build_image, build_kernel_image, legacy_bootloaders: Rename vboot flags

build_image

 #!/bin/bash
 
 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # Script to build a bootable keyfob-based chromeos system image from within
 # a chromiumos setup. This assumes that all needed packages have been built into
 # the given target's root with binary packages turned on. This script will
 # build the Chrome OS image using only pre-built binary packages.
@@ skipping 44 matching lines @@
   "stateful filesystem size in MBs."
 DEFINE_boolean preserve ${FLAGS_FALSE} \
   "Attempt to preserve the previous build image if one can be found (unstable, \
 kernel/firmware not updated)"
 DEFINE_boolean fast ${FLAGS_FALSE} \
   "Call many emerges in parallel (unstable)"
 
 DEFINE_string usb_disk /dev/sdb3 \
   "Path syslinux should use to do a usb boot. Default: /dev/sdb3"
 
-DEFINE_boolean use_vboot ${FLAGS_FALSE} \
-  "Default the bootloaders to booting a verifying kernel. Default: False."
-DEFINE_integer vboot_behavior 2 \
-  "Verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
+DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
+  "Default all bootloaders to use kernel-based root fs integrity checking."
+DEFINE_integer verity_error_behavior 2 \
+  "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
 Default: 2"
-DEFINE_integer vboot_depth 1 \
-  "Verified boot hash tree depth. Default: 1"
-DEFINE_integer vboot_max_ios 1024 \
+DEFINE_integer verity_depth 1 \
+  "Kernel verified boot hash tree depth. Default: 1"
+DEFINE_integer verity_max_ios 1024 \
   "Number of outstanding I/O operations dm-verity caps at. Default: 1024"
-DEFINE_string vboot_algorithm "sha1" \
-  "Cryptographic hash algorithm used for vboot. Default : sha1"
+DEFINE_string verity_algorithm "sha1" \
+  "Cryptographic hash algorithm used for kernel vboot. Default : sha1"
 
 # Parse command line.
 FLAGS "$@" || exit 1
 eval set -- "${FLAGS_ARGV}"
 
 # Only now can we die on error.  shflags functions leak non-zero error codes,
 # so will die prematurely if 'set -e' is specified before now.
 set -e
 
 if [ -z "${FLAGS_board}" ] ; then
@@ skipping 186 matching lines @@
   delete_prompt
 }
 
 make_image_bootable() {
   local image_name="$1"
   cros_root=/dev/sd%D%P
   if [[ "${ARCH}" = "arm" ]]; then
     # TODO(wad) assumed like in build_gpt for now.
     cros_root=/dev/mmcblk1p3
   fi
-  if [[ ${FLAGS_use_vboot} -eq ${FLAGS_TRUE} ]]; then
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
     cros_root=/dev/dm-0
   fi
 
   # TODO(wad) mount the root fs to LOOP_DEV from the image
   trap "mount_gpt_cleanup" EXIT
   ${SCRIPTS_DIR}/mount_gpt_image.sh --from "${OUTPUT_DIR}" \
     --image "${image_name}" -r "${ROOT_FS_DIR}" \
     -s "${STATEFUL_FS_DIR}" -e "${ESP_FS_DIR}"
 
   sudo mount -o remount,ro "${ROOT_FS_DIR}"
   root_dev=$(mount | grep -- "${ROOT_FS_DIR}" | cut -f1 -d' ' | tail -1)
 
   DEVKEYSDIR="${SRC_ROOT}/platform/vboot_reference/tests/devkeys"
 
   # Builds the kernel partition image.  The temporary files are kept around
   # so that we can perform a load_kernel_test later on the final image.
   ${SCRIPTS_DIR}/build_kernel_image.sh \
     --arch="${ARCH}" \
     --to="${OUTPUT_DIR}/vmlinuz.image" \
     --hd_vblock="${OUTPUT_DIR}/vmlinuz_hd.vblock" \
     --vmlinuz="${OUTPUT_DIR}/boot/vmlinuz" \
     --working_dir="${OUTPUT_DIR}" \
     --keep_work \
     --rootfs_image=${root_dev} \
     --rootfs_hash=${OUTPUT_DIR}/rootfs.hash \
-    --vboot_hash_alg=${FLAGS_vboot_algorithm} \
-    --vboot_tree_depth=${FLAGS_vboot_depth} \
-    --vboot_max_ios=${FLAGS_vboot_max_ios} \
-    --vboot_error_behavior=${FLAGS_vboot_behavior} \
+    --verity_hash_alg=${FLAGS_verity_algorithm} \
+    --verity_tree_depth=${FLAGS_verity_depth} \
+    --verity_max_ios=${FLAGS_verity_max_ios} \
+    --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --root=${cros_root} \
     --keys_dir="${DEVKEYSDIR}"
 
   # Move the verification block needed for the hard disk install to the
   # stateful partition. Mount stateful fs, copy file, and umount fs.
   # In original CL: http://codereview.chromium.org/2868044, this was done in
   # create_base_image(). However, it could break the build if it is a clean
   # build because vmlinuz_hd.vblock hasn't been created by build_kernel_image.sh
   if [[ "${ARCH}" = "x86" ]]; then
     sudo cp "${OUTPUT_DIR}/vmlinuz_hd.vblock" "${STATEFUL_FS_DIR}"
@@ skipping 253 matching lines @@
   "${SCRIPTS_DIR}/customize_rootfs" \
     --root="${ROOT_FS_DIR}" \
     --target="${ARCH}" \
     --board="${BOARD}"
 
   # Populates the root filesystem with legacy bootloader templates
   # appropriate for the platform.  The autoupdater and installer will
   # use those templates to update the legacy boot partition (12/ESP)
   # on update.
   # (This script does not populate vmlinuz.A and .B needed by syslinux.)
-  use_vboot=
-  [[ ${FLAGS_use_vboot} -eq ${FLAGS_TRUE} ]] && use_vboot="--use_vboot"
+  enable_rootfs_verification=
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
+    enable_rootfs_verification="--enable_rootfs_verification"
+  fi
+
   ${SCRIPTS_DIR}/create_legacy_bootloader_templates.sh \
     --arch=${ARCH} \
     --to="${ROOT_FS_DIR}"/boot \
     --install \
-    ${use_vboot}
+    ${enable_rootfs_verification}
 
   # Create a working copy so we don't need the rootfs mounted
   sudo mkdir -p "${OUTPUT_DIR}"/boot
   # This will include any built files dropped in /boot as well.
   # Like the current vmlinuz.
   sudo cp -r "${ROOT_FS_DIR}"/boot/. "${OUTPUT_DIR}"/boot/
   sudo chmod -R a+r "${OUTPUT_DIR}"/boot/
 
   # Don't test the factory install shim.
   if [[ ${FLAGS_factory_install} -eq ${FLAGS_FALSE} ]] ; then
@@ skipping 92 matching lines @@
   echo "Developer image created as ${DEVELOPER_IMAGE_NAME}"
 fi
 
 print_time_elapsed
 
 echo "To copy to USB keyfob, OUTSIDE the chroot, do something like:"
 echo "  ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"
 echo "To convert to VMWare image, OUTSIDE the chroot, do something like:"
 echo "  ./image_to_vmware.sh --from=${OUTSIDE_OUTPUT_DIR}"
 echo "from the scripts directory where you entered the chroot."