfejzpFjutIuwDOICulBVr2SMykH9hgdDNzfMfsQydUAPEKE4G4mr1rSeEvlB/qaDvJKLnLXdQ3eyH3LRJTtBxADtTrItjAhcOpTA0K/v86V6phdi8xU1tK dTayrwjk8NxQPhvAU+D9sLf5RRDRISQnYzKrDMQeHZuseFgirsviem01235zIGGV5jABgX8W/6Rm1blTeD8Vfly0exzgF7QJ0lb4u+kI/pX9g/qOcXccpm6uFpSgz JwvUBtU7fdGdTIYE2yv/vaCy2pwSbY52eRPAY/p0pWEkbepNJIj1ZoTlX3H5CNzWn9SrrxlNQgkmOFwLlg0tOj7vDbrwKi+j2TtgXpqKagiN9yIW16syvBKjVWNRB cgy+liA1WFf214wAxk3jG7xDExFYj6h8h9k+FcyS+PVW9DYGFyvJy4iuMzRtIr00iM2mweI1IPfI4TJR3pQYEGVt81huSHwHMYtHuxGJWn/YZNJd4SJfNsOpFv5nP UgpMAOAqE2Au91GirEJqvn7tgKlx6kdqn+xcJoT8UmWSmuFtD7motrl04MJnFr1nKZovq0vfPc8c9rFXWG5q+TNZXYQ3+ipp/7toDnl6/GFAYEGfz88k345cPbM2n zJPT7mX5uAIjE5SlLMa28mOf3ytOsRaEkLC3DKfz52vhDYUZBYZDIBRl3HGMevoycf2q/fdTIgZELTwnbqrAb3yR85BJ7m4LdM353Q8//AelxmoMpdoOF0qnncUfu Vu3KW2DevhlKLu0xknRvBLCMoI834u8E7jmQYklcnTkPQ3Z3oLgd3PLROCnTQQzN762uHQm8N3vvHP9RrufH1u8IzNKmWp7uH9i4IAX5G+69W1ieKsmZwFC61oYK1 UULxh/3g+0Ta3+mAD62WEV0orOOBhZPNCuiF+4wcCGr/xU09aF/dyTBCgl63KlmKiPaMfmsJczGGN5tksuiIjLda9bKhvzH+eoUBBbImzE3S1yRTOtTwusF96tceW 0vPV9HwQaHv6tLFaHABbjv38HjrN8Jh+W56atu+K+Fwr4Z3HHO4+VXRml3KcrLlApflIhze9HkQQjL+cLmX1mWb5sFJ9y5YifImcta579u7wZQNTMG4pFLGCwN0L8 JCpHzGVmFW+j0cd1eSyG212RKppki3UyaYQaJzn3DwVXnNPfklsdzm95EtT3ED4WVdALY2YyGDJLAUqtB1I3xZUXqC2paTFhTtB106UtRG5HesbEGC0n1XdLztFtk OP6XrdS9yiwoeA04nbmYs34GfhvlYW3E+qEwdq25A0oJQOpUbQvpYZbfKCeBUdn4/nY5dYrJny3Y0tHSDcBT7F8xROacW0iCE2YKKG+EiwOz5qqmMj4N3j64jlwt/ NbAIueyKKxH+0pGfPZoG3xrEusMmOGh2pLpHSjoFDsnORgiCnFLtudz32AC2SebH6ET/mj0+iqPXPK6KLq+BBlxmblwYRfxEAIh1u/EPTBmAS8D9v+ikoq0jFstBo 4ZF0P08eg+rTPSqt/vENF9RqxD+X7cSl0Z/gsSQxw8gZrp69sfx6MC0N/G9BnUypmV4TxK1QJWqrMLXCaOgimPt3qtvRdTLVhxEcM1bF711e5UVhmSxs9ypHTBH/8 oT6Li8eTumXhFcg2O/CxOlS7FZSFKVD7FOi+TpoE4cOIIk2258SbYuEgylZ5UtIt+x3AZEbLVzycVJihHVFkts7Qjg1ic5oX+cMg4yTEHEu2m6xPWXWzut4HAWYBJ R5cgFZD0W8IZCjcN6qUoOJXuDs7vX0NwviDH59neb1wBBGpr4M3ANk5vJvdPjOmkZXVUnfzIo93a3AOyHQkEQuleMNhPCWPGn6aRK+mTVNevYuNhW7HBBASMroxp5 x3axZPBaJVT7pGbpBpWObvyDeOlssz4dTBpKSFaNg0xagO/NKaHnbXztJH3sTp8fIPqiSIin1BxmZC/1MAKZxmI2jvRKDNdCa5a7P3TdGcTOMth9QkYsyWWEMy6gO vQxhPI9pJsqkH3wPvar4cKPNbqVqXQPQhCHiEFiQ/R0cuyNp7tWL6bzENPicsElUHuMG6+BCQmS9rrRmwC657VCCz9tYBEZWy2/fU8aKbvZu9+cox4pVP9lXV+b4F 7TxesWxG7mbL/eh/LXzeTc1rrY873JIR5cksKu7rg1i3yFpB2ee43BOo/Aj4g/LLQhh+McWm/xfygxGkJz7Rs4toyrHPOYTQPHIU2qIml0utvPvUcPKcWlGXRWSmo 9iY0yEDPOYwrU9xtGQX0yh2cFHI0eqg4MU7oEMmWsSndSRDYgVTRmck3izl30HGy4ee0YZM+vogE1jDPzonIjb6p6Rf6unu3x0yW1M1cppY+EVnSfVmhzy858cvVB sp5WOKdEPSTua5kuIKbGPV08EY9AcuDdSZoX8XtjY2GE+DoTeSLRKWkMLiOl6EmuCMp904exWum+Ox7BGay8lFKzWNGwf0C8NxOBofSDWyTPu2iRG6xeM7+ySZ6zb P/pCFUckOKL3f4vvY7SZmDdDTAyZPcjiuMQVYNb2Eqn0RaOQ5nVF21l/9w8Wry+VvXMgznj+cVeoQlHUh/GwjQDqbt+BpG68qZGRZawKo7HleAFokQx8Q6C50QUzp 5uX9e1BJRZDf9DkvhVOMl3ERXqHkTGum/CIUsRuS+QYeRMNnJeQ643gQJk4i6nzTlbv6JgWUplgnjnI924JZ0WwvKRUMjDx9v0zq6YdkksTE54sYdueoz+fi4IYzr QFHRidAw7ruu8LP2vvwWl4CMz+WM9tOCHSExvaLegpZw/0Vo7l7ppZQVHWT0yWyC438/sKGHio5TCywYhGCc19GuqeytUNxu+rsJ9gISsWTpAHjXEhr1OYu/Butin UFsghBGXwKssO20U2OBwoEsKKcgzDjfJ1c4XjBAjQIdLkwNiTe8xGm2MsrD8ChcfdziK/Hln/lldDmd7Fvg50pk8GdyA4gctmW0yTZS1Rznhb2FHqjEkbXcJyUoCx DYZK5roXrKIrYVNJBKMiyYHbhXV1zUa/kJpPXSWGLxPTBrdaWs71rknmpLcDlgtko1tBxNZ8L8+8XvDpWUpsjYb9OVEdG3fTc1MWhGXrT97eleCz/291E+8xg/p+h rSra7L371VYejAMfDSoPWDt9JQebT+X/jZHGji0eRBG0swro5PllWSXSggnkSNYhGoHBK9FPEcCuD7OxFT71JrAHkzXzrr/zncVIlEwpsXvnPOo1ut/RY4aJq93hh 9JD8jX5XaCsrNBhGI+TfozZ3K5oStEs3mq63kXIHUfWIhJ0T8lSOd0rFzo5EKg75eaDAO+z2XKdYfB8LbU6cVxyS5PjIVWmD8gUKjGhbmsyJPmEhMj3JHdmVBo3KK x5neOLKAh/RMf9uUqsLcLv4aBB3gM/LDrYWcJqNWG4i0vOWmt3bWD4Nq7sZXHs3ci4llKxi61hrY0p8dd5l/Wx3UtixioggXOl5L08JLH2Ou9PznwI0xk0M212GgK EZ++Xg29zDx0IhobEmrElzpYtSbUEq6zJ1xoUKdkBFLX/VQ1eWKtACBwZpj4Czld8vX6nEvvbeeQhysVncOpNzVYwKmp7qpoD9W1W6sZ9Nve4tEUCw7xKdQIZE43d 8deSIe3rwz65TU2AFalKanyYy0RH5TS6dVv7Q/Ch2aVKboA4c0q7G+xPDFmIZ4OghdETaLaLA3gQNNgQUn/98zpw7/3zrQ+FdXUJ14stY/ULfnZ0i+VG7B86mhN0T zl16Qc5vSA3NsRAPsqdJMl30jJBSMYl3ggjaEDECA3NW0nuanhMvAl4Q6Fpxwa0909SisfMG/i3VuvSUrxBbqK/wQ8kSxp7NpV0+qIa43ZIFMhRwj8LkyoXDvgnPa U495PYeGetElXvsLhmWaJQGMyYQupTKYIOmJVK8QVAnBbgwpmvaYAfdWNoq9B6EBD/xGA5lxsvFkwHbZgmR7N+kkND/v6HNeGYhb4Bak6i01t8dp4pF68QDT6eZxp Z8J4PZ/753vKcAfHwEIKmt7imHiNW2rnvILUWqxghsaXwE+E0ehKCzBPOXwycodGCC2GpsDZqrl5rei7JfgPeFJS1xPhVSDL/oV3RG9Np46Xp6+CFP26IPEMA1QAj AAvVdmV8/h+x3hpFIdGpn9XrOYscLOnCZsFm5/UNXmt4yXNjtdiypGLWBiUthSzo7dRyjJPU3xlpizt6xqo2xbteggZZqb6FUCxiKTgQCWjXkRVjbUz/daz7/hupt ZCum0pcdVAaPUMvUJZNSTU+ntRThRmGyZ5npSCQMmN56KHgiKSPOWdR6DR3jo6eR2YgCtO8PSqbySzJtu2aCHppuNK3gQ42zZ0iSWc/AhZjHFNIf33vqJWwHhZBUP G32j+dQY9UU8mAgAAAACdQKKOX3TZQwABtSXBZgAAnsjYArHEZ/sCAAAAAARZWg== " | base64 -d | xz -d > patch_pve_8.2_for_linux_6.10_plus_amd_sev_es.patch
после данной команды у Вас в папке ядра должен появиться файл patch_pve_8.2_for_linux_6.10_plus_amd_sev_es.patch его md5sum должнна быть 814fcd179e33eb2047d9f6d49021cb39 md5sum patch_pve_8.2_for_linux_6.10_plus_amd_sev_es.patch 814fcd179e33eb2047d9f6d49021cb39 patch_pve_8.2_for_linux_6.10_plus_amd_sev_es.patch
Теперь применим патчи: Находясь в корневой папке исходных кодов ядра выполните команду: patch --batch -N -p1 < patch_pve_8.2_for_linux_6.10_plus_amd_sev_es.patch
Ожидаемый результат команды: patching file arch/x86/include/asm/cpu_device_id.h Hunk #1 succeeded at 312 (offset 16 lines). patching file arch/x86/kernel/cpu/amd.c patching file arch/x86/kvm/cpuid.c patching file arch/x86/kvm/cpuid.h patching file arch/x86/kvm/svm/svm.c patching file arch/x86/kvm/x86.c patching file block/blk-flush.c patching file drivers/iommu/intel/iommu.c patching file drivers/pci/quirks.c patching file include/linux/fortify-string.h patching file init/Makefile patching file mm/memfd.c patching file net/bridge/br_stp_if.c patching file net/core/dev.c patching file virt/kvm/kvm_main.c
Если при выполнении команды возникли ошибки - обратитесь к Вашему системному администратору.
