build_image, build_kernel_image, legacy_bootloaders: Rename vboot flags

The use_vboot and vboot_ flags were confusing from a functionality perspective
since verified boot as a feature encompasses firmware and kernel functionality.
The firmware bits are always enabled, but use_vboot enabled the image-integrity
portion of vboot.  It is not called
  --enable_rootfs_verification
and all options for the kernel functionality is under --verity_* given that
verity/dm-verity is the current working name for the module and userspace tool.

TEST=ran x86-generic build_image & tegra2-dev-board build_image and checked the resulting boot.config files (with and without --enable_rootfs_verification).
BUG=chromium-os:2693

Review URL: http://codereview.chromium.org/2917008

build_image

@@ -62,17 +62,17 @@ DEFINE_boolean fast ${FLAGS_FALSE} \
 DEFINE_string usb_disk /dev/sdb3 \
   "Path syslinux should use to do a usb boot. Default: /dev/sdb3"
 
-DEFINE_boolean use_vboot ${FLAGS_FALSE} \
+DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
-  "Default the bootloaders to booting a verifying kernel. Default: False."
+  "Default all bootloaders to use kernel-based root fs integrity checking."
-DEFINE_integer vboot_behavior 2 \
+DEFINE_integer verity_error_behavior 2 \
-  "Verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
+  "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
 Default: 2"
-DEFINE_integer vboot_depth 1 \
+DEFINE_integer verity_depth 1 \
-  "Verified boot hash tree depth. Default: 1"
+  "Kernel verified boot hash tree depth. Default: 1"
-DEFINE_integer vboot_max_ios 1024 \
+DEFINE_integer verity_max_ios 1024 \
   "Number of outstanding I/O operations dm-verity caps at. Default: 1024"
-DEFINE_string vboot_algorithm "sha1" \
+DEFINE_string verity_algorithm "sha1" \
-  "Cryptographic hash algorithm used for vboot. Default : sha1"
+  "Cryptographic hash algorithm used for kernel vboot. Default : sha1"
 
 # Parse command line.
 FLAGS "$@" || exit 1
@@ -279,7 +279,7 @@ make_image_bootable() {
     # TODO(wad) assumed like in build_gpt for now.
     cros_root=/dev/mmcblk1p3
   fi
-  if [[ ${FLAGS_use_vboot} -eq ${FLAGS_TRUE} ]]; then
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
     cros_root=/dev/dm-0
   fi
 
@@ -305,10 +305,10 @@ make_image_bootable() {
     --keep_work \
     --rootfs_image=${root_dev} \
     --rootfs_hash=${OUTPUT_DIR}/rootfs.hash \
-    --vboot_hash_alg=${FLAGS_vboot_algorithm} \
+    --verity_hash_alg=${FLAGS_verity_algorithm} \
-    --vboot_tree_depth=${FLAGS_vboot_depth} \
+    --verity_tree_depth=${FLAGS_verity_depth} \
-    --vboot_max_ios=${FLAGS_vboot_max_ios} \
+    --verity_max_ios=${FLAGS_verity_max_ios} \
-    --vboot_error_behavior=${FLAGS_vboot_behavior} \
+    --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --root=${cros_root} \
     --keys_dir="${DEVKEYSDIR}"
 
@@ -582,13 +582,16 @@ create_base_image() {
   # use those templates to update the legacy boot partition (12/ESP)
   # on update.
   # (This script does not populate vmlinuz.A and .B needed by syslinux.)
-  use_vboot=
+  enable_rootfs_verification=
-  [[ ${FLAGS_use_vboot} -eq ${FLAGS_TRUE} ]] && use_vboot="--use_vboot"
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
+    enable_rootfs_verification="--enable_rootfs_verification"
+  fi
+
   ${SCRIPTS_DIR}/create_legacy_bootloader_templates.sh \
     --arch=${ARCH} \
     --to="${ROOT_FS_DIR}"/boot \
     --install \
-    ${use_vboot}
+    ${enable_rootfs_verification}
 
