| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Helper script that generates the signed kernel image | 7 # Helper script that generates the signed kernel image |
| 8 | 8 |
| 9 . "$(dirname "$0")/common.sh" | 9 . "$(dirname "$0")/common.sh" |
| 10 | 10 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 DEFINE_string boot_args "noinitrd" \ | 31 DEFINE_string boot_args "noinitrd" \ |
| 32 "Additional boot arguments to pass to the commandline (Default: noinitrd)" | 32 "Additional boot arguments to pass to the commandline (Default: noinitrd)" |
| 33 DEFINE_string root "/dev/sd%D%P" \ | 33 DEFINE_string root "/dev/sd%D%P" \ |
| 34 "Expected device root (Default: root=/dev/sd%D%P)" | 34 "Expected device root (Default: root=/dev/sd%D%P)" |
| 35 | 35 |
| 36 # If provided, will automatically add verified boot arguments. | 36 # If provided, will automatically add verified boot arguments. |
| 37 DEFINE_string rootfs_image "" \ | 37 DEFINE_string rootfs_image "" \ |
| 38 "Optional path to the rootfs device or image.(Default: \"\")" | 38 "Optional path to the rootfs device or image.(Default: \"\")" |
| 39 DEFINE_string rootfs_hash "" \ | 39 DEFINE_string rootfs_hash "" \ |
| 40 "Optional path to output the rootfs hash to. (Default: \"\")" | 40 "Optional path to output the rootfs hash to. (Default: \"\")" |
| 41 DEFINE_integer vboot_error_behavior 2 \ | 41 DEFINE_integer verity_error_behavior 2 \ |
| 42 "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \ | 42 "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \ |
| 43 (Default: 2)" | 43 (Default: 2)" |
| 44 DEFINE_integer vboot_tree_depth 1 \ | 44 DEFINE_integer verity_tree_depth 1 \ |
| 45 "Optional Verified boot hash tree depth. (Default: 1)" | 45 "Optional Verified boot hash tree depth. (Default: 1)" |
| 46 DEFINE_integer vboot_max_ios 1024 \ | 46 DEFINE_integer verity_max_ios 1024 \ |
| 47 "Optional number of outstanding I/O operations. (Default: 1024)" | 47 "Optional number of outstanding I/O operations. (Default: 1024)" |
| 48 DEFINE_string vboot_hash_alg "sha1" \ | 48 DEFINE_string verity_hash_alg "sha1" \ |
| 49 "Cryptographic hash algorithm used for vboot. (Default: sha1)" | 49 "Cryptographic hash algorithm used for dm-verity. (Default: sha1)" |
| 50 | 50 |
| 51 # Parse flags | 51 # Parse flags |
| 52 FLAGS "$@" || exit 1 | 52 FLAGS "$@" || exit 1 |
| 53 eval set -- "${FLAGS_ARGV}" | 53 eval set -- "${FLAGS_ARGV}" |
| 54 | 54 |
| 55 # Die on error | 55 # Die on error |
| 56 set -e | 56 set -e |
| 57 | 57 |
| 58 vboot_args= | 58 verity_args= |
| 59 # Even with a rootfs_image, root= is not changed unless specified. | 59 # Even with a rootfs_image, root= is not changed unless specified. |
| 60 if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then | 60 if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then |
| 61 info "Determining root fs block count." | 61 info "Determining root fs block count." |
| 62 # Gets the number of blocks. 4096 byte blocks _are_ expected. | 62 # Gets the number of blocks. 4096 byte blocks _are_ expected. |
| 63 root_fs_blocks=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | | 63 root_fs_blocks=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | |
| 64 grep "Block count" | | 64 grep "Block count" | |
| 65 tr -d ' ' | | 65 tr -d ' ' | |
| 66 cut -f2 -d:) | 66 cut -f2 -d:) |
| 67 info "Checking root fs block size." | 67 info "Checking root fs block size." |
| 68 root_fs_block_sz=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | | 68 root_fs_block_sz=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | |
| 69 grep "Block size" | | 69 grep "Block size" | |
| 70 tr -d ' ' | | 70 tr -d ' ' | |
| 71 cut -f2 -d:) | 71 cut -f2 -d:) |
| 72 if [[ ${root_fs_block_sz} -ne 4096 ]]; then | 72 if [[ ${root_fs_block_sz} -ne 4096 ]]; then |
| 73 error "Root file system blocks are not 4k!" | 73 error "Root file system blocks are not 4k!" |
