From fc6717b6533b0ad3eb94436806bfc0c9905be4c8 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Wed, 17 Jul 2013 11:50:50 -0700 Subject: [PATCH 1/2] chore(*): remove kernel_image references we don't use a kernel_image and don't use vblocks so remove the logic related to these things. --- bin/cros_make_image_bootable | 40 ----- build_kernel_image.sh | 305 ----------------------------------- mod_image_for_recovery.sh | 159 ------------------ 3 files changed, 504 deletions(-) delete mode 100755 build_kernel_image.sh diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable index 176d4ee96f..9ab099df21 100755 --- a/bin/cros_make_image_bootable +++ b/bin/cros_make_image_bootable @@ -227,38 +227,6 @@ make_image_bootable() { root_dev=$squashfs_img fi - # Builds the kernel partition image. The temporary files are kept around - # so that we can perform a load_kernel_test later on the final image. - ${SCRIPTS_DIR}/build_kernel_image.sh \ - --arch="${FLAGS_arch}" \ - --to="${FLAGS_output_dir}/vmlinuz.image" \ - --hd_vblock="${FLAGS_output_dir}/vmlinuz_hd.vblock" \ - --vmlinuz="${FLAGS_rootfs_mountpoint}/boot/vmlinuz" \ - --working_dir="${FLAGS_output_dir}" \ - --boot_args="${FLAGS_boot_args}" \ - --keep_work \ - --rootfs_image=${root_dev} \ - --rootfs_hash=${FLAGS_rootfs_hash} \ - --verity_hash_alg=${FLAGS_verity_algorithm} \ - --verity_max_ios=${FLAGS_verity_max_ios} \ - --verity_error_behavior=${FLAGS_verity_error_behavior} \ - --verity_salt=${FLAGS_verity_salt} \ - --keys_dir="${FLAGS_keys_dir}" \ - --enable_serial="${FLAGS_enable_serial}" \ - ${enable_rootfs_verification_flag} \ - ${enable_bootcache_flag} \ - ${use_dev_keys} - - # Check the size of kernel image and issue warning when image size is - # near the limit. - local kernel_image_size=$(stat -c '%s' ${FLAGS_output_dir}/vmlinuz.image) - info "Kernel image size is ${kernel_image_size} bytes." - if [[ ${kernel_image_size} -gt $((16 * 1024 * 1024)) ]]; then - die "Kernel image is larger than 16 MB." - elif [[ ${kernel_image_size} -gt $((14 * 1024 * 1024)) ]]; then - warn "Kernel image is larger than 14 MB. Limit is 16 MB." - fi - local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash}) local rootfs_fs_size=$(get_filesystem_size ${FLAGS_image_type} ${NUM_ROOTFS_A}) local rootfs_partition_size=$(get_partition_size ${FLAGS_image_type} ${NUM_ROOTFS_A}) @@ -287,14 +255,6 @@ make_image_bootable() { conv=notrunc \ status=none - # Move the verification block needed for the hard disk install to the - # stateful partition. Mount stateful fs, copy file, and umount fs. - # In original CL: http://codereview.chromium.org/2868044, this was done in - # create_base_image(). However, it could break the build if it is a clean - # build because vmlinuz_hd.vblock hasn't been created by build_kernel_image.sh - sudo cp "${FLAGS_output_dir}/vmlinuz_hd.vblock" \ - "${FLAGS_statefulfs_mountpoint}" - # We should update the esp in place in the image. local bootloader_to="${image}" local esp_offset="$(partoffset ${image} ${NUM_ESP})" diff --git a/build_kernel_image.sh b/build_kernel_image.sh deleted file mode 100755 index 581b811015..0000000000 --- a/build_kernel_image.sh +++ /dev/null @@ -1,305 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Helper script that generates the signed kernel image - -SCRIPT_ROOT=$(dirname $(readlink -f "$0")) -. "${SCRIPT_ROOT}/common.sh" || exit 1 - -# Flags. -DEFINE_string arch "x86" \ - "The boot architecture: arm, x86, or amd64. (Default: x86)" -DEFINE_string to "/tmp/vmlinuz.image" \ - "The path to the kernel image to be created. (Default: /tmp/vmlinuz.image)" -DEFINE_string hd_vblock "/tmp/vmlinuz_hd.vblock" \ - "The path to the installed kernel's vblock (Default: /tmp/vmlinuz_hd.vblock)" -DEFINE_string vmlinuz "vmlinuz" \ - "The path to the kernel (Default: vmlinuz)" -DEFINE_string working_dir "/tmp/vmlinuz.working" \ - "Working directory for in-progress files. (Default: /tmp/vmlinuz.working)" -DEFINE_boolean keep_work ${FLAGS_FALSE} \ - "Keep temporary files (*.keyblock, *.vbpubk). (Default: false)" -DEFINE_string keys_dir "${SRC_ROOT}/platform/vboot_reference/tests/testkeys" \ - "Directory with the RSA signing keys. (Defaults to test keys)" -DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \ - "Use developer keys for signing. (Default: false)" -# Note, to enable verified boot, the caller would manually pass: -# --boot_args='dm="... %U+1 %U+1 ..." \ -# --root=/dev/dm-0 -DEFINE_string boot_args "noinitrd" \ - "Additional boot arguments to pass to the commandline (Default: noinitrd)" -# If provided, will automatically add verified boot arguments. -DEFINE_string rootfs_image "" \ - "Optional path to the rootfs device or image.(Default: \"\")" -DEFINE_string rootfs_hash "" \ - "Optional path to output the rootfs hash to. (Default: \"\")" -DEFINE_integer verity_error_behavior 3 \ - "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \ -(Default: 3)" -DEFINE_integer verity_max_ios -1 \ - "Optional number of outstanding I/O operations. (Default: -1)" -DEFINE_string verity_hash_alg "sha1" \ - "Cryptographic hash algorithm used for dm-verity. (Default: sha1)" -DEFINE_string verity_salt "" \ - "Salt to use for rootfs hash (Default: \"\")" -DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \ - "Enable kernel-based root fs integrity checking. (Default: true)" -DEFINE_boolean enable_bootcache ${FLAGS_FALSE} \ - "Enable boot cache to accelerate booting. (Default: false)" -DEFINE_string enable_serial "" \ - "Enable serial port for printks. Example values: ttyS0" - -# Parse flags -FLAGS "$@" || exit 1 -eval set -- "${FLAGS_ARGV}" - -# Die on error -switch_to_strict_mode - -rootdigest() { - local digest=${table#*root_hexdigest=} - echo ${digest% salt*} -} - -salt() { - local salt=${table#*salt=} - echo ${salt%} -} - -hashstart() { - local hash=${table#*hashstart=} - echo ${hash% alg*} -} - -# Estimate of sectors used by verity -# (num blocks) * 32 (bytes per hash) * 2 (overhead) / 512 (bytes per sector) -veritysize() { - echo $((root_fs_blocks * 32 * 2 / 512)) -} - -device_mapper_args= -# Even with a rootfs_image, root= is not changed unless specified. -if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then - # Gets the number of blocks. 