   # Create a working copy so we don't need the rootfs mounted
   sudo mkdir -p "${OUTPUT_DIR}"/boot

build_kernel_image.sh

@@ -38,15 +38,15 @@ DEFINE_string rootfs_image "" \
   "Optional path to the rootfs device or image.(Default: \"\")"
 DEFINE_string rootfs_hash "" \
   "Optional path to output the rootfs hash to. (Default: \"\")"
-DEFINE_integer vboot_error_behavior 2 \
+DEFINE_integer verity_error_behavior 2 \
   "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \
 (Default: 2)"
-DEFINE_integer vboot_tree_depth 1 \
+DEFINE_integer verity_tree_depth 1 \
   "Optional Verified boot hash tree depth. (Default: 1)"
-DEFINE_integer vboot_max_ios 1024 \
+DEFINE_integer verity_max_ios 1024 \
   "Optional number of outstanding I/O operations. (Default: 1024)"
-DEFINE_string vboot_hash_alg "sha1" \
+DEFINE_string verity_hash_alg "sha1" \
-  "Cryptographic hash algorithm used for vboot. (Default: sha1)"
+  "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
 
 # Parse flags
 FLAGS "$@" || exit 1
@@ -55,7 +55,7 @@ eval set -- "${FLAGS_ARGV}"
 # Die on error
 set -e
 
-vboot_args=
+verity_args=
 # Even with a rootfs_image, root= is not changed unless specified.
 if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
   info "Determining root fs block count."
@@ -75,8 +75,8 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
 
   info "Generating root fs hash tree."
   # Runs as sudo in case the image is a block device.
-  table=$(sudo verity create ${FLAGS_vboot_tree_depth} \
+  table=$(sudo verity create ${FLAGS_verity_tree_depth} \
-                        ${FLAGS_vboot_hash_alg} \
+                        ${FLAGS_verity_hash_alg} \
                         ${FLAGS_rootfs_image} \
                         ${root_fs_blocks} \
                         ${FLAGS_rootfs_hash})
@@ -90,16 +90,16 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
     table=${table//HASH_DEV/\/dev\/sd%D%P}
     table=${table//ROOT_DEV/\/dev\/sd%D%P}
   fi
-  vboot_args="dm=\"${table}\""
+  verity_args="dm=\"${table}\""
-  info "dm-verity configuration: ${vboot_args}"
+  info "dm-verity configuration: ${verity_args}"
 fi
 
 mkdir -p "${FLAGS_working_dir}"
 cat <<EOF > "${FLAGS_working_dir}/boot.config"
 root=${FLAGS_root}
-dm_verity.error_behavior=${FLAGS_vboot_error_behavior}
+dm_verity.error_behavior=${FLAGS_verity_error_behavior}
-dm_verity.max_bios=${FLAGS_vboot_max_ios}
+dm_verity.max_bios=${FLAGS_verity_max_ios}
-${vboot_args}
+${verity_args}
 ${FLAGS_boot_args}
 EOF
 

create_legacy_bootloader_templates.sh

@@ -22,12 +22,12 @@ DEFINE_string usb_disk /dev/sdb3 \
   "Path syslinux should use to do a usb boot. Default: /dev/sdb3"
 DEFINE_string boot_args "" \
   "Additional boot arguments to pass to the commandline (Default: '')"
-DEFINE_boolean use_vboot ${FLAGS_FALSE} \
+DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
-  "Controls whether the default boot targets are verified (Default: false)"
+  "Controls if verity is used for root filesystem checking (Default: false)"
-DEFINE_integer vboot_error_behavior 2 \
+DEFINE_integer verity_error_behavior 2 \
   "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \
 (Default: 2)"
-DEFINE_integer vboot_max_ios 1024 \
+DEFINE_integer verity_max_ios 1024 \
   "Optional number of outstanding I/O operations. (Default: 1024)"
 
 # Parse flags
@@ -40,8 +40,8 @@ common_args="quiet console=tty2 init=/sbin/init boot=local rootwait ro noresume"
 common_args="${common_args} noswap loglevel=1"
 
