build_image: default to using verified rootfs for x86

build_image: default to using verified rootfs for x86

This change enables root filesystem integrity checking for all x86
builds by default.  All mod_image_for_* work with this and the
factory_install.  In addition, the BVT tests all pass running on
a dm-verity root.

[I will send a mail to the chromium-os-dev once this lands with instructions on how to build with it and how to turn it off (chromeos-setimage) on an installed machine.]

Once this is functioning, I will start migrating the build/install process over to use the UUID-based boot.

TEST=built x86-generic, mod'd for test, installed, ran suite_BuildVerify
BUG=chromium-os:5100

[Will Drewry, 2010-08-17 21:34:54]

(Resending)
========
build_image: default to using verified rootfs for x86 

This change enables root filesystem integrity checking for all x86 
builds by default. All mod_image_for_* work with this and the 
factory_install. In addition, the BVT tests all pass running on 
a dm-verity root. 

[I will send a mail to the chromium-os-dev once this lands with instructions on
how to build with it and how to turn it off (chromeos-setimage) on an installed
machine.] 

Once this is functioning, I will start migrating the build/install process over
to use the UUID-based boot. 

TEST=built x86-generic, mod'd for test, installed, ran suite_BuildVerify 
BUG=chromium-os:5100

[adlr, 2010-08-17 21:42:39]

LGTM.

Yes, email everyone, and tell them how they can keep using gmerge, for example.

[Will Drewry, 2010-08-17 21:43:12]

Will do so prior to commit. Then push!

On Tue, Aug 17, 2010 at 4:42 PM,  <adlr@chromium.org> wrote:
> LGTM.
>
> Yes, email everyone, and tell them how they can keep using gmerge, for
> example.
>
> http://codereview.chromium.org/3143025/show
>

[ericli, 2010-08-17 21:45:02]

how this gonna impact VM?

On Tue, Aug 17, 2010 at 2:43 PM, Will Drewry <wad@chromium.org> wrote:

> Will do so prior to commit. Then push!
>
> On Tue, Aug 17, 2010 at 4:42 PM,  <adlr@chromium.org> wrote:
> > LGTM.
> >
> > Yes, email everyone, and tell them how they can keep using gmerge, for
> > example.
> >
> > http://codereview.chromium.org/3143025/show
> >
>



-- 
Eric Li
李咏竹
Google Kirkland

[Will Drewry, 2010-08-17 22:28:51]

I worked with rkc@ to patch image_to_vm to support this.  if you use
image_to_vm, it should detect that it was created with
--enable_rootfs_verification and make sure that the modified rootfs is
rehashed prior to use.

So, it should "just work".  If it doesn't there's a bug in the
image_to_vm script or somewhere else unexpected.

On Tue, Aug 17, 2010 at 4:44 PM, Eric Li(李咏竹) <ericli@chromium.org> wrote:
> how this gonna impact VM?
>
> On Tue, Aug 17, 2010 at 2:43 PM, Will Drewry <wad@chromium.org> wrote:
>>
>> Will do so prior to commit. Then push!
>>
>> On Tue, Aug 17, 2010 at 4:42 PM,  <adlr@chromium.org> wrote:
>> > LGTM.
>> >
>> > Yes, email everyone, and tell them how they can keep using gmerge, for
>> > example.
>> >
>> > http://codereview.chromium.org/3143025/show
>> >
>
>
>
> --
> Eric Li
> 李咏竹
> Google Kirkland
>
>
>

[kmixter1, 2010-08-18 01:01:53]

LGTM - except that it would really be nice to have gmerge work before
turning this on for everyone.  I for one use gmerge every day and
would likely just disable verification checks on my developer builds.

On Tue, Aug 17, 2010 at 3:28 PM, Will Drewry <wad@chromium.org> wrote:
> I worked with rkc@ to patch image_to_vm to support this.  if you use
> image_to_vm, it should detect that it was created with
> --enable_rootfs_verification and make sure that the modified rootfs is
> rehashed prior to use.
>
> So, it should "just work".  If it doesn't there's a bug in the
> image_to_vm script or somewhere else unexpected.
>
> On Tue, Aug 17, 2010 at 4:44 PM, Eric Li(李咏竹) <ericli@chromium.org> wrote:
>> how this gonna impact VM?
>>
>> On Tue, Aug 17, 2010 at 2:43 PM, Will Drewry <wad@chromium.org> wrote:
>>>
>>> Will do so prior to commit. Then push!
>>>
>>> On Tue, Aug 17, 2010 at 4:42 PM,  <adlr@chromium.org> wrote:
>>> > LGTM.
>>> >
>>> > Yes, email everyone, and tell them how they can keep using gmerge, for
>>> > example.
>>> >
>>> > http://codereview.chromium.org/3143025/show
>>> >
>>
>>
>>
>> --
>> Eric Li
>> 李咏竹
>> Google Kirkland
>>
>>
>>
>

[Will Drewry, 2010-08-18 01:13:15]

Yeah.  So the thing is that the device-mapper claims the current root
device so there's no way to update it without accessing it as a loop
mount which would mean any hashes loaded during access may or may not
be valid.  If anyone has any ideas, though, I'm open to them.

One option is that I could enable in-kernel hash updating since the
code is largely there, just not wired up.  However, it certainly isn't
optimized for that case :)

Otherwise, I can wrap gmerge to use the other rootfs, but then you'll
still need to reboot or chroot.  Would that be more useful than just
turning it off with setimage, gmerging a lot, then, optionally,
turning it back on?


2010/8/17 Ken Mixter <kmixter@chromium.org>:
> LGTM - except that it would really be nice to have gmerge work before
> turning this on for everyone.  I for one use gmerge every day and
> would likely just disable verification checks on my developer builds.
>
> On Tue, Aug 17, 2010 at 3:28 PM, Will Drewry <wad@chromium.org> wrote:
>> I worked with rkc@ to patch image_to_vm to support this.  if you use
>> image_to_vm, it should detect that it was created with
>> --enable_rootfs_verification and make sure that the modified rootfs is
>> rehashed prior to use.
>>
>> So, it should "just work".  If it doesn't there's a bug in the
>> image_to_vm script or somewhere else unexpected.
>>
>> On Tue, Aug 17, 2010 at 4:44 PM, Eric Li(李咏竹) <ericli@chromium.org> wrote:
>>> how this gonna impact VM?
>>>
>>> On Tue, Aug 17, 2010 at 2:43 PM, Will Drewry <wad@chromium.org> wrote:
>>>>
>>>> Will do so prior to commit. Then push!
>>>>
>>>> On Tue, Aug 17, 2010 at 4:42 PM,  <adlr@chromium.org> wrote:
>>>> > LGTM.
>>>> >
>>>> > Yes, email everyone, and tell them how they can keep using gmerge, for
>>>> > example.
>>>> >
>>>> > http://codereview.chromium.org/3143025/show
>>>> >
>>>
>>>
>>>
>>> --
>>> Eric Li
>>> 李咏竹
>>> Google Kirkland
>>>
>>>
>>>
>>
>