| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Helper script that generates the signed kernel image | 7 # Helper script that generates the signed kernel image |
| 8 | 8 |
| 9 # --- BEGIN COMMON.SH BOILERPLATE --- | 9 # --- BEGIN COMMON.SH BOILERPLATE --- |
| 10 # Load common CrOS utilities. Inside the chroot this file is installed in | 10 # Load common CrOS utilities. Inside the chroot this file is installed in |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 DEFINE_string root "/dev/sd%D%P" \ | 57 DEFINE_string root "/dev/sd%D%P" \ |
| 58 "Expected device root partition" | 58 "Expected device root partition" |
| 59 # If provided, will automatically add verified boot arguments. | 59 # If provided, will automatically add verified boot arguments. |
| 60 DEFINE_string rootfs_image "" \ | 60 DEFINE_string rootfs_image "" \ |
| 61 "Optional path to the rootfs device or image.(Default: \"\")" | 61 "Optional path to the rootfs device or image.(Default: \"\")" |
| 62 DEFINE_string rootfs_hash "" \ | 62 DEFINE_string rootfs_hash "" \ |
| 63 "Optional path to output the rootfs hash to. (Default: \"\")" | 63 "Optional path to output the rootfs hash to. (Default: \"\")" |
| 64 DEFINE_integer verity_error_behavior 2 \ | 64 DEFINE_integer verity_error_behavior 2 \ |
| 65 "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \ | 65 "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \ |
| 66 (Default: 2)" | 66 (Default: 2)" |
| 67 DEFINE_integer verity_tree_depth 0 \ | |
| 68 "Optional Verified boot hash tree depth. (Default: 0)" | |
| 69 DEFINE_integer verity_max_ios -1 \ | 67 DEFINE_integer verity_max_ios -1 \ |
| 70 "Optional number of outstanding I/O operations. (Default: -1)" | 68 "Optional number of outstanding I/O operations. (Default: -1)" |
| 71 DEFINE_string verity_hash_alg "sha1" \ | 69 DEFINE_string verity_hash_alg "sha1" \ |
| 72 "Cryptographic hash algorithm used for dm-verity. (Default: sha1)" | 70 "Cryptographic hash algorithm used for dm-verity. (Default: sha1)" |
| 73 | 71 |
| 74 # TODO(clchiou): Remove this flag after arm verified boot is stable | 72 # TODO(clchiou): Remove this flag after arm verified boot is stable |
| 75 DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \ | 73 DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_FALSE} \ |
| 76 "Sign kernel partition for ARM images (temporary hack)." | 74 "Sign kernel partition for ARM images (temporary hack)." |
| 77 | 75 |
| 78 # Parse flags | 76 # Parse flags |
| (...skipping 15 matching lines...) Expand all Loading... |
| 94 grep "Block size" | | 92 grep "Block size" | |
| 95 tr -d ' ' | | 93 tr -d ' ' | |
| 96 cut -f2 -d:) | 94 cut -f2 -d:) |
| 97 info "rootfs is ${root_fs_blocks} blocks of ${root_fs_block_sz} bytes" | 95 info "rootfs is ${root_fs_blocks} blocks of ${root_fs_block_sz} bytes" |
| 98 if [[ ${root_fs_block_sz} -ne 4096 ]]; then | 96 if [[ ${root_fs_block_sz} -ne 4096 ]]; then |
| 99 error "Root file system blocks are not 4k!" | 97 error "Root file system blocks are not 4k!" |
| 100 fi | 98 fi |
| 101 | 99 |
| 102 info "Generating root fs hash tree." | 100 info "Generating root fs hash tree." |
| 103 # Runs as sudo in case the image is a block device. | 101 # Runs as sudo in case the image is a block device. |
| 104 table=$(sudo verity create ${FLAGS_verity_tree_depth} \ | 102 # First argument to verity is reserved/unused and MUST be 0 |
| 103 table=$(sudo verity create 0 \ |
| 105 ${FLAGS_verity_hash_alg} \ | 104 ${FLAGS_verity_hash_alg} \ |
| 106 ${FLAGS_rootfs_image} \ | 105 ${FLAGS_rootfs_image} \ |
| 107 ${root_fs_blocks} \ | 106 ${root_fs_blocks} \ |
| 108 ${FLAGS_rootfs_hash}) | 107 ${FLAGS_rootfs_hash}) |
| 109 if [[ -f "${FLAGS_rootfs_hash}" ]]; then | 108 if [[ -f "${FLAGS_rootfs_hash}" ]]; then |
| 110 sudo chmod a+r "${FLAGS_rootfs_hash}" | 109 sudo chmod a+r "${FLAGS_rootfs_hash}" |
| 111 fi | 110 fi |
| 112 # Don't claim the root device unless the root= flag is pointed to | 111 # Don't claim the root device unless the root= flag is pointed to |
| 113 # the verified boot device. Doing so will claim /dev/sdDP out from | 112 # the verified boot device. Doing so will claim /dev/sdDP out from |
| 114 # under the system. | 113 # under the system. |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 294 info "Cleaning up temporary files: ${WORK}" | 293 info "Cleaning up temporary files: ${WORK}" |
| 295 rm ${WORK} | 294 rm ${WORK} |
| 296 rmdir ${FLAGS_working_dir} | 295 rmdir ${FLAGS_working_dir} |
| 297 fi | 296 fi |
| 298 | 297 |
| 299 info "Kernel partition image emitted: ${FLAGS_to}" | 298 info "Kernel partition image emitted: ${FLAGS_to}" |
| 300 | 299 |
| 301 if [[ -f ${FLAGS_rootfs_hash} ]]; then | 300 if [[ -f ${FLAGS_rootfs_hash} ]]; then |
| 302 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" | 301 info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" |
| 303 fi | 302 fi |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6901005:
src/scripts: remove all references to verity_depth (Closed)
Base URL: http://git.chromium.org/git/crosutils.git@master