From 118692ab3fc441515efbdd461ece799228c094bd Mon Sep 17 00:00:00 2001
From: Mandeep Singh Baines <msb@chromium.org>
Date: Thu, 28 Apr 2011 13:50:33 -0700
Subject: [PATCH] src/scripts: remove all references to verity_depth

This option is now deprecated. Remove from all scripts

To understand the impact of this change ran the following searches:

http://codesearch.google.com/codesearch?as_q=package%3Achromiumos+verity_depth
http://codesearch.google.com/codesearch?hl=en&lr=&q=package%3Achromiumos+verity_tree_depth

BUG=chromium-os:14357
TEST=Ran build_image, mod_image_for_test.sh, chromeos-install, and mod_image_for_recovery.sh.

Change-Id: I79e0e5fe1c917fbb54cc7c7f152d3c97d5f5c9b5

R=wad@chromium.org,scottz@chromium.org,gauravsh@chromium.org

Review URL: http://codereview.chromium.org/6901005
---
 bin/cros_make_image_bootable | 4 ----
 build_image                  | 1 -
 build_kernel_image.sh        | 5 ++---
 mod_image_for_recovery.sh    | 1 -
 verify_rootfs_chksum.sh      | 5 ++---
 5 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable
index 5f28d620f1..d4eb9c81db 100755
--- a/bin/cros_make_image_bootable
+++ b/bin/cros_make_image_bootable
@@ -97,9 +97,6 @@ DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
   "Default all bootloaders to use kernel-based root fs integrity checking."
 DEFINE_integer verity_error_behavior 2 \
   "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)"
-# TODO(msb) remove this option (http://crosbug.com/14357)
-DEFINE_integer verity_depth 0 \
-  "Kernel verified boot hash tree depth"
 DEFINE_integer verity_max_ios 1024 \
   "Number of outstanding I/O operations dm-verity caps at."
 DEFINE_string verity_algorithm "sha1" \
@@ -201,7 +198,6 @@ make_image_bootable() {
     --rootfs_image=${root_dev} \
     --rootfs_hash=${FLAGS_rootfs_hash} \
     --verity_hash_alg=${FLAGS_verity_algorithm} \
-    --verity_tree_depth=${FLAGS_verity_depth} \
     --verity_max_ios=${FLAGS_verity_max_ios} \
     --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --root=${cros_root} \
diff --git a/build_image b/build_image
index 8fbc2d8043..6982dbb9a9 100755
--- a/build_image
+++ b/build_image
@@ -396,7 +396,6 @@ create_boot_desc() {
   --statefulfs_mountpoint="${STATEFUL_FS_DIR}"
   --espfs_mountpoint="${ESP_FS_DIR}"
   --verity_error_behavior="${FLAGS_verity_error_behavior}"
-  --verity_depth="0"
   --verity_max_ios="${FLAGS_verity_max_ios}"
   --verity_algorithm="${FLAGS_verity_algorithm}"
   --keys_dir="${DEVKEYSDIR}"
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index 34fb977fb1..736d72a8b6 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -64,8 +64,6 @@ DEFINE_string rootfs_hash "" \
 DEFINE_integer verity_error_behavior 2 \
   "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \
 (Default: 2)"
-DEFINE_integer verity_tree_depth 0 \
-  "Optional Verified boot hash tree depth. (Default: 0)"
 DEFINE_integer verity_max_ios -1 \
   "Optional number of outstanding I/O operations. (Default: -1)"
 DEFINE_string verity_hash_alg "sha1" \
@@ -101,7 +99,8 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
 
   info "Generating root fs hash tree."
   # Runs as sudo in case the image is a block device.
-  table=$(sudo verity create ${FLAGS_verity_tree_depth} \
+  # First argument to verity is reserved/unused and MUST be 0
+  table=$(sudo verity create 0 \
                         ${FLAGS_verity_hash_alg} \
                         ${FLAGS_rootfs_image} \
                         ${root_fs_blocks} \
diff --git a/mod_image_for_recovery.sh b/mod_image_for_recovery.sh
index 0fe78c4ea4..1f05010dd5 100755
--- a/mod_image_for_recovery.sh
+++ b/mod_image_for_recovery.sh
@@ -208,7 +208,6 @@ create_recovery_kernel_image() {
   # TODO(wad) just update these everywhere
   verity_args=$(echo $verity_args | sed \
     -e 's/verity_algorithm/verity_hash_alg/g' \
-    -e 's/verity_depth/verity_tree_depth/g' \
     -e 's/"//g')
 
   # Tie the installed recovery kernel to the final kernel.  If we don't
diff --git a/verify_rootfs_chksum.sh b/verify_rootfs_chksum.sh
index 7ad196d897..bfe4c3a5d6 100755
--- a/verify_rootfs_chksum.sh
+++ b/verify_rootfs_chksum.sh
@@ -98,13 +98,12 @@ KERNEL_CONFIG=$(sudo "${DUMP_KERNEL_CONFIG}" "${KERNEL_IMG}")
 kernel_cfg="$(echo "${KERNEL_CONFIG}" | sed -e 's/.*dm="\([^"]*\)".*/\1/g' |
               cut -f2- -d,)"
 rootfs_sectors=$(echo ${kernel_cfg} | cut -f2 -d' ')
-verity_depth=$(echo ${kernel_cfg} | cut -f7 -d' ')
 verity_algorithm=$(echo ${kernel_cfg} | cut -f8 -d' ')
 
 # Compute the rootfs hash tree
 VERITY=/bin/verity
-table="vroot none ro,"$(sudo "${VERITY}" create \
-        ${verity_depth} \
+# First argument to verity is reserved/unused and MUST be 0
+table="vroot none ro,"$(sudo "${VERITY}" create 0 \
         "${verity_algorithm}" \
         "${ROOTFS_IMG}" \
         $((rootfs_sectors / 8)) \