build_image: default to using verified rootfs for x86

This change enables root filesystem integrity checking for all x86 builds by default. All mod_image_for_* work with this and the factory_install. In addition, the BVT tests all pass running on a dm-verity root. [I will send a mail to the chromium-os-dev once this lands with instructions on how to build with it and how to turn it off (chromeos-setimage) on an installed machine.] Once this is functioning, I will start migrating the build/install process over to use the UUID-based boot. TEST=built x86-generic, mod'd for test, installed, ran suite_BuildVerify BUG=chromium-os:5100 Review URL: http://codereview.chromium.org/3143025 Change-Id: Ib23962b7a5e034ef6aea31b4361944ba894700c6
2025-12-07 18:31:54 +01:00 · 2010-08-17 17:27:16 -05:00 · 2010-08-17 17:27:16 -05:00 · 12f14ce889
commit 12f14ce889
parent d253badb6c
1 changed files with 12 additions and 5 deletions
--- a/17
+++ b/17
@ -67,7 +67,7 @@ DEFINE_boolean fast ${DEFAULT_FAST} \
 DEFINE_string usb_disk /dev/sdb3 \
  "Path syslinux should use to do a usb boot. Default: /dev/sdb3"

-DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
+DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
  "Default all bootloaders to use kernel-based root fs integrity checking."
 DEFINE_integer verity_error_behavior 2 \
  "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
@ -201,10 +201,6 @@ if [[ ${FLAGS_jobs} -ne -1 ]]; then
  EMERGE_JOBS="--jobs=${FLAGS_jobs}"
 fi

-if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
-  enable_rootfs_verification_flag="--enable_rootfs_verification"
-fi
-
 # Figure out ARCH from the given toolchain.
 # TODO: Move to common.sh as a function after scripts are switched over.
 TC_ARCH=$(echo "${CHOST}" | awk -F'-' '{ print $1 }')
@ -220,6 +216,17 @@ case "${TC_ARCH}" in
    exit 1
 esac

+if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
+  enable_rootfs_verification_flag="--enable_rootfs_verification"
+  # Comment out this section if you need to start testing vboot on arm.
+  if [[ "${ARCH}" = "arm" ]]; then
+    warn "ARM does not yet support --enable_rootfs_verification"
+    warn "Root filesystem verification has been disabled."
+    enable_rootfs_verification_flag=
+    FLAGS_enable_rootfs_verification_flag=${FLAGS_FALSE}
+  fi
+fi
+
 # Hack to fix bug where x86_64 CHOST line gets incorrectly added.
 # ToDo(msb): remove this hack.
 PACKAGES_FILE="${BOARD_ROOT}/packages/Packages"