4096 byte blocks _are_ expected. - if [ -f "${FLAGS_rootfs_image}" ]; then - root_fs_block_sz=4096 - root_fs_sz=$(stat -c '%s' ${FLAGS_rootfs_image}) - root_fs_blocks=$((root_fs_sz / ${root_fs_block_sz})) - else - root_fs_blocks=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | - grep "Block count" | - tr -d ' ' | - cut -f2 -d:) - root_fs_block_sz=$(sudo dumpe2fs "${FLAGS_rootfs_image}" 2> /dev/null | - grep "Block size" | - tr -d ' ' | - cut -f2 -d:) - fi - - info "rootfs is ${root_fs_blocks} blocks of ${root_fs_block_sz} bytes" - if [[ ${root_fs_block_sz} -ne 4096 ]]; then - error "Root file system blocks are not 4k!" - fi - - info "Generating root fs hash tree (salt '${FLAGS_verity_salt}')." - # Runs as sudo in case the image is a block device. - # First argument to verity is reserved/unused and MUST be 0 - table=$(sudo verity mode=create \ - alg=${FLAGS_verity_hash_alg} \ - payload=${FLAGS_rootfs_image} \ - payload_blocks=${root_fs_blocks} \ - hashtree=${FLAGS_rootfs_hash} \ - salt=${FLAGS_verity_salt}) - if [[ -f "${FLAGS_rootfs_hash}" ]]; then - sudo chmod a+r "${FLAGS_rootfs_hash}" - fi - # Don't claim the root device unless verity is enabled. - # Doing so will claim /dev/sdDP out from under the system. - if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then - if [[ ${FLAGS_enable_bootcache} -eq ${FLAGS_TRUE} ]]; then - base_root='254:0' # major:minor numbers for /dev/dm-0 - else - base_root='%U+1' # kern_guid + 1 - fi - table=${table//HASH_DEV/${base_root}} - table=${table//ROOT_DEV/${base_root}} - fi - verity_dev="vroot none ro 1,${table}" - if [[ ${FLAGS_enable_bootcache} -eq ${FLAGS_TRUE} ]]; then - signature=$(rootdigest) - cachestart=$(($(hashstart) + $(veritysize))) - size_limit=512 - max_trace=20000 - max_pages=100000 - bootcache_args="%U+1 ${cachestart} ${signature} ${size_limit}" - bootcache_args="${bootcache_args} ${max_trace} ${max_pages}" - bootcache_dev="vboot none ro 1,0 ${cachestart} bootcache ${bootcache_args}" - device_mapper_args="dm=\"2 ${bootcache_dev}, ${verity_dev}\"" - else - device_mapper_args="dm=\"1 ${verity_dev}\"" - fi - info "device mapper configuration: ${device_mapper_args}" -fi - -mkdir -p "${FLAGS_working_dir}" - -# Only let dm-verity block if rootfs verification is configured. -# By default, we use a firmware enumerated value, but it isn't reliable for -# production use. If +%d can be added upstream, then we can use: -# root_dev=PARTUID=uuid+1 -dev_wait=0 -root_dev="PARTUUID=%U/PARTNROFF=1" -if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then - dev_wait=1 - if [[ ${FLAGS_enable_bootcache} -eq ${FLAGS_TRUE} ]]; then - root_dev=/dev/dm-1 - else - root_dev=/dev/dm-0 - fi -else - if [[ ${FLAGS_enable_bootcache} -eq ${FLAGS_TRUE} ]]; then - die "Having bootcache without verity is not supported" - fi -fi - -cat < "${FLAGS_working_dir}/boot.config" -root=${root_dev} -rootwait -ro -dm_verity.error_behavior=${FLAGS_verity_error_behavior} -dm_verity.max_bios=${FLAGS_verity_max_ios} -dm_verity.dev_wait=${dev_wait} -${device_mapper_args} -${FLAGS_boot_args} -vt.global_cursor_default=0 -kern_guid=%U -EOF - -WORK="${WORK} ${FLAGS_working_dir}/boot.config" -info "Emitted cross-platform boot params to ${FLAGS_working_dir}/boot.config" - -# Add common boot options first. -config="${FLAGS_working_dir}/config.txt" -if [[ -n ${FLAGS_enable_serial} ]]; then - console=${FLAGS_enable_serial} - if [[ ${console} != *,* ]]; then - console+=",115200n8" - fi - cat < "${config}" -console=${console} -earlyprintk=${console} -console=tty1 -EOF -else - cat < "${config}" -console= -EOF -fi - -cat <> "${config}" -loglevel=7 -init=/sbin/init -cros_secure -EOF - -if [[ "${FLAGS_arch}" = "x86" || "${FLAGS_arch}" = "amd64" ]]; then - # Legacy BIOS will use the kernel in the rootfs (via syslinux), as will - # standard EFI BIOS (via grub, from the EFI System Partition). Chrome OS - # BIOS will use a separate signed kernel partition, which we'll create now. - cat <> "${FLAGS_working_dir}/config.txt" -add_efi_memmap -boot=local -noresume -noswap -i915.modeset=1 -tpm_tis.force=1 -tpm_tis.interrupts=0 -nmi_watchdog=panic,lapic -EOF - WORK="${WORK} ${FLAGS_working_dir}/config.txt" - - bootloader_path="/lib64/bootstub/bootstub.efi" - kernel_image="${FLAGS_vmlinuz}" -elif [[ "${FLAGS_arch}" = "arm" ]]; then - WORK="${WORK} ${FLAGS_working_dir}/config.txt" - - # arm does not need/have a bootloader in kernel partition - dd if="/dev/zero" of="${FLAGS_working_dir}/bootloader.bin" bs=512 count=1 - WORK="${WORK} ${FLAGS_working_dir}/bootloader.bin" - - bootloader_path="${FLAGS_working_dir}/bootloader.bin" - kernel_image="${FLAGS_vmlinuz/vmlinuz/vmlinux.uimg}" -else - error "Unknown arch: ${FLAGS_arch}" -fi - -# We sign the image with the recovery_key, because this is what goes onto the -# USB key. We can only boot from the USB drive in recovery mode. -# For dev install shim, we need to use the installer keyblock instead of -# the recovery keyblock because of the difference in flags. -if [ ${FLAGS_use_dev_keys} -eq ${FLAGS_TRUE} ]; then - USB_KEYBLOCK=installer_kernel.keyblock - info "DEBUG: use dev install signing key" -else - USB_KEYBLOCK=recovery_kernel.keyblock - info "DEBUG: use recovery signing key" -fi - -# Create and sign the kernel blob -vbutil_kernel \ - --pack "${FLAGS_to}" \ - --keyblock "${FLAGS_keys_dir}/${USB_KEYBLOCK}" \ - --signprivate "${FLAGS_keys_dir}/recovery_kernel_data_key.vbprivk" \ - --version 1 \ - --config "${FLAGS_working_dir}/config.txt" \ - --bootloader "${bootloader_path}" \ - --vmlinuz "${kernel_image}" \ - --arch "${FLAGS_arch}" - -# And verify it. -vbutil_kernel \ - --verify "${FLAGS_to}" \ - --signpubkey "${FLAGS_keys_dir}/recovery_key.vbpubk" - - -# Now we re-sign the same image using the normal keys. This is the kernel -# image that is put on the hard disk by the installer. Note: To save space on -# the USB image, we're only emitting the new verfication block, and the -# installer just replaces that part of the hard disk's kernel partition. -vbutil_kernel \ - --repack "${FLAGS_hd_vblock}" \ - --vblockonly \ - --keyblock "${FLAGS_keys_dir}/kernel.keyblock" \ - --signprivate "${FLAGS_keys_dir}/kernel_data_key.vbprivk" \ - --oldblob "${FLAGS_to}" - - -# To verify it, we have to replace the vblock from the original image. -tempfile=$(mktemp) -trap "rm -f $tempfile" EXIT -cat "${FLAGS_hd_vblock}" > $tempfile -dd if="${FLAGS_to}" bs=65536 skip=1 >> $tempfile - -vbutil_kernel \ - --verify $tempfile \ - --signpubkey "${FLAGS_keys_dir}/kernel_subkey.vbpubk" - -rm -f $tempfile -trap - EXIT - -set +e # cleanup failure is a-ok - -if [[ ${FLAGS_keep_work} -eq ${FLAGS_FALSE} ]]; then - info "Cleaning up temporary files: ${WORK}" - rm ${WORK} - rmdir ${FLAGS_working_dir} -fi - -info "Kernel partition image emitted: ${FLAGS_to}" - -if [[ -f ${FLAGS_rootfs_hash} ]]; then - info "Root filesystem hash emitted: ${FLAGS_rootfs_hash}" -fi diff --git a/mod_image_for_recovery.sh