OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 # | 2 # |
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 # | 6 # |
7 # Script which ensures that a given image has an up-to-date | 7 # Script which ensures that a given image has an up-to-date |
8 # kernel partition, rootfs integrity hashes, and legacy bootloader configs. | 8 # kernel partition, rootfs integrity hashes, and legacy bootloader configs. |
9 | 9 |
10 # Load common constants. This should be the first executable line. | 10 # Load common constants. This should be the first executable line. |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
79 "Default all bootloaders to use kernel-based root fs integrity checking." | 79 "Default all bootloaders to use kernel-based root fs integrity checking." |
80 DEFINE_integer verity_error_behavior 2 \ | 80 DEFINE_integer verity_error_behavior 2 \ |
81 "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" | 81 "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" |
82 DEFINE_integer verity_depth 1 \ | 82 DEFINE_integer verity_depth 1 \ |
83 "Kernel verified boot hash tree depth" | 83 "Kernel verified boot hash tree depth" |
84 DEFINE_integer verity_max_ios 1024 \ | 84 DEFINE_integer verity_max_ios 1024 \ |
85 "Number of outstanding I/O operations dm-verity caps at." | 85 "Number of outstanding I/O operations dm-verity caps at." |
86 DEFINE_string verity_algorithm "sha1" \ | 86 DEFINE_string verity_algorithm "sha1" \ |
87 "Cryptographic hash algorithm used for kernel vboot." | 87 "Cryptographic hash algorithm used for kernel vboot." |
88 | 88 |
89 DEFINE_string arm_extra_bootargs "" \ | |
90 "Additional command line options to pass to the ARM kernel." | |
91 | |
92 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ | 89 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ |
93 "Directory containing the signing keys." | 90 "Directory containing the signing keys." |
94 | 91 |
95 DEFINE_string rootfs_mountpoint "/tmp/rootfs" \ | 92 DEFINE_string rootfs_mountpoint "/tmp/rootfs" \ |
96 "Path where the rootfs can be safely mounted" | 93 "Path where the rootfs can be safely mounted" |
97 DEFINE_string statefulfs_mountpoint "/tmp/statefulfs" \ | 94 DEFINE_string statefulfs_mountpoint "/tmp/statefulfs" \ |
98 "Path where the statefulfs can be safely mounted" | 95 "Path where the statefulfs can be safely mounted" |
99 DEFINE_string espfs_mountpoint "/tmp/espfs" \ | 96 DEFINE_string espfs_mountpoint "/tmp/espfs" \ |
100 "Path where the espfs can be safely mounted" | 97 "Path where the espfs can be safely mounted" |
101 | 98 |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 # create_base_image(). However, it could break the build if it is a clean | 189 # create_base_image(). However, it could break the build if it is a clean |
193 # build because vmlinuz_hd.vblock hasn't been created by build_kernel_image.sh | 190 # build because vmlinuz_hd.vblock hasn't been created by build_kernel_image.sh |
194 sudo cp "${FLAGS_output_dir}/vmlinuz_hd.vblock" \ | 191 sudo cp "${FLAGS_output_dir}/vmlinuz_hd.vblock" \ |
195 "${FLAGS_statefulfs_mountpoint}" | 192 "${FLAGS_statefulfs_mountpoint}" |
196 | 193 |
197 # START_KERN_A is set by the first call to install the gpt. | 194 # START_KERN_A is set by the first call to install the gpt. |
198 local koffset="$(partoffset ${image} 2)" | 195 local koffset="$(partoffset ${image} 2)" |
199 sudo dd if="${FLAGS_output_dir}/vmlinuz.image" of="${image}" \ | 196 sudo dd if="${FLAGS_output_dir}/vmlinuz.image" of="${image}" \ |
200 conv=notrunc bs=512 seek=${koffset} | 197 conv=notrunc bs=512 seek=${koffset} |
201 | 198 |
202 # Update the bootloaders. For legacy/efi x86, the EFI system partition | 199 # Update the bootloaders. The EFI system partition will be updated. |
203 # will be updated and for arm, the mbr will be updated (for u-boot). | |
204 local kernel_part= | 200 local kernel_part= |
205 local usb_disk="${FLAGS_usb_disk}" | 201 local usb_disk="${FLAGS_usb_disk}" |
206 | 202 |
207 # We should update the esp in place in the image. | 203 # We should update the esp in place in the image. |
208 local bootloader_to="${image}" | 204 local bootloader_to="${image}" |
209 local esp_offset="$(partoffset ${image} 12)" | 205 local esp_offset="$(partoffset ${image} 12)" |
210 esp_offset=$((esp_offset * 512)) # sectors to bytes | 206 esp_offset=$((esp_offset * 512)) # sectors to bytes |
211 local esp_size="$(partsize ${image} 12)" | 207 local esp_size="$(partsize ${image} 12)" |
212 esp_size=$((esp_size * 512)) # sectors to bytes | 208 esp_size=$((esp_size * 512)) # sectors to bytes |
213 local bootloader_to_flags="--to_offset=${esp_offset} --to_size=${esp_size}" | 209 local bootloader_to_flags="--to_offset=${esp_offset} --to_size=${esp_size}" |
214 | 210 |
215 if [[ "${FLAGS_arch}" = "x86" ]]; then | 211 if [[ "${FLAGS_arch}" = "x86" ]]; then |
216 # Use the kernel partition to acquire configuration flags. | 212 # Use the kernel partition to acquire configuration flags. |
217 kernel_part="--kernel_partition='${FLAGS_output_dir}/vmlinuz.image'" | 213 kernel_part="--kernel_partition='${FLAGS_output_dir}/vmlinuz.image'" |
218 # Install syslinux on the EFI System Partition. | 214 # Install syslinux on the EFI System Partition. |
219 kernel_part="${kernel_part} --install_syslinux" | 215 kernel_part="${kernel_part} --install_syslinux" |
220 elif [[ "${FLAGS_arch}" = "arm" ]]; then | 216 elif [[ "${FLAGS_arch}" = "arm" ]]; then |
221 # TODO(wad) mmcblk1p3 is hardcoded for arm for now! | 217 # These flags are not used for ARM update_bootloaders.sh |
222 usb_disk="/dev/mmcblk1p3" | 218 kernel_part="" |
223 # ARM doesn't support using the kernel image for kernel cmdline flags yet. | |
224 kernel_part="--kernel_cmdline=\"${FLAGS_arm_extra_bootargs}\" " | |
225 # TODO(wad) Integrate dmtable extraction into the arm build | |
226 # E.g. $(cat ${FLAGS_output_dir}/boot.config | tr -s '\n' ' ')" | |
227 local kpart_offset="--kernel_partition_offset=${koffset}" | |
228 local kpart_size="--kernel_partition_sectors=" | |
229 kpart_size="${kpart_size}$(partsize ${image} 2)" | |
230 kernel_part="${kernel_part} ${kpart_size} ${kpart_offset}" | |
231 info "Using addition bootloader arguments: ${kernel_part}" | |
232 fi | 219 fi |
233 | 220 |
234 # Update partition 12 | 221 # Update partition 12 |
235 ${SCRIPTS_DIR}/update_bootloaders.sh \ | 222 ${SCRIPTS_DIR}/update_bootloaders.sh \ |
236 --arch=${FLAGS_arch} \ | 223 --arch=${FLAGS_arch} \ |
237 --to="${bootloader_to}" \ | 224 --to="${bootloader_to}" \ |
238 --from="${FLAGS_rootfs_mountpoint}"/boot \ | 225 --from="${FLAGS_rootfs_mountpoint}"/boot \ |
239 --vmlinuz="${FLAGS_rootfs_mountpoint}"/boot/vmlinuz \ | 226 --vmlinuz="${FLAGS_rootfs_mountpoint}"/boot/vmlinuz \ |
240 --usb_disk="${usb_disk}" \ | 227 --usb_disk="${usb_disk}" \ |
241 ${bootloader_to_flags} \ | 228 ${bootloader_to_flags} \ |
242 $kernel_part | 229 $kernel_part |
243 | 230 |
244 trap - EXIT | 231 trap - EXIT |
245 ${SCRIPTS_DIR}/mount_gpt_image.sh -u -r "${FLAGS_rootfs_mountpoint}" \ | 232 ${SCRIPTS_DIR}/mount_gpt_image.sh -u -r "${FLAGS_rootfs_mountpoint}" \ |
246 -s "${FLAGS_statefulfs_mountpoint}" | 233 -s "${FLAGS_statefulfs_mountpoint}" |
247 } | 234 } |
248 | 235 |
249 # Create the directories if they don't exist. | 236 # Create the directories if they don't exist. |
250 mkdir -p ${FLAGS_rootfs_mountpoint} | 237 mkdir -p ${FLAGS_rootfs_mountpoint} |
251 mkdir -p ${FLAGS_statefulfs_mountpoint} | 238 mkdir -p ${FLAGS_statefulfs_mountpoint} |
252 mkdir -p ${FLAGS_espfs_mountpoint} | 239 mkdir -p ${FLAGS_espfs_mountpoint} |
253 | 240 |
254 make_image_bootable ${IMAGE} | 241 make_image_bootable ${IMAGE} |
255 | 242 |
256 if [ ${FLAGS_cleanup_dirs} -eq ${FLAGS_TRUE} ]; then | 243 if [ ${FLAGS_cleanup_dirs} -eq ${FLAGS_TRUE} ]; then |
257 rmdir ${FLAGS_rootfs_mountpoint} | 244 rmdir ${FLAGS_rootfs_mountpoint} |
258 rmdir ${FLAGS_statefulfs_mountpoint} | 245 rmdir ${FLAGS_statefulfs_mountpoint} |
259 rmdir ${FLAGS_espfs_mountpoint} | 246 rmdir ${FLAGS_espfs_mountpoint} |
260 fi | 247 fi |
OLD | NEW |