-
усиливаем ядро согласно усиленного конфига ./scripts/kconfig/merge_config.sh -O ./ -m ./.config_local ./.config_bossman
-
Проверяем, что желаемое соответствует действительности, при необходимости устраняем недочеты true | make oldconfig данная команда должна сообщить что все ок
После того как сскопировал свои сертификаты в папку certs нужно в конфиг файле указать полный путь к серту, чтобы он при сборке не был заменён автоматически. CONFIG_MODULE_SIG_KEY - указать полный путь CONFIG_LOCALVERSION - указать своё название
- Собираем ядро make -j$(nproc)
после успешной сборки мы должны узреть:
Kernel: arch/x86/boot/bzImage is ready (#1)
make[1]: Leaving directory
и соберем бинарный deb пакет для ядра и заголовочных файлов: make bindeb-pkg или make -j$(nproc) bindeb-pkg
в конце должны быть надмиси типа таких (у вас версии будут отличаться в зависимости от вашей ситуации): dpkg-deb: building package 'linux-headers-6.1.76-secint' in '../linux-headers-6.1.76-secint_6.1.76-secint-2_amd64.deb'. dpkg-deb: building package 'linux-libc-dev' in '../linux-libc-dev_6.1.76-secint-2_amd64.deb'. dpkg-deb: building package 'linux-image-6.1.76-secint' in '../linux-image-6.1.76-secint_6.1.76-secint-2_amd64.deb'. dpkg-deb: building package 'linux-image-6.1.76-secint-dbg' in '../linux-image-6.1.76-secint-dbg_6.1.76-secint-2_amd64.deb'.
а команда ls -1 ../*.deb
покажет следующий вывод (версии, опять же, могут быть отличны):
../linux-headers-6.10.0-rc4-secint+_6.10.0-rc4-00039-g46d1907d1caa-3_amd64.deb ../linux-image-6.10.0-rc4-secint+_6.10.0-rc4-00039-g46d1907d1caa-3_amd64.deb ../linux-image-6.10.0-rc4-secint+-dbg_6.10.0-rc4-00039-g46d1907d1caa-3_amd64.deb ../linux-libc-dev_6.10.0-rc4-00039-g46d1907d1caa-3_amd64.deb
- устанавливаем ядро и драйвера
из папки с исходниками можно прописать либо: make modules_install install #👉 Если ядро собрано и установлено вручную из исходников через make install / make modules_install, оно: #не является пакетом, #не учитывается системой пакетного менеджера (dpkg/apt), #и никогда не будет обновляться автоматически при apt update && apt upgrade.
либо же установить как бинарные пакеты собранные в предыдущем шаге (предварительно скорректировав версии под свои): apt-get install ../linux-headers-6.10.0-rc4-secint+_6.10.0-rc4-00039-g46d1907d1caa-3_amd64.deb apt-get install ../linux-image-6.10.0-rc4-secint+_6.10.0-rc4-00039-g46d1907d1caa-3_amd64.deb
после чего можно зафиксировать установленное ядро что бы оно не обновилось при обновлении системы в дальнейшем (так же не забываем про корректировку версий в имени файла): apt-mark hold linux-headers-6.11.10-secint apt-mark hold linux-image-6.11.10-secint
добавить модули в автозагрузку
echo "kvm_amd
rtnl-link-veth
iptable_filter
uinput" >> /etc/modules
-
перезагрузитесь и убедитесь, что ядро работает корректно.
-
переходим к настройке secureboot disable secure boot set secure boot mode - custom clear all keys loading to kernel
-
apt install uuid-runtime efitools -y
cd /boot/efi && mkdir keys && cd keys
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -subj "/CN=Platform Key" -keyout PK.key -out PK.pem
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -subj "/CN=Key Exchange Key" -keyout KEK.key -out KEK.pem
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -subj "/CN=Image Signing Key" -keyout ISK.key -out ISK.pem
cert-to-efi-sig-list -g "$(uuidgen)" PK.pem PK.esl
cert-to-efi-sig-list -g "$(uuidgen)" KEK.pem KEK.esl
cert-to-efi-sig-list -g "$(uuidgen)" ISK.pem ISK.esl
sign-efi-sig-list -k PK.key -c PK.pem PK PK.esl PK.auth
sign-efi-sig-list -k PK.key -c PK.pem KEK KEK.esl KEK.auth
cat ISK.esl >db.esl
sign-efi-sig-list -k KEK.key -c KEK.pem db db.esl db.auth
sbsign --key /boot/efi/keys/ISK.key --cert /boot/efi/keys/ISK.pem --output /boot/efi/vmlinuz /boot/vmlinuz-`uname -r`
#для сервера делл добавлять ключи нужно так efi-updatevar -f db.auth db efi-updatevar -f KEK.auth KEK efi-updatevar -f PK.auth PK
sbattach --remove /boot/efi/vmlinuz sbattach --remove /boot/efi/EFI/BOOT/grubx64.efi sbverify --list /boot/efi/EFI/BOOT/grubx64.efi sbverify --list /boot/efi/vmlinuz mokutil --sb-state
efi-readvar
#Способы удаления ключей из Secure Boot
- Очистка переменных через efi-updatevar Удаление ключей (PK, KEK, db) из UEFI:
efi-updatevar -d PK efi-updatevar -d KEK efi-updatevar -d db Если команда выдаёт "Operation not permitted", см. ниже.
- Очистка переменных вручную через efivar Можно попробовать удалить ключи вручную:
rm /sys/firmware/efi/efivars/PK-* rm /sys/firmware/efi/efivars/KEK-* rm /sys/firmware/efi/efivars/db-*
#после достаточно лишь включить секурбут в биос
cp /boot/initrd.img-`uname -r` /boot/efi/initrd.img
cat /etc/default/grub|grep GRUB_CMDLINE_LINUX=
mount /
mount: /: /dev/mapper/pve-root already mounted on /.
lsblk
sdc 8:32 0 931.5G 0 disk <-- путь к данному блочному устройству прописываем в аргументе --disk ├─sdc1 8:33 0 1007K 0 part ├─sdc2 8:34 0 1G 0 part /boot/efi <-- номер тома помеченного как /boot/efi будет значением для флага --part └─sdc3 8:35 0 930.5G 0 part ├─pve-swap 252:0 0 8G 0 lvm [SWAP] ├─pve-root 252:1 0 96G 0 lvm /
x=$(lsblk -lO|grep efi|awk '{print $18}'|sed 's|:|\n|g'|tail -1);
export ROOTMNT="/dev/mapper/root_fs";
export CMDLINES="mem_encrypt=on kvm_amd.sev=1 kvm_amd.sev_es=1";
efibootmgr \
--disk /dev/nvme0n1\
--part 1 \
--create \
--label "vmlinuz" \
--loader /vmlinuz \
--unicode "root=$ROOTMNT initrd=/initrd.img ro ipv6.disable=1 loglevel=7 net.ifnames=0 $CMDLINES";
#примечание - для случая когда уефи раздел на отдельном диске , то параметр efibootmgr
--disk - это будет тот диск где уефи , т.е. на примере бокса ex4 это /dev/vdc и опция --part - это уже сам раздел уефи, тут это 1
#Допинфа #поменять порядок загрузки efibootmgr -o 0006,0000,0001,0004,0005,0002 efibootmgr -o 0002,0003,0004,0018,0019,001A,001B,001C,001D #удалить ненужную запись
sbattach --remove /boot/efi/vmlinuz sbattach --remove /boot/efi/EFI/BOOT/grubx64.efi sbverify --list /boot/efi/EFI/BOOT/grubx64.efi sbverify --list /boot/efi/vmlinuz mokutil --sb-state
*your kernel settings, hard drive, mapper and cmdline maybe different, look /boot/grub/grub.cfg entries to check
after this command you will see current efi entries and their boot priority position, by default new entries on top
ребут
press F2/delete to enter Setup enable secure boot go to key management
steps notes: Select variable to update - Click Update If it ask about load factory defaults - Answer No If it ask about file format - Answer Authenticated Variable Select right auth key in storage (we use boot/efi directory)
- update from third position to first
step logic: firstly we update "Authorized Signatures" - select efi driver, go to "keys" folder and select "db.auth" file secondary update "Key Exchange Keys" - same directory, but select "KEK.auth" file and last update "Platform Key(PK)" - select "PK.auth" file then it ask to reboot - click yes *check that all 3 auth keys in storage: Platform Key(PK): 1 Key Exchange Keys: 1 Authorized Signatures: 1
after reboot with secureboot system will loading your kernel directly from uefi (without bootloader aka grub) also possible to add "ima_policy=secure_boot" parameter to kernel, and loading only modules signed by keys in secureboot storage
- without this feature kernel check by sefl keys that used while build
LKRG:
качаем репозиторий, удаляем все что бы остался только .git (команда rm -rf ./*), откатываемся начисто на необходимую версию.