 # Common verified boot command-line args
-vboot_common="dm_verity.error_behavior=${FLAGS_vboot_error_behavior}"
+verity_common="dm_verity.error_behavior=${FLAGS_verity_error_behavior}"
-vboot_common="${vboot_common} dm_verity.max_bios=${FLAGS_vboot_max_ios}"
+verity_common="${verity_common} dm_verity.max_bios=${FLAGS_verity_max_ios}"
 
 # Populate the x86 rootfs to support legacy and EFI bios config templates.
 # The templates are used by the installer to populate partition 12 with
@@ -98,7 +98,7 @@ include /syslinux/root.B.cfg
 EOF
   info "Emitted ${SYSLINUX_DIR}/syslinux.cfg"
 
-  if [[ ${FLAGS_use_vboot} -eq ${FLAGS_TRUE} ]]; then
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
     # To change the active target, only this file needs to change.
     cat <<EOF | sudo dd of="${SYSLINUX_DIR}/default.cfg" 2>/dev/null
 DEFAULT chromeos-vusb.A
@@ -119,7 +119,7 @@ label chromeos-usb.A
 label chromeos-vusb.A
   menu label chromeos-vusb.A
   kernel vmlinuz.A
-  append ${common_args} ${vboot_common} root=/dev/dm-0 i915.modeset=1 cros_legacy dm="DMTABLEA"
+  append ${common_args} ${verity_common} root=/dev/dm-0 i915.modeset=1 cros_legacy dm="DMTABLEA"
 EOF
   info "Emitted ${SYSLINUX_DIR}/usb.A.cfg"
 
@@ -135,7 +135,7 @@ label chromeos-hd.A
 label chromeos-vhd.A
   menu label chromeos-vhd.A
   kernel vmlinuz.A
-  append ${common_args} ${vboot_common} root=/dev/dm-0 i915.modeset=1 cros_legacy dm="DMTABLEA"
+  append ${common_args} ${verity_common} root=/dev/dm-0 i915.modeset=1 cros_legacy dm="DMTABLEA"
 EOF
   info "Emitted ${SYSLINUX_DIR}/root.A.cfg"
 
@@ -148,7 +148,7 @@ label chromeos-hd.B
 label chromeos-vhd.B
   menu label chromeos-vhd.B
   kernel vmlinuz.B
-  append ${common_args} ${vboot_common} root=/dev/dm-0 i915.modeset=1 cros_legacy dm="DMTABLEB"
+  append ${common_args} ${verity_common} root=/dev/dm-0 i915.modeset=1 cros_legacy dm="DMTABLEB"
 EOF
   info "Emitted ${SYSLINUX_DIR}/root.B.cfg"
 
@@ -181,11 +181,11 @@ menuentry "local image B" {
 }
 
 menuentry "verified image A" {
-  linux \$grubpartA/boot/vmlinuz ${common_args} ${vboot_common} i915.modeset=1 cros_efi root=/dev/dm-0 dm="DMTABLEA"
+  linux \$grubpartA/boot/vmlinuz ${common_args} ${verity_common} i915.modeset=1 cros_efi root=/dev/dm-0 dm="DMTABLEA"
 }
 
 menuentry "verified image B" {
-  linux \$grubpartB/boot/vmlinuz ${common_args} ${vboot_common} i915.modeset=1 cros_efi root=/dev/dm-0 dm="DMTABLEB"
+  linux \$grubpartB/boot/vmlinuz ${common_args} ${verity_common} i915.modeset=1 cros_efi root=/dev/dm-0 dm="DMTABLEB"
 }
 
 # FIXME: usb doesn't support verified boot for now
@@ -193,7 +193,7 @@ menuentry "Alternate USB Boot" {
   linux (hd0,3)/boot/vmlinuz ${common_args} root=/dev/sdb3 i915.modeset=1 cros_efi
 }
 EOF
-  if [[ ${FLAGS_use_vboot} -eq ${FLAGS_TRUE} ]]; then
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
     sudo sed -i -e 's/^set default=.*/set default=2/' \
        "${FLAGS_to}/efi/boot/grub.cfg"
   fi