Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: build_kernel_image.sh

Issue 3043011: build_image, build_kernel_image, update_bootloaders: fix up rootfs_verification (Closed) Base URL: http://src.chromium.org/git/crosutils.git
Patch Set: quick comment fix Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « build_image ('k') | create_legacy_bootloader_templates.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/bash 1 #!/bin/bash
2 2
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # Helper script that generates the signed kernel image 7 # Helper script that generates the signed kernel image
8 8
9 . "$(dirname "$0")/common.sh" 9 . "$(dirname "$0")/common.sh"
10 10
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 # Parse flags 51 # Parse flags
52 FLAGS "$@" || exit 1 52 FLAGS "$@" || exit 1
53 eval set -- "${FLAGS_ARGV}" 53 eval set -- "${FLAGS_ARGV}"
54 54
55 # Die on error 55 # Die on error
56 set -e 56 set -e
57 57
58 verity_args= 58 verity_args=
59 # Even with a rootfs_image, root= is not changed unless specified. 59 # Even with a rootfs_image, root= is not changed unless specified.
60 if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then 60 if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
61 info "Determining root fs block count."
62 # Gets the number of blocks. 4096 byte blocks _are_ expected. 61 # Gets the number of blocks. 4096 byte blocks _are_ expected.
63 root_fs_blocks=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | 62 root_fs_blocks=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null |
64 grep "Block count" | 63 grep "Block count" |
65 tr -d ' ' | 64 tr -d ' ' |
66 cut -f2 -d:) 65 cut -f2 -d:)
67 info "Checking root fs block size."
68 root_fs_block_sz=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | 66 root_fs_block_sz=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null |
69 grep "Block size" | 67 grep "Block size" |
70 tr -d ' ' | 68 tr -d ' ' |
71 cut -f2 -d:) 69 cut -f2 -d:)
70 info "rootfs is ${root_fs_blocks} blocks of ${root_fs_block_sz} bytes"
72 if [[ ${root_fs_block_sz} -ne 4096 ]]; then 71 if [[ ${root_fs_block_sz} -ne 4096 ]]; then
73 error "Root file system blocks are not 4k!" 72 error "Root file system blocks are not 4k!"
74 fi 73 fi
75 74
76 info "Generating root fs hash tree." 75 info "Generating root fs hash tree."
77 # Runs as sudo in case the image is a block device. 76 # Runs as sudo in case the image is a block device.
78 table=$(sudo verity create ${FLAGS_verity_tree_depth} \ 77 table=$(sudo verity create ${FLAGS_verity_tree_depth} \
79 ${FLAGS_verity_hash_alg} \ 78 ${FLAGS_verity_hash_alg} \
80 ${FLAGS_rootfs_image} \ 79 ${FLAGS_rootfs_image} \
81 ${root_fs_blocks} \ 80 ${root_fs_blocks} \
82 ${FLAGS_rootfs_hash}) 81 ${FLAGS_rootfs_hash})
83 if [[ -f "${FLAGS_rootfs_hash}" ]]; then 82 if [[ -f "${FLAGS_rootfs_hash}" ]]; then
84 sudo chmod a+r "${FLAGS_rootfs_hash}" 83 sudo chmod a+r "${FLAGS_rootfs_hash}"
85 fi 84 fi
86 # Don't claim the root device unless the root= flag is pointed to 85 # Don't claim the root device unless the root= flag is pointed to
87 # the verified boot device. Doing so will claim /dev/sdDP out from 86 # the verified boot device. Doing so will claim /dev/sdDP out from
88 # under the system. 87 # under the system.
89 if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then 88 if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then
90 table=${table//HASH_DEV/\/dev\/sd%D%P} 89 table=${table//HASH_DEV//dev/sd%D%P}
91 table=${table//ROOT_DEV/\/dev\/sd%D%P} 90 table=${table//ROOT_DEV//dev/sd%D%P}
92 fi 91 fi
93 verity_args="dm=\"${table}\"" 92 verity_args="dm=\"vroot none ro,${table}\""
94 info "dm-verity configuration: ${verity_args}" 93 info "dm-verity configuration: ${verity_args}"
95 fi 94 fi
96 95
97 mkdir -p "${FLAGS_working_dir}" 96 mkdir -p "${FLAGS_working_dir}"
98 cat <<EOF > "${FLAGS_working_dir}/boot.config" 97 cat <<EOF > "${FLAGS_working_dir}/boot.config"
99 root=${FLAGS_root} 98 root=${FLAGS_root}
100 dm_verity.error_behavior=${FLAGS_verity_error_behavior} 99 dm_verity.error_behavior=${FLAGS_verity_error_behavior}
101 dm_verity.max_bios=${FLAGS_verity_max_ios} 100 dm_verity.max_bios=${FLAGS_verity_max_ios}
102 ${verity_args} 101 ${verity_args}
103 ${FLAGS_boot_args} 102 ${FLAGS_boot_args}
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
189 info "Cleaning up temporary files: ${WORK}" 188 info "Cleaning up temporary files: ${WORK}"
190 rm ${WORK} 189 rm ${WORK}
191 rmdir ${FLAGS_working_dir} 190 rmdir ${FLAGS_working_dir}
192 fi 191 fi
193 192
194 info "Kernel partition image emitted: ${FLAGS_to}" 193 info "Kernel partition image emitted: ${FLAGS_to}"
195 194
196 if [[ -f ${FLAGS_rootfs_hash} ]]; then 195 if [[ -f ${FLAGS_rootfs_hash} ]]; then
197 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" 196 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}"
198 fi 197 fi
OLDNEW
« no previous file with comments | « build_image ('k') | create_legacy_bootloader_templates.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698