git clone https://github.com/lkrg-org/lkrg.git && cd lkrg && rm -rf ./* && git reset --hard 310e85d19c2a36bc4959d2057e3063fab8c02f8f
Что бы применить патч выполните следующую команду находясь в корневой папке с исходными кодами LKRG:
Скопируйте и вставьте текст между пунктирными линиями не включительно
echo "/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4X+HS1BdADIaSQnC/BF9UN4KT0fSPu7lw38JYCY2ei8DGwS9PAFseX1ahKSy9cNlyjJZyQsLh/wbXtJkiDXl5qGXSAshJtnF9GYhmS4slHyqcQzvKhCHYEWulSVT41vdNopyxLNxOzhLv2WwG1N9aUtiQ5qKZNOge9hFRFjRpy0X1KNPeIyqmgogV4l82PgxB LGr5PFNu0zHurY+mzb2ZUCRXFnaHyogYAn5qGNBQ/1gqp3/rt9TFRpRoNj1ij/xknWeofvhA2HE2JNeO18gmjnXHOHU2DCEFR858Dt58BqrrkhaPriiu/o11GxrhF5HIYlUMkgFpDDCaj/Xm2T10yRYk/VH4rrP5OjvXrM3kK3Ro7mRyYiwa9JodZKIIWvBVPPPdY0Te+LUd6YWdTgNoCiEOt3JHSF+d4 cEzxHfAv3s9NRKXQ+zrDNnTjTnAortJwuB2dcqUyUMZU+OCadkWNf5rxnfSc13T7zp4R4b9GBvlo3b8OLefbtVdte9fIXL8xGq2mXdZljZe0YITy4Pih59HXsX9JoPadAxdULNZXF07oit5FUoOjrah6RXjpH+XVzVeegGp2djiOvW109x8BziqPwd3/JQrIc05kpEd9nbcGZBc2vdf9YraU4Vi3+akVS sh2D/Er6DD8NlOkUnaLZrcduXd0vvH/6Isjp2K6q49iWQQlm8VOq3l7k2ZHzw8b6lN80OCcsdS+ETeu8nGg/remDzf7wloA+xPznIxDPNPE2DN3D+SY7AHzublgs82rsJwHyYzwBv3YZiZ6AjXNfLyJ+mrbSNnx8keMujXq6pAfgYKAwoNrnsNLAhRhi5uWll8YF9H7VcwMeyMIf22gx8SwtYeCNxoxol v6IN32ieBPmUvXF69lNYUnxdu+bCIWTZvjQd+EfAVC65Q3p6oM4TsiCdF+781E5VOHG3ltALjhRCmroQaqlBW8hj5Xmh0vBowkbN52GV7N7T5OqV2hftrrGdHP2p2Hsn9ZPyIH+bKltsTq8QLO5mWUnGS+XT3j5vGBA0uYnfKWU2H8dAvCZG0JWo0mRCI3wVc4USDVTmu0UNrkvKHUiRW0B5pWB5WKFrr Wv85MmeNatkc4UbKd4yX+yHZCnEzJ+YQBVSmbbrzMnl/v//YPGc+rqQwpA3+plDO6XqLY1wffIAa50qBSUW82HhI3bXNzHWAjeOg81mBeU7yHCOz+92LMmV+HHcdWqEN3Ohxj0zoJKI3XhsnivrziqbrbQCXZbqVPyV3kuCiG1Ne2NZbAX8NRctTyWrSORC++bqWTOXS0ey1yN5N7NNsOVROzJYaUIlJH A+81+/yjUUU8VHXqU+czKpt0368RpcJYEvTrhJG0vAXo/M8aQCwVO45yby7+o+0e/SxyjxnfKPx63Nzlqu5fMF8tNfjHmWvAY7AfOAj5E4QuUncy3FMbxeoGvuzYcjkl7ytyE52pF2qcR6YcwdCb0prk/2MXa4luI7s1RRVSPINDsn0JSsBC8WrZagqKM/7jMVlPZCBvI5NjqMbWrFPwJipCk7a3oXwEY QzCIUG8CVxcd9SNVfonmZI8hjDHK9rMh8EXkxg9YwCpXPLiwSh8pdsfW+8BZGZWBL3Tl7UZiYFFmt9bQv6lrohxZ8j0AQD8XLVapf5v+zCn8s3DCa3EJ3WCbB0mHjpKtfIw/1b3Rhbo9C4EqATnQWTzStlHpXEDPsLz6hVQ0a1n/7pha3kr/jLs/A+N23UWNFcX4yZEJBUkgv52ISEPl7wgmtjjitA0Z5 ErfzeBSwK9KjcjzK83tjgcuSyL1zcPeQvoIdUKqf9L2ypQf1S5JpCJWxJw6bQq0x6CEkQc3afWOljU4kHFrJqkzFYGdqqKCqAWTarF5Znlp1iHUMLh/mi8DLpx5orVAc+GHgdgdrxszl2fadnL8pksEhhqGoPZ096i8CKsUrB49FJnqi4RscHc5555CF0gvu7j//xkGMs3dzKXGgM4jP8x8V/7H67BCSD PCAnGTMFnll9kMZxQUMswiOo1N6sf+sCyaB30Bjurdbr1cA41QGmWQcCzXRab5lruU69JVG26TiCjmnHTCiNwlX7rL1MC1Kw38OtiuuOETbxyJmFEYXgN2gBtO9M9gYWrPyKY/BsZUU6pvr70nDDaTtMQZQN0PSDYdmcQcq45nolVYS54mmd6VyGjxjkD/7eJVrZsVPFG2cFw6hNLnLwlbL701whxWJzH 3oSJL6fqowyqHe6O54NIMAwBETrLEtaQAffl+Dr22azODLjPYKnZ5GUMWpOd6LGiP8SF4Nk4tEceTopeztK6ZPD0ZFFgtUyseM2PyLSQgZkgjOYZzJh0YAOklBro25Le1r9R6Qojnj/MLeq4mCydjILIkFo6hc/78rM3vpAkjyxG72A2FeBMYLQyqsRxOP14/UBRYv4TVNvPfIJM99JBqRLV4VE0ZIyck 5S34EKmlob3+3ekoMpGk+q/M2SozPXoDz/Ji6H3ORClu0PQJpdPTTxjDzMIxWC1kGibXLMZK55kdea+mdIXYDwN1W769+bmsdmhfF9yzSg+VzGD5hgnwcE8U+IvVYICf1mktzAJzFekp+j6sIkPEJXeKWp97OCwy1mRpnACYeG8WYSz7t0ecIweAJoyDoI0HqBwYEoy9P6FVArJO0qWJ5KwWxzmidXB3r 0i1P0PgzWun+O36fyyfFhf6mUdWNJO2/3Q8E4MVhCi6fV1ZMevgtVa7ApkY/8evrgF4MkUzmTEjAlPCj58qxENKl4caNXP28bUNWJ0x2m9KOnGj57oejxzvkI5cwGJfIeSfsuG4ZU0i1ZgcrqtH81aKrioBEDDjyB9yueTdGzSPU0jSG3eTZzzfvtwOEx56ordyrpiIq9Ugfm0L84rWBSkfsH3BmHVW/e y94yCMdoWM8zaE92WyErwqHUx0i0sOCAj84TfnRWeHKNm5IGzUTwAEchT4LXvFfX/z973HreLTPjvcbqVp7dutKqWJfvQS2kbCq5oScOV5Ri80uvxq3UvpxrIe1Gfuh7ECZc2N8hx5LbnsodAfBMtaEEnVy2x1eVFwDKS2aftAwn/Z3nvTNGQlQQWV4RxlKh/Ig97sqQEfN/0tk3FNkhw+dvC3cGZHeE7 k/Xlvm8qvz8TuedCR400TSDfm/t+vpxkPS/I6KVooqWRxxq7Eo7vNDnZTzKYBcoTBbl/n2xhtYlhXQdK9UodAQmFll7dnepn/gPk0lHedbdzeqIRfXp7n4GQ312Im7U3Sbi3jwhBlAA008jHNvrRCrJ1ACFIUA94iSk8Y0/Eu+TxDg0XpqOGYNAMyh5p9hdvymCnE3nIJXq25OjmVhInxArOe383qZwQp uA8MWsn/xDeYi6W25XHCp/FNLLOXb6rybiaCZnqNZtSYN+yiBjHjNAjmLZPCdmtg5k6kebK3+J84Qsj2rJLNQ/+rIp4hPO2bYuUQsN+bFJh8ZBJdlduYlQ10YhNI3uqNSchCrIaqm3UnTlwU7EHZmNC5BbhMv/PcN9C+4hIheO7Tp0ocFfyNXf3Up3LhthclYS+3fhVxzESyP4+yoGaxTyX01l5l4/BlW qypfagL8ybyXl1pNKUtbk+NtwRC8QIXo544zXq0ngkXFdXGRE6Vyt+ONEi/F1DO8Pl6qqfPLdipvRo956KzefykuBRr0nk4Me86v71Cm+zTshbJEEecFUOUgpA/oXuZFjEGEP8SS/6tBsuIpUYmevDsWbbu7x23T9uewPMYpHJeYvGvNVvGKVFTobGfi93wVLcImS4JRMVnxV0N4jQbid1xNJPSNA1HfW Dd5/DxTHPrZGI9Mus7dCWgEHW0rczgx2bMtPA7GqXznx6ga4ePCo2PxdfFRoDHwSX1rXICS1nqqrSD1WIvgMFFCTJ23sgyuT+W16DuFWJPpARCJWetm0GUJiut5gR9li2MTKc1PHrUG/b1k9COTSkjDCY0bKuH8Sc2PbCc2yCyOWDGRGQ0iq6O5s1ouklMbFRgNkEvoM1WVNgDtKRhDu2gbs9gRAHo9at lYdTpUBsPP0DTcLXGXnjMK0Lv7gQO+O3pwnemHCKhB53dldKDAvfRvd9Sa1wmxTQXAEiocPJpPop2EwBhDzCmz9qzlgz5vpz0slz8K8xSvGZ4WAPvnD7DJn1/4empwrWO5AK1DLDqTjJ0Kh58Egt2kHYSYahrDml2QEYy6FHtSwtQRoK2EDquBGC32g5wHax02Ntc8B5EwvRpcAJjpVyjWdkJbS0+SuVG zX3cHXU7Z+5lAfqZuFF5jQr/pKt7knpgu0/XXy//+RYO1xQrsFIt2fqh2fVpUeUjtFqMJMyczzArVi1dXEYp/qHTr5ZLoAJU2bzkcGp/OdnNAerZ/94Nnvt4F1Hmot0lWQO+enAqQS5p2LYrLsqlc88NZ01NGFJpwev9ITrcPA27IqQ3X6TzdMPzSGa/CtColDz8hNb0tjc+Ytr96ANjlwjp9ZM7/DqQE oH0BgsOgf5iZN58NM8GqXUptsa2XqNS2eScgdjWFkZUcGBHu/wbUf7sArzs+4ojsWchQTC4R0qfHDSvTlc3d7beR9DG+MeDhrXsHa9XqCEjFuNvLt8VE9dMbebTsLFyXA+nB3QWpSJ8eiiAy2RpYL8tcfAFEXw9SCERIag5WFpyKvzrznY/ruj96vAPXucI1U4hVhQHb1DCe6lf4GMMegiL8SUTMcpCXm ZFh2KgeC0XZssPuqCbEjpRHfmMWtLfBazzgbRHTH6N8MYPvmsEOdCaHJhjOYHkLZgpmwTMVoY1WsbLLWHs5AIV8zSUE+kn5BdckXwgekAeVDRCdOqc2FMI6CRWmsVFVL4XpWlN3LNpzBsCcy7GfdN16JnGAMqma23kkZoA6JvUHW8mOoFRViqnu62hQz8EQpwAP62odX8lDuBFnsTooli7zbHEnUs1pz6 