Chromium Code Reviews Chromium Code Reviews
Issue 6873134:
cros_make_image_bootable: default to verity_depth=0 (Closed)
Base URL: http://git.chromium.org/git/crosutils.git@master| OLD | NEW |
|---|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 # | 2 # |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 # | 6 # |
| 7 # Script which ensures that a given image has an up-to-date | 7 # Script which ensures that a given image has an up-to-date |
| 8 # kernel partition, rootfs integrity hashes, and legacy bootloader configs. | 8 # kernel partition, rootfs integrity hashes, and legacy bootloader configs. |
| 9 | 9 |
| 10 # --- BEGIN COMMON.SH BOILERPLATE --- | 10 # --- BEGIN COMMON.SH BOILERPLATE --- |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 90 # ceil(0.1 * rootfs_size) is a good minimum. | 90 # ceil(0.1 * rootfs_size) is a good minimum. |
| 91 DEFINE_integer rootfs_hash_pad 8 \ | 91 DEFINE_integer rootfs_hash_pad 8 \ |
| 92 "MBs reserved at the end of the rootfs image." | 92 "MBs reserved at the end of the rootfs image." |
| 93 | 93 |
| 94 DEFINE_string rootfs_hash "/tmp/rootfs.hash" \ | 94 DEFINE_string rootfs_hash "/tmp/rootfs.hash" \ |
| 95 "Path where the rootfs hash should be stored." | 95 "Path where the rootfs hash should be stored." |
| 96 DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \ | 96 DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \ |
| 97 "Default all bootloaders to use kernel-based root fs integrity checking." | 97 "Default all bootloaders to use kernel-based root fs integrity checking." |
| 98 DEFINE_integer verity_error_behavior 2 \ | 98 DEFINE_integer verity_error_behavior 2 \ |
| 99 "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" | 99 "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" |
| 100 DEFINE_integer verity_depth 1 \ | 100 DEFINE_integer verity_depth 0 \ |
|
gauravsh
2011/04/20 22:29:26
Add a TODO referencing a filed bug here that we sh
| |
| 101 "Kernel verified boot hash tree depth" | 101 "Kernel verified boot hash tree depth" |
| 102 DEFINE_integer verity_max_ios 1024 \ | 102 DEFINE_integer verity_max_ios 1024 \ |
| 103 "Number of outstanding I/O operations dm-verity caps at." | 103 "Number of outstanding I/O operations dm-verity caps at." |
| 104 DEFINE_string verity_algorithm "sha1" \ | 104 DEFINE_string verity_algorithm "sha1" \ |
| 105 "Cryptographic hash algorithm used for kernel vboot." | 105 "Cryptographic hash algorithm used for kernel vboot." |
| 106 | 106 |
| 107 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ | 107 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ |
| 108 "Directory containing the signing keys." | 108 "Directory containing the signing keys." |
| 109 | 109 |
| 110 DEFINE_string rootfs_mountpoint "/tmp/rootfs" \ | 110 DEFINE_string rootfs_mountpoint "/tmp/rootfs" \ |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 311 mkdir -p ${FLAGS_espfs_mountpoint} | 311 mkdir -p ${FLAGS_espfs_mountpoint} |
| 312 | 312 |
| 313 make_image_bootable "${IMAGE}" | 313 make_image_bootable "${IMAGE}" |
| 314 verify_image_rootfs "${IMAGE}" | 314 verify_image_rootfs "${IMAGE}" |
| 315 | 315 |
| 316 if [ ${FLAGS_cleanup_dirs} -eq ${FLAGS_TRUE} ]; then | 316 if [ ${FLAGS_cleanup_dirs} -eq ${FLAGS_TRUE} ]; then |
| 317 rmdir ${FLAGS_rootfs_mountpoint} | 317 rmdir ${FLAGS_rootfs_mountpoint} |
| 318 rmdir ${FLAGS_statefulfs_mountpoint} | 318 rmdir ${FLAGS_statefulfs_mountpoint} |
| 319 rmdir ${FLAGS_espfs_mountpoint} | 319 rmdir ${FLAGS_espfs_mountpoint} |
| 320 fi | 320 fi |
| OLD | NEW |
