| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 # | 2 # |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 # | 6 # |
| 7 # Script which ensures that a given image has an up-to-date | 7 # Script which ensures that a given image has an up-to-date |
| 8 # kernel partition, rootfs integrity hashes, and legacy bootloader configs. | 8 # kernel partition, rootfs integrity hashes, and legacy bootloader configs. |
| 9 | 9 |
| 10 # --- BEGIN COMMON.SH BOILERPLATE --- | 10 # --- BEGIN COMMON.SH BOILERPLATE --- |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 # ceil(0.1 * rootfs_size) is a good minimum. | 90 # ceil(0.1 * rootfs_size) is a good minimum. |
| 91 DEFINE_integer rootfs_hash_pad 8 \ | 91 DEFINE_integer rootfs_hash_pad 8 \ |
| 92 "MBs reserved at the end of the rootfs image." | 92 "MBs reserved at the end of the rootfs image." |
| 93 | 93 |
| 94 DEFINE_string rootfs_hash "/tmp/rootfs.hash" \ | 94 DEFINE_string rootfs_hash "/tmp/rootfs.hash" \ |
| 95 "Path where the rootfs hash should be stored." | 95 "Path where the rootfs hash should be stored." |
| 96 DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \ | 96 DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \ |
| 97 "Default all bootloaders to use kernel-based root fs integrity checking." | 97 "Default all bootloaders to use kernel-based root fs integrity checking." |
| 98 DEFINE_integer verity_error_behavior 2 \ | 98 DEFINE_integer verity_error_behavior 2 \ |
| 99 "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" | 99 "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" |
| 100 # TODO(msb) remove this option (http://crosbug.com/14357) | |
| 101 DEFINE_integer verity_depth 0 \ | |
| 102 "Kernel verified boot hash tree depth" | |
| 103 DEFINE_integer verity_max_ios 1024 \ | 100 DEFINE_integer verity_max_ios 1024 \ |
| 104 "Number of outstanding I/O operations dm-verity caps at." | 101 "Number of outstanding I/O operations dm-verity caps at." |
| 105 DEFINE_string verity_algorithm "sha1" \ | 102 DEFINE_string verity_algorithm "sha1" \ |
| 106 "Cryptographic hash algorithm used for kernel vboot." | 103 "Cryptographic hash algorithm used for kernel vboot." |
| 107 | 104 |
| 108 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ | 105 DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ |
| 109 "Directory containing the signing keys." | 106 "Directory containing the signing keys." |
| 110 | 107 |
| 111 DEFINE_string rootfs_mountpoint "/tmp/rootfs" \ | 108 DEFINE_string rootfs_mountpoint "/tmp/rootfs" \ |
| 112 "Path where the rootfs can be safely mounted" | 109 "Path where the rootfs can be safely mounted" |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 194 --arch="${FLAGS_arch}" \ | 191 --arch="${FLAGS_arch}" \ |
| 195 --to="${FLAGS_output_dir}/vmlinuz.image" \ | 192 --to="${FLAGS_output_dir}/vmlinuz.image" \ |
| 196 --hd_vblock="${FLAGS_output_dir}/vmlinuz_hd.vblock" \ | 193 --hd_vblock="${FLAGS_output_dir}/vmlinuz_hd.vblock" \ |
| 197 --vmlinuz="${FLAGS_rootfs_mountpoint}/boot/vmlinuz" \ | 194 --vmlinuz="${FLAGS_rootfs_mountpoint}/boot/vmlinuz" \ |
| 198 --working_dir="${FLAGS_output_dir}" \ | 195 --working_dir="${FLAGS_output_dir}" \ |
| 199 --boot_args="${FLAGS_boot_args}" \ | 196 --boot_args="${FLAGS_boot_args}" \ |
| 200 --keep_work \ | 197 --keep_work \ |
| 201 --rootfs_image=${root_dev} \ | 198 --rootfs_image=${root_dev} \ |
| 202 --rootfs_hash=${FLAGS_rootfs_hash} \ | 199 --rootfs_hash=${FLAGS_rootfs_hash} \ |
| 203 --verity_hash_alg=${FLAGS_verity_algorithm} \ | 200 --verity_hash_alg=${FLAGS_verity_algorithm} \ |
| 204 --verity_tree_depth=${FLAGS_verity_depth} \ | |
| 205 --verity_max_ios=${FLAGS_verity_max_ios} \ | 201 --verity_max_ios=${FLAGS_verity_max_ios} \ |
| 206 --verity_error_behavior=${FLAGS_verity_error_behavior} \ | 202 --verity_error_behavior=${FLAGS_verity_error_behavior} \ |
| 207 --root=${cros_root} \ | 203 --root=${cros_root} \ |
| 208 --keys_dir="${FLAGS_keys_dir}" \ | 204 --keys_dir="${FLAGS_keys_dir}" \ |
| 209 ${crosbug12352_flag} \ | 205 ${crosbug12352_flag} \ |
| 210 ${use_dev_keys} | 206 ${use_dev_keys} |
| 211 | 207 |
| 212 local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash}) | 208 local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash}) |
| 213 info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs" | 209 info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs" |
| 214 if [[ ${rootfs_hash_size} -gt $((FLAGS_rootfs_hash_pad * 1024 * 1024)) ]] | 210 if [[ ${rootfs_hash_size} -gt $((FLAGS_rootfs_hash_pad * 1024 * 1024)) ]] |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 312 mkdir -p ${FLAGS_espfs_mountpoint} | 308 mkdir -p ${FLAGS_espfs_mountpoint} |
| 313 | 309 |
| 314 make_image_bootable "${IMAGE}" | 310 make_image_bootable "${IMAGE}" |
| 315 verify_image_rootfs "${IMAGE}" | 311 verify_image_rootfs "${IMAGE}" |
| 316 | 312 |
| 317 if [ ${FLAGS_cleanup_dirs} -eq ${FLAGS_TRUE} ]; then | 313 if [ ${FLAGS_cleanup_dirs} -eq ${FLAGS_TRUE} ]; then |
| 318 rmdir ${FLAGS_rootfs_mountpoint} | 314 rmdir ${FLAGS_rootfs_mountpoint} |
| 319 rmdir ${FLAGS_statefulfs_mountpoint} | 315 rmdir ${FLAGS_statefulfs_mountpoint} |
| 320 rmdir ${FLAGS_espfs_mountpoint} | 316 rmdir ${FLAGS_espfs_mountpoint} |
| 321 fi | 317 fi |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6901005:
src/scripts: remove all references to verity_depth (Closed)
Base URL: http://git.chromium.org/git/crosutils.git@master