F8KTxPCfH/BYYszLvwfq7lr7jCCbtFrhyP+M8eIe9QY3XoJjYZEq+fEj4fIxi8/Zq3zkYObB2ScblPgQBbHKMnpBb4tgqzd384GyRb3ETkzPVP8bL4+1CXsRn+GG1pognXG8i4KI7Dsq3JLoXIV8s4aCS7EyO44tE+Ddxa+W10M6YmqVb/GW4SWu5NmeyYHporSE76vdiWetD4Pc4EiHFw0CFfU73f+bs bI3uAgSqge/+0oH26BcyLMcOH08JYG7UNAfz65MpQ4rh9I7ZQRltEQNkp69mYPv8tEorf7f5G44KHYDVI8GKlavYv02CKkWBBK9tnKVD5RKaEbdmzl1OHWinGvVaYBxEG+DUKcjd+xVCO1fMhx9RmH7wCJrArkrdniZBWlK0YiAGrtwo1exctbIQ6MjkxGGVIRtvkpuXWPagWsTIsXIiXpiHEw3+ftWCN jJehfE1yBo8kPAVLFXz66yCiT5VoDOrRz9XziuPybPsHynVrxEiglNpituRVjHRkAw+1YiO0Hvd/QfwSCWn/0xORPu/XXAehkfSbwX+KUxP8H7Un89QtfVQOtUmfJeNvuLsxHVs3j4BE1SyyjCduRpUb2X0Fk9+wmEfeLZ3ciIH4VBHflPgwZ9ABCI0cF4wZ6EFxRE7TTg25lrojBkvVWWXwvUYJgMxS3 ah9zbFi2vjVj+n1KCj8T9Giy3WdTcXUqvlvq7cOggJJmy2OmWyy+0aRt+j5Rww1ZTolxlH5nNzy/yoerYnGImeViPu1mgVMajS4PSkWUkzUMhTTc7mqF0HDErxnbBj6N2j7tw6/qaxb32BH1tNFXqy59D5C9hZuEZ+JLFCceSkeacmpVcYsBJuji8y/Vhw5lR3TrBjJuTHJBsXx6do8bVTU/PDY74l+dV UvseX/KAQZogbKq/5d/WNP0EygZdDehIqbLnx3k0AS4zTzFDvhxSkmBuplxmCrATszFjk7bZW8SLT4OYDn3h12YbwjiCvlK8agf0f5aO3lvP6n1dlL8UAV/kF3BFn1UYKlcU346kMiuxLsNXIw3jca7ZlYOc/94DpFNJ2ixi5Y5i0U7tee/Fo6dab5Zfx6g5d8OyvV14UpczgCdUeGAI4TMpzn4oUoJQc 9kXyglmFCiGrjMIS6aY1LoFsed2IzmFGY8nTxPAk0cDVahogSwZiSMdIOzEn+ZLiF2m775kKFnDVSiYEPyr2h9p+X1cNHNlKjiEbO1api4T8iA1ltlrkLpCyNmvWNsWPH6GEp32IgeKRW2GikvPL+zX9VpBOlUtKHGHpb9wNYuu7K8Z8iBnwuMou1Cu59wAp68yf13yO8nO05jB7ArSwjx/3Oo8zTfxXk 2xMtRLDgOin2/yXsjTp6gge5qiKjxeA//qYMfn2OUL/Q48kUJKE0N8oENzaGCIpqS7pWHR22t1Mi6EaOjMLpdhlNbdCdZ++6JoSzriTANpNxnCU29AtNarVE+cCxMfyLwA9lIn1yVRRYM1kT6F9x7JrsaiF99f3MRGcxRDn1wdUDXmleJy9I48WZktuDwrKNmt1UmVkloe4d+VY8JQ5DZcVgvPzcD2quJ 74G2m8NBm0qGKYvZbgMxYvcns9KASE9ASYxnmB13EKzmwva+Z+0bQNLrH4w85YfW3qBy7CNVp6bE0Wq5iJMi0cvLHS1I7omgQL+WnbfMdsq+DtcMichNzXsmw04FOg3ou6abEDawzcPtjec/GmpwwJGMbH8NVvxo1AyVSMFI3ETjbmlAaRz8siYzad9FGvQ2rrMC9dbSU4Myb9rL8UrQoHNx1OgSKGRrv Hgxno9WzjDXkX9slQzocJHxEh0UuKRfghF8n9p+nNGj7tYnMVItiwGKI4s+t8s0SWEFo58cOUWRQDK27pIeFIqpuG5f0ndUqyX8npbawjbEiVno5OOUqE5hapZfPG6+QrbBeSmL1wHGvPhXD/LxlYuQPrcFmr5/XrDZBJ2KaBQTs6ZRvaEM3sY4Oeej/cI/WH4T3e0a/qqRs0WrViUbkV8zBpKqe2kWra keszYJiy0BUZ0FoeDqUauTWeItxUnyjJtIhORvE57gS6qP3WvuczfXGaWkVVPFuax0dX8QPGW68ytj9a1j9M0lPyT9AC9n6YfrrN1UI4xDXRNz+5Vg0KpzIX7E3hSmSlREWl7ERRODSs2Chiptqug1J9I/70Og6SEDn1xvfQXEKYOo6cmBRk4PZb9cMfkXna0hof7Eb5m6xsuK61Np4o7N1bFmKzf6Tyx GRyO8zHC4JnS8txSyUJ3FXe5ImO2JAlbCrGHQ4c4XSMuF9jHisFqJT5iRMyxf04fysTORBNZDOgn4jrN17wr3mx+nw8+YYNcGUWwQqMNp07gDqazwNJeeDLJ+YpA59DuM68BVJzoXXBjOK7N6d/fGLdV5d6f/kNvhRQxui4NTqmPNHdyKMHHrVByTueyEEiZWUHyH8njQVBCJrSDfVM7P+hiC9fhQaIbI gD2FP2+moRi6dD52+8NdBuqysxO9/WVqU70fbdcrYi478dJNFzR3ujgI2XZPUu87kOI22tLdr74ra/6JoM0rGTBH6r+EDyHZTZUrfqaUYFkc2NPhNxzcJw/uKyVwuNzWfW6onDI4/XgOi+FlIz411KmmKb6zL8qJzbU3+GDVMm7cXBUwJnl1GkdRvFykmAGDyKbcB3b7gYbe4ULGv1jbiadT3+UyJACUc /4XmnMcMKVBNru7LCDdCZP2OHWpYMIDGxwNb+O2WsqhlhraDTJlnjHvwvjjUm28kZ5BTh+b4vkldrJ7qUABElBvcGO3Z+9e6HzDrqRMgaupimQtuJcinzYSoRpw5WczvtuzREB+Xf7i05B0kZk0UEuFSJrBlwWQ/Uo1SzZFrlAXSDCfBlp9j94ec70ATRneIVrIuIl9QX4iUf2jfjvEp56vLUcoHlM7Fx 4FqzV0JRjvei8jTZAOVcyPQP/n+FXvBpi5KpL5JXhcPirWPBahS8ktJ2/yoVO5GQuHDDBdsrq45yIVPcnVKcM0gVUmZx/cmcY/syP72iK83/s56DoPE6vjcLs31Z+PM9ANQq5odhsXRwfYwitm1WgC29ErzZ37RZndVBi9X662qaycezujksmlFKEsWGlanWxLe+gfld4ZYFFrXw0AjMtiK28m6bRghWd aPRPAwHFHAbn0NgNwTt00JXKdbW0ACy5lBg7y2ZCt4bBBBfmWKE06gfv+dzF9aQC5WadVNNmUFzTGvd+ul93vNtfrlMYTSmSBC0+A+5HidgUETT/AwWSaM7yjuPwkQAdL4wFc6H+WzlyEeoVeBlkVKoWPRi5nBL3fsRQt23c+Sz6S5VFAKh9YYW91tDlFOyvPzTLFevBUnz0hqflz2Jajq5c92Qucb9ls Vzd7H+btEIM/cITZjA0BAMvo+dctDm5AqmPAhQ+gskUndBK2ZOiTNDmw0PR/p8PjF+iEjhcHLAC8HjQ4+93OLKyEa+obf1ffFYazlrkr6XDAhpQZ2rKXJww9G/c9CeS5mq9XGz2+rnYLtamwfm4iF9vPXMNYiX8EwD/m1Lm1wN4kRmKyOuHe7Er0323Oy5LD5A+lEtRhFK1M9ay35WAffpUNwlhCY4ydC hznghxjxcdFEJdln+nahm+4rxecQdY9Ia7/h3KnQJkGpoaOiXjBsHho7RPzrd84P7jsAuCf1Ja4mSlaIBwyNmt1I2GIPdLO4CLWtoIkETrQrBPFL7JEwhKjJkiQuHxDNJ1DtH7zrwP0ZZt2+o6++X+mhz5cl/0AXAknB/OvupXvSKxlJGMBbOhLD1QDCdjHmP7CYKWW/K+RWTQmO9iZm9hiqB6ltqX9Fm yrYu89FSmCOnDH7Dozg3iOue0xx8pfiPCL4t82GmQgH6AzT5id/F9wDM5Kgxd/4Mb4RXPCSf+I7E2WQZna/1QXegGoaCAJHuvDzOe36Q1T8mqt5YgCZRAG8ln0fK09vDm3Lt/GvD6cGgKZpn8UJlPZl/wB98bA1u8W6ZNAscpT5nFC9+kxAl3sDprv/oWthQziouIb1X80b/qHMXofT7VcOM50POpKgo9 rWda/EKNzkYrql9FBIYo2lWo0mXJMOWsuxXtxgvJqU6mzFwgaZHEQ8vrg5enDIosF2p8WeDmZ+C0LidAWifK2Nc9Vlv+Jas35Fh7GBLCN7PBvkAWSeqDoBsizEr/XjPKJbGiCfDh+l5pP3ESa4Bh0V3WUwapJk8B8t5sYx0hM0x2Zs6og1AAjzZd7GuEo0uEl9E6h7z45d1mBGtc1DcFRf/7ab0VU/lOE iDlkhOZjOJHvifQ0hi8Yi6B07ubLrvFXh0Q6IhUECioN25U5Td1dDCsqKAVBe+JtGkWuOm+NdKzmf7tjfunsxMYyV5IQxJHfxAbdns4cuasODBDeBmW5OvS4w8q8Ybcg0Cjq4L0sTXYE7JVUUDnRDFi/IMUssmlVjpP7mla0bm+c3K/I7GgzH797cAGCdLqqk9B/zXceK2oehsXKmkEA1XqYYU9jMlCQP bam5kGfDHR1ycnxOXgoWNsG25eOtABqtuApUJPv32DkDj4piBBdzVXCbkx49PZRZD1hzWrxmj0Ee4s7Rn/JFjflTl8+7NpFj6ZU/e3xiB4TMSncVq3rRQPuppBWU/OGiry85kQ2mm2j5MyU3zikSBIooO8REQ5FJFzs2b4ZcuPpF975foWcj1pmR+O+BtdeiqBpKlElREEKgbcMG6H0RmNAENFJglSC+a cEx7V2ZWvXs6B6pBdBEL0mBnX3zv+N4Nh+OCGwui3pOpQpWXxhq8zlITOStGltmLOd2hHhV3MFHjTsBZUEHd5gB6OBL/HjBwZquly4knC/7ZPLkkzYHwTjaCNV+CXCu4lXqztsxvuAcsTtxRRAuM1jTMLVAT+mwXjT+T/U0NXorCXv/k0mYnZk50ZpMLjntHGjzyTuxhkn6mnmFYAiwjmWc3I6w1jvrhY QcwN0NeokmTm7Gt9LhhVar1X8W0Fv1DUQ8CM9dkTvPrv5eZ8hTcrA7iS6PZPaoZgYIWJ5+HyONnaEGQtHXi7sJYfMunf3ROgovVMVfXpWCpP4IU+8qyTboJq2q0P2hvR3iwTifpnvQqe67Xp/wggXj6YHRvABcfLrn1kD7hDTb2NUql0idMbZkhx2EqWeDi/dbMvJC+yWgwSCreaFh76hEJuw+K9U2sUd HANuRePeaDPp9Grd79UI+iA33QjYn+gTwrRxPCyeJ0XRGoSPEVzbdnNiiwjBQr83yUUGr3+eEGkBCjWCx/lbfjR+nS6D4S7cj8QUA4vqeFaDFXnkgSHP2Qnt5+DW5uxbJ4rqhHvHkBOrL+3ngsliMCFM9FHY3q8mytdLXRBCm2PcHTeQP7RnAtuDh78XooTGUyXBfLQRzASpB0KNoFTCzxeXnGCdgUKu2 