mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-23 14:41:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

src/scripts: remove all references to verity_depth

Browse Source 
This option is now deprecated. Remove from all scripts

To understand the impact of this change ran the following searches:

http://codesearch.google.com/codesearch?as_q=package%3Achromiumos+verity_depth
http://codesearch.google.com/codesearch?hl=en&lr=&q=package%3Achromiumos+verity_tree_depth

BUG=chromium-os:14357
TEST=Ran build_image, mod_image_for_test.sh, chromeos-install, and mod_image_for_recovery.sh.

Change-Id: I79e0e5fe1c917fbb54cc7c7f152d3c97d5f5c9b5

R=wad@chromium.org,scottz@chromium.org,gauravsh@chromium.org

Review URL: http://codereview.chromium.org/6901005
This commit is contained in:
Mandeep Singh Baines 2011-04-28 13:50:33 -07:00
parent a6af201ff8
commit 118692ab3f
5 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/cros_make_image_bootable
View File

@ -97,9 +97,6 @@ DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
"Default all bootloaders to use kernel-based root fs integrity checking." "Default all bootloaders to use kernel-based root fs integrity checking."
DEFINE_integer verity_error_behavior 2 \ DEFINE_integer verity_error_behavior 2 \
"Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)" "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)"
# TODO(msb) remove this option (http://crosbug.com/14357)
DEFINE_integer verity_depth 0 \
"Kernel verified boot hash tree depth"
DEFINE_integer verity_max_ios 1024 \ DEFINE_integer verity_max_ios 1024 \
"Number of outstanding I/O operations dm-verity caps at." "Number of outstanding I/O operations dm-verity caps at."
DEFINE_string verity_algorithm "sha1" \ DEFINE_string verity_algorithm "sha1" \
@ -201,7 +198,6 @@ make_image_bootable() {
--rootfs_image=${root_dev} \ --rootfs_image=${root_dev} \
--rootfs_hash=${FLAGS_rootfs_hash} \ --rootfs_hash=${FLAGS_rootfs_hash} \
--verity_hash_alg=${FLAGS_verity_algorithm} \ --verity_hash_alg=${FLAGS_verity_algorithm} \
--verity_tree_depth=${FLAGS_verity_depth} \
--verity_max_ios=${FLAGS_verity_max_ios} \ --verity_max_ios=${FLAGS_verity_max_ios} \
--verity_error_behavior=${FLAGS_verity_error_behavior} \ --verity_error_behavior=${FLAGS_verity_error_behavior} \
--root=${cros_root} \ --root=${cros_root} \

1
build_image
View File

@ -396,7 +396,6 @@ create_boot_desc() {
--statefulfs_mountpoint="${STATEFUL_FS_DIR}" --statefulfs_mountpoint="${STATEFUL_FS_DIR}"
--espfs_mountpoint="${ESP_FS_DIR}" --espfs_mountpoint="${ESP_FS_DIR}"
--verity_error_behavior="${FLAGS_verity_error_behavior}" --verity_error_behavior="${FLAGS_verity_error_behavior}"
--verity_depth="0"
--verity_max_ios="${FLAGS_verity_max_ios}" --verity_max_ios="${FLAGS_verity_max_ios}"
--verity_algorithm="${FLAGS_verity_algorithm}" --verity_algorithm="${FLAGS_verity_algorithm}"
--keys_dir="${DEVKEYSDIR}" --keys_dir="${DEVKEYSDIR}"

5
build_kernel_image.sh
View File

@ -64,8 +64,6 @@ DEFINE_string rootfs_hash "" \
DEFINE_integer verity_error_behavior 2 \ DEFINE_integer verity_error_behavior 2 \
"Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \ "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \
(Default: 2)" (Default: 2)"
DEFINE_integer verity_tree_depth 0 \
"Optional Verified boot hash tree depth. (Default: 0)"
DEFINE_integer verity_max_ios -1 \ DEFINE_integer verity_max_ios -1 \
"Optional number of outstanding I/O operations. (Default: -1)" "Optional number of outstanding I/O operations. (Default: -1)"
DEFINE_string verity_hash_alg "sha1" \ DEFINE_string verity_hash_alg "sha1" \
@ -101,7 +99,8 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
info "Generating root fs hash tree." info "Generating root fs hash tree."
# Runs as sudo in case the image is a block device. # Runs as sudo in case the image is a block device.
table=$(sudo verity create ${FLAGS_verity_tree_depth} \ # First argument to verity is reserved/unused and MUST be 0
table=$(sudo verity create 0 \
${FLAGS_verity_hash_alg} \ ${FLAGS_verity_hash_alg} \
${FLAGS_rootfs_image} \ ${FLAGS_rootfs_image} \
${root_fs_blocks} \ ${root_fs_blocks} \

1
mod_image_for_recovery.sh
View File

@ -208,7 +208,6 @@ create_recovery_kernel_image() {
# TODO(wad) just update these everywhere # TODO(wad) just update these everywhere
verity_args=$(echo $verity_args | sed \ verity_args=$(echo $verity_args | sed \
-e 's/verity_algorithm/verity_hash_alg/g' \ -e 's/verity_algorithm/verity_hash_alg/g' \
-e 's/verity_depth/verity_tree_depth/g' \
-e 's/"//g') -e 's/"//g')
# Tie the installed recovery kernel to the final kernel. If we don't # Tie the installed recovery kernel to the final kernel. If we don't

5
verify_rootfs_chksum.sh
View File

@ -98,13 +98,12 @@ KERNEL_CONFIG=$(sudo "${DUMP_KERNEL_CONFIG}" "${KERNEL_IMG}")
kernel_cfg="$(echo "${KERNEL_CONFIG}" | sed -e 's/.*dm="\([^"]*\)".*/\1/g' | kernel_cfg="$(echo "${KERNEL_CONFIG}" | sed -e 's/.*dm="\([^"]*\)".*/\1/g' |
cut -f2- -d,)" cut -f2- -d,)"
rootfs_sectors=$(echo ${kernel_cfg} | cut -f2 -d' ') rootfs_sectors=$(echo ${kernel_cfg} | cut -f2 -d' ')
verity_depth=$(echo ${kernel_cfg} | cut -f7 -d' ')
verity_algorithm=$(echo ${kernel_cfg} | cut -f8 -d' ') verity_algorithm=$(echo ${kernel_cfg} | cut -f8 -d' ')
# Compute the rootfs hash tree # Compute the rootfs hash tree
VERITY=/bin/verity VERITY=/bin/verity
table="vroot none ro,"$(sudo "${VERITY}" create \ # First argument to verity is reserved/unused and MUST be 0
${verity_depth} \ table="vroot none ro,"$(sudo "${VERITY}" create 0 \
"${verity_algorithm}" \ "${verity_algorithm}" \
"${ROOTFS_IMG}" \ "${ROOTFS_IMG}" \
$((rootfs_sectors / 8)) \ $((rootfs_sectors / 8)) \