From 0ef44633efeed22f63a0aca3c252e64497d0d60a Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Tue, 13 Dec 2016 13:46:05 -0800 Subject: [PATCH] build_image: Remove enable_verity flag To make verity work both enable_rootfs_verification and enable_verity need to be set. Without one verity just gets half enabled. Remove the enable_verity flag and do the full verity setup when enable_rootfs_verification is set. Signed-off-by: Geoff Levand --- build_image | 2 -- build_library/build_image_util.sh | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/build_image b/build_image index 9ee671732a..0bc7deb33a 100755 --- a/build_image +++ b/build_image @@ -28,8 +28,6 @@ DEFINE_string getbinpkgver "" \ "Use binary packages from a specific version." DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \ "Default all bootloaders to use kernel-based root fs integrity checking." -DEFINE_boolean enable_verity ${FLAGS_TRUE} \ - "Default GRUB to use dm-verity-enabled boot arguments" DEFINE_string base_pkg "coreos-base/coreos" \ "The base portage package to base the build off of (only applies to prod images)" DEFINE_string base_dev_pkg "coreos-base/coreos-dev" \ diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 0bd83b6b78..6bdf03267e 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -404,7 +404,7 @@ finish_image() { target_list="arm64-efi" fi for target in ${target_list}; do - if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} && ${FLAGS_enable_verity} -eq ${FLAGS_TRUE} ]]; then + if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then ${BUILD_LIBRARY_DIR}/grub_install.sh \ --board="${BOARD}" \ --target="${target}" \