Aqtor1hSknpoW3eOAnuuXxhC1Cw5byv1B1g5b2tyV13+KbLzEgSFOoM53tBb+c6FuF4BvTELkzHcO/EF7ruYuFMoeDnSQDKZSRTNfi0y9qVdXAx0B1grSHZKl9TLC0eJ5mezs/bvj7MlgDS0tyQqkJxbiHI4D9uKTpFLKp2W8Bd9ABGBH7NUQYnOWStmkcKv55+muBHH+jMkPJh5Mot9BqX1dKduC+e0K RZn8DT//HbYja7O0MJG/EiPiBXqYnzk6dT3J4/5mzmcEg5+ji2aS9PbL5G+pgk9XkwDTIwicgDZUSfFt1+G8yxIYoz44gVcwlmROmj/376rW79l6x+xIvNMAAmhigfbRL4RxtExVXCE81u0zM9/9a8iDWIc1bU4wr6M3CVDX8k3kX6yanqtMKN8IbB2v7GVoOtJjCLvoWxa9Eem2SwTpkllfcYPcqxT0C rGqAIuEMQNXW6aizYxMPUEhu1uBj4S5MI2j38bCazCMcLAPXm9Iwh3eUUoEsaw7cxQS9f9QjJNIsmDvgVs0QZjoDdgkEt8KlHWhhPk61aNNZs3LECD1XFSYyooibS6S0xFwL0zZA8bfqLa+A6l+wos26D4uc16x38RCQn0/X5jbA6u04BUHOXABTpbAnoHrb2FzgkJtY3rilVuEQBxJ3dF1grVNhums/z mveL7ePdT1s+JmdTCQ9oJfXkBBpLMAMDqRXdK+TiV7ZX4aVrgSD1nw4LJkSGXpOhvc0l65iB2JE0BTy45jCLJkIO4IqBK73iHEtQ+tVSHAgNH3DclL9+yE/GyFFeLC9inIT0VWaLnaFDsLcGKCKzuBoL9EYdQW0S4K8PlvDIi+N/kGw8ce0lL8jBLcleybZwaJ0mlASjCuQMQ1prb3V1UJtYPInl1Xkbg F1i5nQPCpX8nI+8AyeH2hgNDiN+IZmDrj+tTwMk2ggLaYekIag2Zait/Zmo0yPw6wNDm/hCK3NG1gXOfhUXyepM2nRFk0+trfZ+blU2Jp0n6s8um5XKAHL8mUuylT0mFkLSUhiKQKvzfrNYhVfjwN/HdQFQO1F5Iu0QORbVXZnUpedOXcHsQycxv3I+4AFj8IWr2o3OyYxK0ad0pBRhIngqML8Lf1a6sg GAsQ55pr+ooNOz8nh4qDDFw59QhQe4Sz2xeyzk8HcbmMppwXdxktjy2h/8k2JrnlOHI84p3aJQ6L+oO0FvakOefo6+dsQzQXQIYrC7tqae6l41xR7rCBXGjsPw0vev+n9G8xDKDvFIQPjgpzpLtLjmZHmdpPeWeMNU8vTcWrauaE70xtqNBCMNElW2iySWCHFRRBKbZWNzOv43C59GANZxEaq2248x4aH fDEyL6R8qB6PvzJDW77EctIIY/G/MFMnS99g+xy0xs903uiZr0OEIxgKGfnCFH1yvIGhMMUZQ9UStjtr+XBX/ZdWo5KPL7HagQZa98jpQvVcFFUz1mbpD7LW6xbzk3jmJAqhzT5KtMA1sKm90w/TXZ4HPfTFt9/TZkPbP7KayyhnoAS3ZkbjAvlZL1xET0bRPsVAy34QUhMalHVlfSIgclHvkyzlCarnQ ajzWr2ti0lHU2wNd3oHkmCdtrIu3IV5yTrYqjRPap7i2SlghH11cdsNmh3L+TGBJuhQQCK1zaNgpgY0yK7reR+noHbQiZ2ExkF1SkU3a0tU6U2VF8A4OJqI2vVS9V6EgxQvQudilzoi6NlIkKfxFF2ZXXJzL5pDOn9+bJLYSkhCohXBeCMaXI7t3KQ8wIOs1OZtrbup+Wn6RCNcQ7zfV5vwMyIs42eFaq 2dzUH+Z3SrjtiO8kFg+gl5UKjXf56jQ5rlmAF//+gWcHiju4bsZVWzWPyBIs3qtGwNt2DOSV1Anxvodo7Ddte3L6XzYd+WpT4ExDYN2R6VT25cUCrspYnm1tmtFm+a9EuVuxC7a+EQ6HtPVZDB/EShjcu59GF6qHlpnX19uaMMDEm/Oda8k530q2/YYm7EdH2R7InU45LmU0b0SKP4TsmujM9MY2bEY9O /b0c88+u1PaZIuSqi2osO85wSwDNMpdaDjTBy5k2bv/m5FgaLOERZjVCQ3eA0pV1j/ykwKgdqQ0ACD4qziOz8ZfNceQjqPfmPsrPpjmwyHtiF0fcyvaxWnyrm3uGzysxKCD3Zahw/cHYHdRGHTmUOly9ViW18XhBbV3flygfciQWKzt1tcng0LMUflXeACVt6YfBjNCGFJpiNTHCIYSMupPis/BWTui+5 7Zqz/GOQZKN7CwBM2SkFtjr8gyKggzYyfoIyBrylNPxfvgMIeFkLr/I5apa4ksW57xb5VRgR3MmgSC2dHmq8ilcqUHyAkbwEAhMVajXfBl5peMuFPK7n49BTMxfTlgqgihkUQHXYmpm7C2rkCGAPQPZ0jNvioJpK4w0kodBucXxnS6YmWpvQLwH9dJpxfVloRkoZMJFhga2M3FHt1kKe3Cc1lA241+QtT o2yMP6Se3tZJSsz7nrm5YmV0xZQ8h6UjBG8jgqQI89I9bDjKMMGuB/x9+nBW9fWltSNVxb9P35NYqm1cfJid/kz2cBRkXdpy9j+Kv1bfob6cNMr8sEzTLbQkixmbbgZhK6UeY94htoCAP5y+G6zfXJyfCAq32MRjEr1rmHK1QBnuU5fMmQkAK/0+QYuWgnI/IBHjwY8bK/5PdM+qTCBklr9v6+212AdoJ F7DLfZolD8Z52iGQJ38mADIY9sw3YZG8gXfgXj0I2vOfypUX5qEDacIRyXLabU479xKXXcN4+JVg1Z94Dj2eFtlJ7ariPHKW8VQ16nSlBEl0QbtLZoJjn2cJwCFet9GqYWwX+clDfOBN8ainIiZJQj9FVuatsaznlvdHjtJVmjs0Dt17KecCKD/+v9w0KTcHKNgoShUpmJyRxrV4suqULgJctwQJnOOkT KT+SxHv4ZuF9O0+4N16hZ8AMj5uQ5Jc+1jG3eD4Xx0lNKO7O4lJgyFoSEjm8sPE6iNx1kzLrbGRPVFp18dl7yK6KGKWGTyJ8IPXQpnCFB6uxuCeRxTrtItihnXT5J7ZzBEq6Hr5b21XR/feN1s88tyEWMMnwn0TesJ+lrA8mCX0SdO6kZsfkMd21qVB0TMXoI/wwV8l+r+tOyuAkKuPKoDYPEq+i20iQX a39I6rHRtucs0a5graUPnR6O3UR63oOdYu8KDzmIZwKG9p4IamrbJoz9sVeqo2QXs3cwliaI56hBCTWPvxbH0Ybd/TeyzVi0+1cTyzbTmpR5Iz0emqC8nTmbX2mWGaHDPvzLdj07CNTFNBopgSG6/U7YT04a/hFC7hxkxi/lUx2rNenqi0DZR5VDJTtsO8atgZ7CZr1R2GhnLVoWlFrGyhHp490nWenph BdL66Fk1Eh84saDtygSDa4R2xX2KL6XU4ICr246tmYv3BzynFwcsBlrlChXRiny5RhcnevesIL5VMHpqnCS8CEU1mdb0XHSawGervEjfip7olP94lsUMk61H2jhUxKVNwIlEn64FL26ix2tBHQphdeLWbFW9dVmIjrwsBH+JKrb17hT5aCW1LSNoSkvC3LZcV7yU6OMPAYs3cy9QrWF+t0mfD1yu+6odz Nkxdgwi3chcQ3wKbH/vCNK0Q3hKQeHAb+SaTOdp0Bg67U8uYlss44cQW1Dr3weks9oPP5qXWe0nOU5CY6iKhs7q19JaLSOhLSO8lAD6F5g7IVSqpQRYtJPKwxrS5bM1dUgq28prWsmLaIfz8SLESglDE70Bg+0t1PKiK4ol6Wx5WJzCZ4tQdD8JmQSZCUgTy66zOMnfJeb6aRsKMEbWfKg1vdHiqugRTt wo83Dco3KdwDTjrkX5T6UrqvMpxL9HO0PL/bfzDbPzDZfsQlyIqSd5zB0Ls7qBF3w4V3FkDGda2ZT1yQI1bdSpPbkSBSO6+JzT4bClRiaKArnbnuAPnBrCgXr3LCPudMjjWJDT+LIMW8pCj5ccJdX3/Wd5xsCr+ekZjaOfthtKLJO4gCNUW8PednuwOjcaZoPK3YQJ0hkp0V0i3L7kUwWgDz0+lHQ0QiZ ISIUNLFKaAu2WSUC7bnWwER1dxdQpNsTidxj6NutYX1hCxvxVrc4AF0Tdg8m4YRIlCtD2NucdiDZ01mFBB0Y6+iJ/K48XT3hdTMPraRs/hpgKVsYZOduzUsLXZoKQes47OX5LA94BmcGhTSOwdadMwnEhAMzhYbOch3Q6y3kVP9IkpUUoEPaf+UoEmyG/Rhp+vBF0Nm8o+zSm+fjvWbXhH/R+VuK4jmTO TmDnQyk8ZghNOvaCCRXY97Z0Vjj5PVmZnfM1fHY5+bpWGknBL5Vps9osNzNSGXxnRJupKYIvK9DNrEwE0Phw77BjZvGWOwL0sqAf3e6xkCqRK8pCT2Grjj20INCWY6wIZOo9309JKPLCSktmCk7cPzslf5vxjxTnWWSJckr7wIeBMZT2Af6OfeppqxQJ/pKD0jDAxtlTLzY2e9kF164Ws95q22i6eh2jb VsS7zCz8JIv1DET83/VYCQ9OBaoGT6qq/uF9p7rK/i8PykXpfIoBrvJFQ5npDVMQr73fLefq2Q0f8vix1LmRtC9PjMCW8vSlYcqFYdrzniju18mW3gABOacPwpq+fdPZu2SD+FGEQt/6d/z4ePgUs+tVmO4W7TeFoBTLchm/Utau3+H2V8POHtmaRwJ5zGIYom626b7YMgdidupcoRjGd5M5rYIXdcghc BBgfUd57nnJUZqPQTMdKKoLwNecD8Lch5R72jwVMgIbQ69W+u0/gE936tGpMw8EHC9BNiQSYiV864lx4CwXYwRff3c+8lGmHQu3Jmey3ZLCXCW8yhwJdw7r7wAYP3WuxP0x8sFOc9fa+2AO9cc3N/36VQ9Fx9UuWHVLwIcqkz6rKhNU6KoPApgAOtxZYlPmmkePMc1Po0T5ennGrEgD8jfheKRChFW5Dq 3yLjDBu8XOwj/IIEPjjA6jjauhOipoCHiiEuPwNbXHnA8QCnxeNDc6fS4i8qsZFllnrlMw5bOqXumXV+UO844tse0EdffJfr/8aeb1FuBr/BkVrdg0NDov3prxvVOEIN9fT60ypA8TLXcqLajq+gUo+Sp3PGaSeGeYzidRpTvgx61TPIcBRAOu9u65eefxz1dmZjLHELUHqazt7yAThtIjk3+m3Vw2/oP PBeANCNP3ssDS9NBVSIu2HuQ8jPtW/7rlmOvcZEkUjZgZAwrd3i5WGnCVhpphG4V/M7cdabHqCts56DPxSa9fWlBZLEDuw2qD+8/6Dcq78zuOHVYI1BMe1ANhYfgmM7RQSzDw3bYvwq77wDVt6B+VsLA5TpPNwSP14GL7V7YcV0N1Kn4FQFcInI/wxQLaWSHpZrtdUX9k16HOB34h/MmrIki4Yu9bm9AJ kvHFPYOTj4dMMqSRpKq6CiJpwDdrM1aKZNSdMWXm8DWKzseuCafpkPzozzy/t8800EUDR5QipFg71cX3afGIY89Ffc2ngTgItt7XteXJIE6YTc6MX8EZty2MMgY4lL2HPeoPTxL5VKKg4RGQPR8nkIHixncDtL8qUnwzQgbWZOFmiCtLxS2r/+fc4S1t3IOdQXhESTjO5OqRJ0qL9vY/GF1ca5w7oXjto paBjnQaGNXoAth/lhzAGGCCyCHUnVTayRmFdTLqq95TqMVU5rLaeJm0fIWmSzYjRyv/RTJC8YqUoocF7B/r+CkQP+Lk+xFCU9yoxmbfvxfxvBHyS4tj7kxqXLsipUkv/P+33o5LY05hil0c9VlbVg/94xR1ZB61ddHie1FPPIzNyS4ldN4k85G1kdwTFQnYof6rT0PZEAu/Jp+h6qYlorozLKXm+f7N6U aZFJ151zg+dmVjYRSzHfHGz6zUFUHoOvKG0KvvuYtrR+iHtCEK+2Ge75j8jlnEUyjcfjJvXgFR1faQMboH9CtSOQqk774s4Qtl2nkEPmXq/F1hlcUju6MW06Ed3TfGaiDebgEWqEU1WAnzs7oF4qQitlxFKuUaX46aQWa+/DSWO7oXRw7m+yBnCKQhZDCUH9VvbZiilmpc7xvFsCbwupHzMUL8VvKF2p0 ZeEqPUUGeV01nSPhMaXMOYDrgqPrb8OgkZ7IMNkpZ02XkcEaEAQaJFuBK+Cp8X8OuTKb0ihDy45Iq8qMoMek+jaXLfp5Bpsrjfy3SGBJ7+scr0lDv76+r48BFP7QGew+wUysWQE4kSDt/TthV1bXitk5xGxIxWO0WzV3reoQD21D+++Ow9xY5cUKOtt108Yzrk+qN93DGOi8kLtjnrE+yHopU/iYV1TzA ZGd6uO3alKRYH/b7KUsylg4sCFRgo16TFohlikC/fSb6fl/EKD82y34LJBWkxMFL39NTJT9yoLvsizAva5s0a+85+4W79MRMlDWc1Vg6PiTXKxN7YPS5a+fK7+LABhzWDvnnoWNwMX+LTs5wDf+9icxD869BH+LS2r7zH1KRvR6vFaTa2J6wMziZ68eDyC0wOxyugsEWxjGIVCDcktFMXY/BPwFEN7phr xK0gr+RyWKMuC7QTZW7yngDbXeBjE/GeKTrFenAMNAOkbCijzVoKRtHHguOuCgkW94YXU0SG7vgBSv43ZrcyCofq0stp7xTrmOqVoNk8fuDABHeQxeimUK36nkLXtGNp5SnoeTHFDqoKea7JN/M3AXrWAo6sbCe+sUDkS2XZpBkxV/9zHu/1jVtmXZOo+o4A9XyZYN/MBxk0ZURpIhnj8JL9ArMUiZJZT nzevr9p/aIsnFQYLNWfcn+YIlfNdMbrMerxfgyGSCwGGsZ2v2Ovx9Hks7h3E1Qs9jG98/zsbnPZPhEVxbGrC2a7lfPDpJqiBo/AZqJKTSFn9x8HkksOIWfxszUwum+KGTe5g5PgYpVFNCIVZC2tGhLFsgq9Q0S1bNNk52cq6A0K73u2iXFjKACpUOrFoMY7HsWqsu/8kK0NtgDywJxV7Bo8zxVZhn5UB8 +ca5eOgehPQGeFuhZ12ceyvmyiS09jgcp1fu0DaB7Mm0SNhbRgWBp5ILOpYuudQSC4x3fvCDONZN7UoQFQYXTp1M6secEIbdpTwmTyZm3uP6QGPpg9+E7fa+Letih1vZLnwbFjsxyR6ZAqQ0KOpsoWXC5FomWzZ5etQAwswjLTezxMaH1aLdpCQiToQtNwtjiIABR6nla8XDoawO9C2OpZ+0vamtZCnN+ toubnWsCXG1MkOlcYkcc2TbfF0DAmUZIrThKgfkT1RIx00TdB9KrfnnhL4xPxn+VxW4b9vyqMIUzHhM8nWcKEGDa8IwNjNT8/WNeVTwQ2Pbe1ucwdnDNQgQEhh0ltd96MQ7DS0VJbhgLp78nhGpkNH89iufOw9negD+7UzajFWcrqsKV5oVOP/jqhi4jfJBH+DA29X65i1p24V0TtuqM9b1FiJ+wP523I V2c0/fMiEHJMrzqgtoKveYTLPzIy55AflvV0jahYuxDd9QuAl/tUbUFUk6sogUsTU5GWVckmC1ifflzvWOv0e14FrFdQDkuko+Y1HCGDpr/8+dzNqem5+iMAzUhmIWO6T4b7K7g6+2ZZsIHLrvkGHRRN98N4wxdtH7yzs0TbbLXPVDuMZI15ESA0GS4YexY+LsHxfmVNC00LOFXipmpM4CBHpFlr3+0De LEsB84fWKz5dINb37Lk/xlSmo4c93D/WNylxrCnoSN2mNLzI5OIvqyGwRfzq0WnbNkamVmxkH9Rtjbb3Ol25dod9Jcxlg4yXVKTvGe4oOHJ29gGtgbf6iE+x9jfCIMZUDHiVObMYheC792K8sZH6D6EaxGwJ7cjghuSSUUz0DttoW/v+82ek/AIKGOBEZsR0gfGWTmhO8ZNlEYbTP4pHuid7P+Z/Ov053 1APjLuLxotUTIrjPMUn55KBBPGLN4qeXs1JbuWqcT+x0kVfMX2edAdbgKTg8jwaFgm2KRtW8mTK0XU0D2fc4+aXN+y7n5R8b8NeHaZKYLTFaCLnAHXi+KLLo2oq1SQLCPGLmjfeeIIuL5MEXnX/duIkLrk2YAIyPhymjEbNZY61oaYBvwiv564nmdPMijK9mw4V+ZLpOTdtydW4w4rj6LqTqTQobf5/1J 3fO3Ft7IKCOqbEhMxYRqTXajb5qLJHNPWcuBM7EnbJbugewWJo3+ZsluSKS950exr8mLpve+ZXPm6rsnMRy6WOD686nmUaYOEvwq0rQ1qiIvG7I+h+2tZYTwz8vp98GSP0rOlcoc37xYPgPvH/ZAN1zZb/MngNEcjU8s7SGETQGkEz4pZ0zr0Y9KkfmMjv+1sFh9hqui8AEy3IFM3+LzDFI4XA13rVvBQ GRRCsJr3ImRJG+Zi7pqVfw7uvjyFIQhyc4wnYCa+6DjxXVrDHKbpeTzzWM1K8dLHisx9xAkRgaQoOn8551GEADnG1J7Le/hVdpudWm5h/35x8Vq4pTko61QjSAQCT4Bz7/BZT58vanP32XKcBZdwidhpTaE97sQyYZWoUnVIj1CVgZ+bqcVIPe7X6agiCtgzkDydBl8+dYbt2v1ydbLHHykRLBHg8nv9u 7q7hdyfZlJR2a7Qz/3PisL4pyzcLtQepKfXmUGEa8+o7E3RsuvDzyviCvVNMaDGoUxn94wM9kO0gWVQEae1IvFm6dj57sw58LTtA6HDXl4c87aOrMhvxuKENrKkEdjsEz/TeROE5Y936CUXqNv6sDg1u3c4QMWyW5pffYBXeQBTp4ozpYZofyqEGNCww/95ex4uSwptVJ3HxHZn9nhs48A1YFSkpnz+v+ ga77kvVMlb7tnzfinaZTx0fDunyHo9u1ydd6UoHzmy1ZfQVfYYKpacAiK2eFFJgy8S8+BLf5YTszZW7AIa9M9epj793mn9nbWqZjiwOzVabCT67GLWuSymeoe/qG0QS5ib6wEIEoALihphd/4e9Wo7/aZj9l7ihkWyJ6YK4U4femJGD9YlRYRLAfVvCmWtE2NwReN/NN91rTRF6ERszQRyAl2LUsix4fj g2LHHLehH0c1sGXogS8hGuKbptlanxdjmqiG/D64AnWvYgUHzGgg+vnausQ/6ylCPj9IjrP7pVXtG4iDTLprl6K7IVMltJR7dGiDWWiJKyvfG9zswG2svaLOKP4MML26XP42HegLy0EUwGWFeNgzN5UQqwVhaH02pf/ByGmCdXgKOujx4DQreuZYHaKeM5F48yfBoeqx+XN3uZgCnU94ciuz7stHYrFpH 3coOZxWgCxPYCPr9+T1LJkhjiso+V8zuHoM4cNvQaWThjrjzK23xWp1KXhWSpbt2OnJcfV3f0PGb5Keyx8IozCS6Rzrfyd9q4sGNHEm/IKxbhpSM41gYxxtZq6TE4T32pGcrIxEsbSDy02mkPDnKHxX3Uy1tnESF7Tkfgdj/QNxw8TXRE1B/bDyPgjUEBHXcb7iClayeBdBRfTO610HEqFYMT9T0e1rba rOv0a28BB4ga1SaMAW5Ux+ECSeB0jmtOh+1ZOI2+YlhDzMpe5npLLwy3/b26MQ+jdYnXIbpB3r/chF6yqRUJ2lrrCx/3iqDUaK/ZIubJEDWLKdKhBiawijgZ1r3LaqQPLl/MTZ1GEKcCTh4/FFsQUWsqoCjnuV0fctZRBAT7hG6XPaAB690gHVHH7QIZpvMC8GEWef9qhiwt4T7oDttES7XXqWNWXCEgJ MXtdNlxEpG5qb9s77xkn8dEM2Lg08Z3Dq6zlRVGZ8DDiV5SqwhHtNFnoZj5dIlBmoldgViSaHDtDjVbkNU2bqp6uEQa/BfZhL4Nj+pRk5wY8NSlK9J4pwc/pdzfiC3IX7QntkBCx1sO/9EmVQyWbNAEcceYV8VPXGajOxhKJZWfgmx03VzvebmlMzx6S0UvJetVncbDyrCPwlzqQ7R7WplEXHCxO5+HtD DVH+Sm6cmsCeygnfiGg5HU3eLjD6ofBK4jCVHAHf9sOuGiu44TBmbhmtcPKS8rOT0D3AcPcgXjJey1O9rYgL1bNHL0jXR0sSRZdllnV9wJdPWgctcy4KHSTX5UgT2MxGpqA/z3d8XeSVh5136IdN4QZ+BPc9Y6tv5WHLmRvcTTZnV2aQ+9QrCiuTn9GqGhDT8e3GIhRJJiQvRCtSaw+d7lSOlQfP/jA10 YJxdgq8b/B9iM9LBTqtijf2BDOShe7jE/LBgZTX3sUpJrP9D1eoYSJNKSJu00bWs8mXrBrQyhhg3Cb69iFK67wJbjJeX5Ja120mXia6DBzTTJrkHJy8wUNWh+r2ZX0taNy5OQQrNBDfmjkl3V3hrhMVzSrxS4Tfq6Rzv0ecFly1rgVqmnSo/GrpzNw9luH9KmoDoP4BEstlTy96+UyWfHoHnvb4bznvig 7fBtM+k+m6Wr/WOB3X/sX7esg2JxWJRjxujxpzuSyitzm67fZM5CnRkv2n56TgyvxukBCeyIUC99N1u5GRN3lKRBMqGYZS7aPxRu1nzvC1VpLf52ms99MtpbZASeqa1qF49eFzEjN5mEpbJVyuXiubrdql2/G/amrh+W/rLCUrnnUq9QBUC9nr8QusiFJAMoWP+pjtaJCjqubf74Kqy1DnH12GlwrmiSo