| 74 fi | 74 fi |
| 75 | 75 |
| 76 info "Generating root fs hash tree." | 76 info "Generating root fs hash tree." |
| 77 # Runs as sudo in case the image is a block device. | 77 # Runs as sudo in case the image is a block device. |
| 78 table=$(sudo verity create ${FLAGS_vboot_tree_depth} \ | 78 table=$(sudo verity create ${FLAGS_verity_tree_depth} \ |
| 79 ${FLAGS_vboot_hash_alg} \ | 79 ${FLAGS_verity_hash_alg} \ |
| 80 ${FLAGS_rootfs_image} \ | 80 ${FLAGS_rootfs_image} \ |
| 81 ${root_fs_blocks} \ | 81 ${root_fs_blocks} \ |
| 82 ${FLAGS_rootfs_hash}) | 82 ${FLAGS_rootfs_hash}) |
| 83 if [[ -f "${FLAGS_rootfs_hash}" ]]; then | 83 if [[ -f "${FLAGS_rootfs_hash}" ]]; then |
| 84 sudo chmod a+r "${FLAGS_rootfs_hash}" | 84 sudo chmod a+r "${FLAGS_rootfs_hash}" |
| 85 fi | 85 fi |
| 86 # Don't claim the root device unless the root= flag is pointed to | 86 # Don't claim the root device unless the root= flag is pointed to |
| 87 # the verified boot device. Doing so will claim /dev/sdDP out from | 87 # the verified boot device. Doing so will claim /dev/sdDP out from |
| 88 # under the system. | 88 # under the system. |
| 89 if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then | 89 if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then |
| 90 table=${table//HASH_DEV/\/dev\/sd%D%P} | 90 table=${table//HASH_DEV/\/dev\/sd%D%P} |
| 91 table=${table//ROOT_DEV/\/dev\/sd%D%P} | 91 table=${table//ROOT_DEV/\/dev\/sd%D%P} |
| 92 fi | 92 fi |
| 93 vboot_args="dm=\"${table}\"" | 93 verity_args="dm=\"${table}\"" |
| 94 info "dm-verity configuration: ${vboot_args}" | 94 info "dm-verity configuration: ${verity_args}" |
| 95 fi | 95 fi |
| 96 | 96 |
| 97 mkdir -p "${FLAGS_working_dir}" | 97 mkdir -p "${FLAGS_working_dir}" |
| 98 cat <<EOF > "${FLAGS_working_dir}/boot.config" | 98 cat <<EOF > "${FLAGS_working_dir}/boot.config" |
| 99 root=${FLAGS_root} | 99 root=${FLAGS_root} |
| 100 dm_verity.error_behavior=${FLAGS_vboot_error_behavior} | 100 dm_verity.error_behavior=${FLAGS_verity_error_behavior} |
| 101 dm_verity.max_bios=${FLAGS_vboot_max_ios} | 101 dm_verity.max_bios=${FLAGS_verity_max_ios} |
| 102 ${vboot_args} | 102 ${verity_args} |
| 103 ${FLAGS_boot_args} | 103 ${FLAGS_boot_args} |
| 104 EOF | 104 EOF |
| 105 | 105 |
| 106 WORK="${WORK} ${FLAGS_working_dir}/boot.config" | 106 WORK="${WORK} ${FLAGS_working_dir}/boot.config" |
| 107 info "Emitted cross-platform boot params to ${FLAGS_working_dir}/boot.config" | 107 info "Emitted cross-platform boot params to ${FLAGS_working_dir}/boot.config" |
| 108 | 108 |
| 109 # FIXME: At the moment, we're working on signed images for x86 only. ARM will | 109 # FIXME: At the moment, we're working on signed images for x86 only. ARM will |
| 110 # support this before shipping, but at the moment they don't. | 110 # support this before shipping, but at the moment they don't. |
| 111 if [[ "${FLAGS_arch}" = "x86" ]]; then | 111 if [[ "${FLAGS_arch}" = "x86" ]]; then |
| 112 | 112 |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 189 info "Cleaning up temporary files: ${WORK}" | 189 info "Cleaning up temporary files: ${WORK}" |
| 190 rm ${WORK} | 190 rm ${WORK} |
| 191 rmdir ${FLAGS_working_dir} | 191 rmdir ${FLAGS_working_dir} |
| 192 fi | 192 fi |
| 193 | 193 |
| 194 info "Kernel partition image emitted: ${FLAGS_to}" | 194 info "Kernel partition image emitted: ${FLAGS_to}" |
| 195 | 195 |
| 196 if [[ -f ${FLAGS_rootfs_hash} ]]; then | 196 if [[ -f ${FLAGS_rootfs_hash} ]]; then |
| 197 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" | 197 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" |
| 198 fi | 198 fi |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2917008:
build_image, build_kernel_image, legacy_bootloaders: Rename vboot flags (Closed)
Base URL: ssh://git@gitrw.chromium.org/crosutils.git