| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Script to build a bootable keyfob-based chromeos system image from within | 7 # Script to build a bootable keyfob-based chromeos system image from within |
| 8 # a chromiumos setup. This assumes that all needed packages have been built into | 8 # a chromiumos setup. This assumes that all needed packages have been built into |
| 9 # the given target's root with binary packages turned on. This script will | 9 # the given target's root with binary packages turned on. This script will |
| 10 # build the Chrome OS image using only pre-built binary packages. | 10 # build the Chrome OS image using only pre-built binary packages. |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 92 | 92 |
| 93 # TODO(clchiou): Remove this flag after arm verified boot is stable | 93 # TODO(clchiou): Remove this flag after arm verified boot is stable |
| 94 DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \ | 94 DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \ |
| 95 "Sign kernel partition for ARM images (temporary hack)." | 95 "Sign kernel partition for ARM images (temporary hack)." |
| 96 | 96 |
| 97 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \ | 97 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \ |
| 98 "Default all bootloaders to use kernel-based root fs integrity checking." | 98 "Default all bootloaders to use kernel-based root fs integrity checking." |
| 99 DEFINE_integer verity_error_behavior 3 \ | 99 DEFINE_integer verity_error_behavior 3 \ |
| 100 "Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing, \ | 100 "Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing, \ |
| 101 3: cros) Default: 3" | 101 3: cros) Default: 3" |
| 102 DEFINE_integer verity_depth 3 \ | |
| 103 "Kernel verified boot hash tree depth. Default: 3" | |
| 104 DEFINE_integer verity_max_ios -1 \ | 102 DEFINE_integer verity_max_ios -1 \ |
| 105 "Number of outstanding I/O operations dm-verity caps at. Default: -1" | 103 "Number of outstanding I/O operations dm-verity caps at. Default: -1" |
| 106 DEFINE_string verity_algorithm "sha1" \ | 104 DEFINE_string verity_algorithm "sha1" \ |
| 107 "Cryptographic hash algorithm used for kernel vboot. Default : sha1" | 105 "Cryptographic hash algorithm used for kernel vboot. Default : sha1" |
| 108 | 106 |
| 109 # Parse command line. | 107 # Parse command line. |
| 110 FLAGS "$@" || exit 1 | 108 FLAGS "$@" || exit 1 |
| 111 eval set -- "${FLAGS_ARGV}" | 109 eval set -- "${FLAGS_ARGV}" |
| 112 | 110 |
| 113 # Only now can we die on error. shflags functions leak non-zero error codes, | 111 # Only now can we die on error. shflags functions leak non-zero error codes, |
| (...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 --arch="${ARCH}" | 380 --arch="${ARCH}" |
| 383 --output_dir="${OUTPUT_DIR}" | 381 --output_dir="${OUTPUT_DIR}" |
| 384 --boot_args="${FLAGS_boot_args}" | 382 --boot_args="${FLAGS_boot_args}" |
| 385 --rootfs_size="${FLAGS_rootfs_size}" | 383 --rootfs_size="${FLAGS_rootfs_size}" |
| 386 --rootfs_hash_pad="${FLAGS_rootfs_hash_pad}" | 384 --rootfs_hash_pad="${FLAGS_rootfs_hash_pad}" |
| 387 --rootfs_hash="${ROOT_FS_HASH}" | 385 --rootfs_hash="${ROOT_FS_HASH}" |
| 388 --rootfs_mountpoint="${ROOT_FS_DIR}" | 386 --rootfs_mountpoint="${ROOT_FS_DIR}" |
| 389 --statefulfs_mountpoint="${STATEFUL_FS_DIR}" | 387 --statefulfs_mountpoint="${STATEFUL_FS_DIR}" |
| 390 --espfs_mountpoint="${ESP_FS_DIR}" | 388 --espfs_mountpoint="${ESP_FS_DIR}" |
| 391 --verity_error_behavior="${FLAGS_verity_error_behavior}" | 389 --verity_error_behavior="${FLAGS_verity_error_behavior}" |
| 392 --verity_depth="${FLAGS_verity_depth}" | 390 --verity_depth="0" |
| 393 --verity_max_ios="${FLAGS_verity_max_ios}" | 391 --verity_max_ios="${FLAGS_verity_max_ios}" |
| 394 --verity_algorithm="${FLAGS_verity_algorithm}" | 392 --verity_algorithm="${FLAGS_verity_algorithm}" |
| 395 --keys_dir="${DEVKEYSDIR}" | 393 --keys_dir="${DEVKEYSDIR}" |
| 396 --usb_disk="${FLAGS_usb_disk}" | 394 --usb_disk="${FLAGS_usb_disk}" |
| 397 --nocleanup_dirs | 395 --nocleanup_dirs |
| 398 ${crosbug12352_flag} | 396 ${crosbug12352_flag} |
| 399 ${enable_rootfs_verification_flag} | 397 ${enable_rootfs_verification_flag} |
| 400 EOF | 398 EOF |
| 401 } | 399 } |
| 402 | 400 |
| (...skipping 408 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 811 echo "Developer image created as ${DEVELOPER_IMAGE_NAME}" | 809 echo "Developer image created as ${DEVELOPER_IMAGE_NAME}" |
| 812 fi | 810 fi |
| 813 | 811 |
| 814 print_time_elapsed | 812 print_time_elapsed |
| 815 | 813 |
| 816 echo "To copy to USB keyfob, do something like:" | 814 echo "To copy to USB keyfob, do something like:" |
| 817 echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX" | 815 echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX" |
| 818 echo "To convert to VMWare image, INSIDE the chroot, do something like:" | 816 echo "To convert to VMWare image, INSIDE the chroot, do something like:" |
| 819 echo " ./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD}" | 817 echo " ./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD}" |
| 820 echo "from the scripts directory where you entered the chroot." | 818 echo "from the scripts directory where you entered the chroot." |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6810006:
build_image: hard-code verity_depth to 0 (Closed)
Base URL: http://git.chromium.org/git/crosutils.git@master