fwKXZihTLioBmto8DAD0N9dZmW2Sj6JmXRBSOLECrfb4GO5YPXP++moFq9AodF2HmTlFP+4YvV/QCVCL/tJNN1aQ/BZms/5Rj4+fNYQ4SaoGbkOL/Ys2CJ9K0gOTk66NwkkQQGrehz7gTKkEeggtCLUJ6tNdN6kaEFb81yJ8KgRnDFzcYKK8bAYAqymkg5WTSSgITILn9yYpasIHXz2E47xGQk0AuhlNa yoqN7QDhCE17HctaiqCEfxo5Gr1bEv7hlrN1RjXOK4cNOlYFrB9NXYCVu3NbSWBFzkqueMITjclNpDwQLxY5iz9E+/jzLxcP4bHoM2TipxOqoCppgjlNW75RkMubcCWjHgO/wrbfeK+7dpHAB7D9aPhlFL4QG5k3xWtY/wTJvO3hv5hJ5gD78yRYIZI6gYrW8i5D3nrxjsTyCUw2qm4McQIPNpDnPmkwc vz8PdNGJUnjLKiMpBgsUatiJ89eQMKUl6mCGps8Zyx3Jgs50ULmgR9ak7xmYQdkCp7SQDbts8d/N2oPUM6tVdNkP1A2088Mx5f9deRPCUEQ6doO9zxFnewxWvzBSYSc3t6+rFSzJzphcz85Sqb8WRekLrGW2Y5WgG0QvRVf+WZFG53GzoM/iqoOaTcKsgTEfVuv8JkAth0FzKgkbPudxLDZPfVQkOmaDu BAKcdy2LlVhIlkZW6VGboAiTYfOFtmoBOQyIdlLRmhoAD5nt2CHh2ZPHuYl9KU9hWlnpJLKUZ0jPkszMv7FZP6gZXKEAD9eNfqG+FlrLafyAVn50QAersw4M9BSKvuh0VKBT6nogCQCBMOGrN1/PBuTC5b+kmQy8Fa4DqCPmX5ptW0HuW+rB1sf7YDvKDvsgYdwZlAz8ss/VTschHH2GRINbkGgSBuv1E n01D3trdqbLVGkKclcOZq4BA6DUdmQTNv4ZYwYFfCU/KeWT4H40fvo50QEKl3gAPs1g4suTJyYjNj8UTb0HSUt7E85p96OpKgVq9O7DyUeEjvNcjuWSAkpc86toIRw4fcfWkqScwec6VjNipfR/XWOa3mK8W2k5ZF9ZmqukZkijFUGaplcEAMMYAvv3oFEZPEoT2UbLUnyg38bt/Nud10jq71Zds9woGi kWWbUzruBRqANYsvpUDPZX4cUXuULx5yPJvFOdq70DKRJB0r9iez6J7oGDChuLYf5ujpkW2TfPmrC+4AbLWInfk2N6iO/TBR0JejuXnLUypLZVJRd+toMZUkhdyskjVbF8k/QdSVDCMk+DdwwY90MaUdT4sVeSfTo6r/+h3J3YoVEzTCnoLFHOURW/RY5Xgm2B8VRtc591s3H3pPwxqRR4CMC4VUEmOCe FFMx/2qkRvZfrUgyHPfkQPo4ZFIqhnnL9zUHtNkhAr6h+bpvzqzvCB5gj7Jmv2BF2ATwM0m6uTFAOH8QPZlT4cltlM/8Htsnr3TfMIDeNCiWYA6cxza3Kn9zj6i0e6Yp7X+WyDR/KerDYMQ+MayZks2AVAXZglGcFHzyd04G1ijbQGcSMswFd2PtIWGklPbSqGZ5bDQONWrW7H+iyKV8ubaYfCPTdiVRM pqbz1BPw6tEeh+h7NMBIA0fgJ5B5JJxveYd9XQm3mYz7q07B2AxLneLStJPxd3ZqGToP8WX3/8oelcksjNOom6TKPwRWVr4GtR2p/xOv67pyVlOLAMFERKXefri002iS2fk46dM45t/L8HiGLITflbxtQiVr6j+UlbyGcyBwssVhz79pSCQYx3w0TZSqqHOt2/gkdJs3Bewvc7cTGAV9iC9ybVom/Owbf SSWTBBDVfNIwjkJ5L4iCl9z07PSKrCpXz5+w9uUNQHcvOQF8lgIHAeX2L2dyLjx5Au+/OWjq3qHsXKGaWUHzMWQmPNj7t2InepF8dz9ZmIQmPFvVQFQZ7Y+JFXr3FvZGRgOxveHJyJFXe0cVsrk6p0XnMiaqlXTVXwdmwma+D3BdLUXzX2Fciw/ZvtZFf8+MUxiMFDywBeIxE5Dw/bU7zCJbGRVeeeLGh cyv5dFE/+uaJeDfEO3SaJRACF47yw7jTZ7X4KYp5/v08sHlMs+WB0gSd67REn+icgZ8VPO9MxJF1bAOQ+0P6x5u5ZjGyrRJJhjjiKeF1DenFO54JLiUsurDydCcDgvcjXpFwcxGGsOFMXCsKA9Q05HMimRtNFsjFCW0LvE0SUncSJ2hESrx1IRyDUufJ3RVaIGh/VlqBfYaKk99kwcpWAaznRryW7iDPG TGG7LWp8jW1Kl369heM+ceRqM+5RWOQTlHMIEdNVkAnayQ7GkGEZHnr/xili0WclTTk9BQSJF6aJEq1R/HXuCMbY8ry890QNSH6krq5rXPIuF8puBTMG4GUzVxc1QxhXldh4xijKNiqH51z1uNqQj2acro2SD1V61xdFCDaZt0NJXfyzCo5pKizXOzxJVjkNBhRHLmP1LAzj4xkPinV43Y2N/o7LL6ttW IhjknXcPDc6P9vtlcMzqSC7dKeBwCvRqYAeXj2EU+/N4Aup4X/xYyuqXezOeBYONxnZgSW+oA/w1oeZtBYClUCc60M4ROWNy9o00zw7DP6wyCIItXLsRnKJRa8bVsVgA4WCTmWP4nG/UTxTfG4Q2wWUVRQnBbfZin9cYCO9ahKcFSE+iiBDpkCDF8vQvN2MNH/oVBZQrukCIkHO8OY0QEJ5JwhUXYh+5c RJgUcYvvdjdp99Ptr+VwUq+dkErPfg/N7yMW0NEEJGGlEx9tlcHOJyVTDEZGUrj1+hL2FeFCI5JnKSUDdMYDRvYpHCj1yopjl8CwcItv7df//SxGymtbqQrGy2amlrGxtVebGrPlQrulmIebk5AlbexWwFxsA13ku0mibL90J5+U1kZtfdTdgE1Tfw20ybEG3bhJCrpKs2t7LEj6njntF6Gj5I/6gYcZr gM1oIQYOD48kp7fJOKTyP8zX6yiZBMPIj3PElCZA1mYZsTMmnPwge0S0Og4urk+23o3KFSVjNomxrwaeI62uLhZFzxbfsmi4MGrvJjw9/W2i2gSlrDc4kgrJBDJja3O/feqqWBKm1U7rPChtcGiy7H7Unmo7z9PLNI5KmZ0qfn1pBoixawL16l9A5BWUd2rnKQhUnOjARKcywFKz2L9ahhODv6u0Md7nb R5ulljaSAJCynfVk6wbc2eXGu822H/UTWlQrpfjUIJubwiiLqFWZWwemkWQBlvfxpXsP6he9woI6DuYRV5afy7meetyQS7iHWq+9snpjfm8jQGKPnYs8vPDeChmegq+D9M3fVhU//gNHpnc2POgOZtwZ5BFiljDoniKjC7S0VE0kC3T3/3i0S11APcahJ2LGHqo74cScga+IgE66/4dP1p3lVlVGryIBy wpRvKqFb+xBlmGiQ+IGhkEjm+lIwQOYfESrkbst8tO5yGB6c9imcRQi4QWQFGyagCPjZiOQl7WLb/KRRgQ2Je7oRy53LL1pxq6UriWoJ1yGpxFgihRzkwKkfcdnNqp2CV9/X+tP3/yaT41vxHkRE+isHw9a6tt3fXno7AyUJMufLFjcm7ax4Yy3b63fQka5gs16xRXOAoEUzZWeNONBdSYSTTEpUK7Eh9 IhVj/Rk3hJWszAg0v/7THykqXk01vLViCaZItJJF+bBnehZdpwjrNfjM+YMBeRLH1qjd0T7fOhEgzemafJL+ygwLs0NFGuu9mpuwxCtCKYfL7b7ZMxzMhDVQUv8uDTjjJlsMO3D78gACE3ARcx3ckXE/E57QxHgpvpiIYfK7BLpF+ZYH1KRHwKAnUBM3Jv0WZOQZ+Ik3eaybQrXlMxBxq1tiWOm4DhfYX s5T4YMItYh9wgPXqXSqdFxomR7gthUPk/JRPQkTEjePDUiILqaAbUfGilSMDHUxn+0VKKZvNGP5XiX4TmQ0Qydyw5s4d6MvpwC8r0hdhFPb/3IMDhikM3P3iDQE8UjGAhbN/L5tmmaEwv0kx05/P1sYnHdyqfDrAjsBM2IgKl9xOYOwu3bOy4okSZI7FaPJwUjkXQBcT34PcKvTqahiJ4Iy3cKoKGpsPG xzhsNwd+3tOP/RBZhXj5o8d6MEOBYNtLPxgGkFuXl4/PRigJ9YmbBhYOt20C6/gR0LnMBON5XrD3t8apMW/JjC/e3S/memsxBAAEC50m9LRwtqfzjV/5WVxZY+A57ZHkXMpRFRU4THOpLWVKYR7Qt4Ii6rMwPcwn9oUJd/PRerLdKdbn9hcXVWlhMP3/AJS3yXiP3c22+r8k/9+J/56uqfTZ//8KyE0is cHSwmenazORf0JHgEwqdb4xu2ah9o0uwMcKGd7X8flBdPwqYf2PxZ2thPPWAeHtv65fstKliOum7MnTIzuY5D0DAUSFiFUXh35/6plU6N+ug0q2pbwoE473iJ9qFkNgoW348eoWAZtN5TMmmR3sKkS49QLu7pLIKwm6d8fkSccmu1oUIH54vhQVDpxMyJw2FR00EHBqVCuJNxuCNQdieGiZH5GJ5YbghG tRe7bNBjOPUKhyGKeBrw9gdmxI1sIEwofdoVN5LwZow3RIVZBUuZCgpmnJwu3Ssh057rl87EnY2/ev4834rxtLrpEfQo2E6sK43tP3wjRNZBqHU9PSD1qdhEo355Qq60x7w0kbWJJ/UlxJ2IVdLfYhmcQj3UgeTD5dBRn3bLpEGKfluLiZLet6GUVNI1t8+vnJey2Oz2WK+zgCEzR0gxxuRGEFDJuy46S zbRfRVzb7ynUJw5lXwMl8U0kA85fXQJVc9uLgz4VMOefNw7nPdh4XVuNSwAATZZfDvVcbfG4Dh9HRRF52jZIdfUbJ8nX7akcvqABFpNp1H/C7BAAHslgGI/wU0+UFIscRn+wIAAAAABFla" | base64 -d | xz -d > make_lkrg_safe_again.patch
#запаковать файл в кодированном виде - #xz make_lkrg_safe_again.patch && base64 make_lkrg_safe_again.patch.xz > make_lkrg_safe_again.patch.xz.base64
#md5sum make_lkrg_safe_again.patch | grep 4cca49bbcf272ec9308808f57b2fbee6 || read -p "MD5 SUM INCORRECT" x;
patch --batch -N -p1 < make_lkrg_safe_again.patch
make -j$(nproc) make install # на дистрибутивах без systemd и/или с самоподписанным ядром возникнет ошибка, следуйте пункту ниже
при необходимости подпишите *.ko файл, если это не произошло автоматически при установке (строчка с префиксом SIGN)
