build_image: Remove enable_verity flag

To make verity work both enable_rootfs_verification and enable_verity need to be set. Without one verity just gets half enabled. Remove the enable_verity flag and do the full verity setup when enable_rootfs_verification is set. Signed-off-by: Geoff Levand <geoff@infradead.org>
2025-08-07 04:56:58 +02:00 · 2016-12-13 13:46:05 -08:00 · 2016-12-13 13:46:05 -08:00 · 0ef44633ef
commit 0ef44633ef
parent a7ffba9a9f
2 changed files with 1 additions and 3 deletions
--- a/2
+++ b/2
@ -28,8 +28,6 @@ DEFINE_string getbinpkgver "" \
  "Use binary packages from a specific version."
 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
  "Default all bootloaders to use kernel-based root fs integrity checking."
-DEFINE_boolean enable_verity ${FLAGS_TRUE} \
-  "Default GRUB to use dm-verity-enabled boot arguments"
 DEFINE_string base_pkg "coreos-base/coreos" \
  "The base portage package to base the build off of (only applies to prod images)"
 DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@ -404,7 +404,7 @@ finish_image() {
      target_list="arm64-efi"
    fi
    for target in ${target_list}; do
-      if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} && ${FLAGS_enable_verity} -eq ${FLAGS_TRUE} ]]; then
+      if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
        ${BUILD_LIBRARY_DIR}/grub_install.sh \
            --board="${BOARD}" \
            --target="${target}" \