/usr/src/linux/scripts/sign-file sha256 /usr/src/linux/certs/signing_key.pem /usr/src/linux/certs/signing_key.x509 output/lkrg.ko output/lkrg.signed.ko
если вы собираете ядро под PVE - скорее всего у вас модули будут в формате zst, так что их придется сжать в ручную
zstd output/lkrg.signed.ko
cp output/lkrg.signed.ko.zst /lib/modules/6.11.10-secint/updates/lkrg.ko.zst
echo " /Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4ASOAjxdABGIQkY99BY0cwoNj+ILVyn6yiX8EwmzcFcmS/XAjQPzkjs2AhaUOjGpDwHWQEgWGHazRt4/quxjJ4RBOxmUW 9frnMg23ZVE94BipI9xEVWzvPxmHo/uk7AmQZAtU3dZ5yZVheG1uoF8tceeZO/sPCUCCVOgxdfAHwbCI90y7kh5Vis5W1LXqVcALL/HDktyoK7A0i4XZt1r8bbgei QVldYwUFqGLVTVlopTQ2L2yDXucKpFv6NFVyo+1talf98ShTLNLUBLEhDf1a9/f6KBVTD8a6isBpRBrMSKWPVUaVN3f71ObX/46yA49hs7FKmABMCWFYpJYuvuEhM VC/wzd5OtCdo10SJUFtYbORM8DxXSLYDaEPzIGstWo9zJmlRm0jrzYGtxoHiypMwFloNuN5h66+Ifs39dLlHXaVXY5igEzaPZ2zFm8bbeNY/LUcQ8+/3f2tfbAnOa JZEt9IfkCw1J3GjfRiSw2BJJKP48brrpJZlRmewtpoTcV4qs/qdC9ZgZoLUIWikuSaDnmemvm8fp6VCQxZzEIb/eawtfkG7R7WJHzVxMHyUNHTrY7YmATsqTyGvMh K+WwnuPD48JQRF8qto5LmkBnEuOe1fOceGepPyxfphdZhSK4Wm0Y9Lk6XGkO22fPYj/9Pky3zrdutDXd1UuZJjAPfOTB91+c4Ki6xpmNzAwjcnBL84SDWJ1tWl46s cwjw5FSCe/4Fi+27s8dco+imqdOW8lrm2gLCePwpLkCPMGWKpSTvQAAATjduEwuK/1AAHYBI8JAAC9cVNyscRn+wIAAAAABFla " | base64 -d | xz -d > /etc/init.d/lkrg chmod +x /etc/init.d/lkrg update-rc.d lkrg defaults echo "lkrg.block_sockraw=0" >> /etc/sysctl.d/01-lkrg.conf && sysctl -w lkrg.block_sockraw=0
SSH DROPBEAR -- MAKE BOOTDISK DM_CRYPT GREAT AGAIN
#1 ставим дропбир apt install dropbear-initramfs -y
#2 добавляем в конфиг дропбира свой паблик кей
cat ~/.ssh/authorized_keys >> /etc/dropbear/initramfs/authorized_keys #2.1 #Edit/Update DROPBEAR_OPTIONS as follows: echo 'DROPBEAR_OPTIONS="-I 180 -j -k -p 22237 -s -c cryptroot-unlock"' >> /etc/dropbear/initramfs/dropbear.conf
Where options are follows: -I 180 : Disconnect the session if no traffic is transmitted or received in 180 seconds. -j : Disable ssh local port forwarding. -k : Also disable remote port forwarding. -p 2222 : Listen Dropbear ssh server on specified address and TCP port. In this example, use TCP/2222. If no -p option is given, it will listen on all addresses. Up to 10 can be specified. The default is TCP/22 if none specified. -s : Disable password logins. We are going set up SSH Keys on a Linux / Unix system for authentication to reduce attack surface. -c cryptroot-unlock : Disregard the command provided by the user and always run forced_command. This also overrides any authorized_keys command= option. In other words, unlock disk and do nothing else as soon as you type the ssh command. You can skip this option if you wish to type the cryptroot-unlock manually.
#3. nano /etc/initramfs-tools/initramfs.conf Append static IP info for your Dropbear ssh during boot time:
echo "DEVICE=eth0 IP=195.154.246.236::195.154.246.1:255.255.255.0::eth0:off DROPBEAR=Y" >> /etc/initramfs-tools/initramfs.conf
Where:
IP= – Start static IP config :: – Field seprator 192.168.2.19 – IPv4 192.168.2.254 – Gateway 255.255.255.0 – Netmask debian – Hostname
#4. nano /usr/share/cryptsetup/initramfs/bin/cryptroot-unlock #изменить < if [ ! -f "$TABFILE" ] || [ "$TABFILE" -ot "/proc/1" ]; then #на if [ ! -f "$TABFILE" ] ; then
sed -i 's/ || [ "$TABFILE" -ot "/proc/1" ]//g' /usr/share/cryptsetup/initramfs/bin/cryptroot-unlock
затем update-initramfs -u -k all #5 ребутимся reboot -f #6 коннектимся по ссш - он будет на 22 порту
==================================================================================
==== Шаги для изменения пароля LUKS: Проверьте, какой LUKS-устройство доступно: Чтобы узнать, какое устройство зашифровано с помощью LUKS, выполните команду:
lsblk -f Измените пароль LUKS: Чтобы изменить пароль на устройстве, используйте следующую команду:
cryptsetup luksChangeKey /dev/sdX Где /dev/sdX — это ваше LUKS-устройство, например, /dev/sda1 или /dev/nvme0n1p3.
Вас попросят ввести старый пароль и новый:
Сначала введите текущий пароль для LUKS. После этого система попросит ввести новый пароль.
проверка пароля лукс
настройка для вбокс sysctl lkrg.block_modules=0; /usr/src/linux/scripts/sign-file sha256 /usr/src/linux/certs/signing_key.pem /usr/src/linux/certs/signing_key.x509 /lib/modules/$(uname -r)/misc/vboxdrv.ko /lib/modules/$(uname -r)/misc/vboxdrv.ko /usr/src/linux/scripts/sign-file sha256 /usr/src/linux/certs/signing_key.pem /usr/src/linux/certs/signing_key.x509 /lib/modules/$(uname -r)/misc/vboxnetadp.ko /lib/modules/$(uname -r)/misc/vboxnetadp.ko /usr/src/linux/scripts/sign-file sha256 /usr/src/linux/certs/signing_key.pem /usr/src/linux/certs/signing_key.x509 /lib/modules/$(uname -r)/misc/vboxnetflt.ko /lib/modules/$(uname -r)/misc/vboxnetflt.ko
sysctl lkrg.block_modules=0 modprobe veth; modprobe vboxdrv; modprobe vboxnetflt; modprobe vboxnetadp; modprobe kvm_amd; sysctl lkrg.block_modules=1;
depmod -a
что бы заблокировать io_uring
echo "kernel.io_uring_disabled=2" >> /etc/sysctl.conf && sysctl -w kernel.io_uring_disabled=2
nano /etc/rc.local #!/bin/sh -e
if test -d /etc/boot.d ; then run-parts /etc/boot.d fi sysctl lkrg.block_modules=0; modprobe veth; iptables -L; sysctl lkrg.block_modules=1;
/root/iptables_mng139.sh; modprobe fuse; sysctl lkrg.block_modules=0; modprobe vboxdrv; modprobe vboxnetflt; modprobe vboxnetadp; sysctl lkrg.block_modules=1; exit 0