b/mod_image_for_recovery.sh index 0f9f3d765c..d10812d404 100755 --- a/mod_image_for_recovery.sh +++ b/mod_image_for_recovery.sh @@ -21,16 +21,12 @@ DEFINE_string board "$DEFAULT_BOARD" \ b DEFINE_integer statefulfs_sectors 4096 \ "number of sectors in stateful filesystem when minimizing" -DEFINE_string kernel_image "" \ - "path to a pre-built recovery kernel" DEFINE_string kernel_outfile "" \ "emit recovery kernel to path/file ($RECOVERY_KERNEL_NAME if empty)" DEFINE_string image "" \ "source image to use ($CHROMEOS_IMAGE_NAME if empty)" DEFINE_string to "" \ "emit recovery image to path/file ($CHROMEOS_RECOVERY_IMAGE_NAME if empty)" -DEFINE_boolean kernel_image_only $FLAGS_FALSE \ - "only emit recovery kernel" DEFINE_boolean sync_keys $FLAGS_TRUE \ "update install kernel with the vblock from stateful" DEFINE_boolean minimize_image $FLAGS_TRUE \ @@ -92,143 +88,6 @@ get_install_vblock() { echo "$out" } -create_recovery_kernel_image() { - local sysroot="$FACTORY_ROOT" - local vmlinuz="$sysroot/boot/vmlinuz" - local root_offset=$(partoffset "${RECOVERY_IMAGE}" 3) - local root_size=$(partsize "${RECOVERY_IMAGE}" 3) - - local enable_rootfs_verification_flag=--noenable_rootfs_verification - if grep -q enable_rootfs_verification "${IMAGE_DIR}/boot.desc"; then - enable_rootfs_verification_flag=--enable_rootfs_verification - fi - - # Tie the installed recovery kernel to the final kernel. If we don't - # do this, a normal recovery image could be used to drop an unsigned - # kernel on without a key-change check. - # Doing this here means that the kernel and initramfs creation can - # be done independently from the image to be modified as long as the - # chromeos-recovery interfaces are the same. It allows for the signer - # to just compute the new hash and update the kernel command line during - # recovery image generation. (Alternately, it means an image can be created, - # modified for recovery, then passed to a signer which can then sign both - # partitions appropriately without needing any external dependencies.) - local kern_offset=$(partoffset "${RECOVERY_IMAGE}" 2) - local kern_size=$(partsize "${RECOVERY_IMAGE}" 2) - local kern_tmp=$(mktemp) - local kern_hash= - - dd if="${RECOVERY_IMAGE}" bs=512 count=$kern_size \ - skip=$kern_offset of="$kern_tmp" 1>&2 - # We're going to use the real signing block. - if [ $FLAGS_sync_keys -eq $FLAGS_TRUE ]; then - dd if="$INSTALL_VBLOCK" of="$kern_tmp" conv=notrunc 1>&2 - fi - local kern_hash=$(sha1sum "$kern_tmp" | cut -f1 -d' ') - rm "$kern_tmp" - - # TODO(wad) add FLAGS_boot_args support too. - ${SCRIPTS_DIR}/build_kernel_image.sh \ - --arch="${ARCH}" \ - --to="$RECOVERY_KERNEL_IMAGE" \ - --hd_vblock="$RECOVERY_KERNEL_VBLOCK" \ - --vmlinuz="$vmlinuz" \ - --working_dir="${IMAGE_DIR}" \ - --boot_args="noinitrd panic=60 cros_recovery kern_b_hash=$kern_hash" \ - --keep_work \ - --keys_dir="${FLAGS_keys_dir}" \ - ${enable_rootfs_verification_flag} \ - --nouse_dev_keys 1>&2 || failboat "build_kernel_image" - #sudo mount | sed 's/^/16651 /' - #sudo losetup -a | sed 's/^/16651 /' - trap - RETURN - - # Update the EFI System Partition configuration so that the kern_hash check - # passes. - local block_size=$(get_block_size) - - local efi_offset=$(partoffset "${RECOVERY_IMAGE}" 12) - local efi_size=$(partsize "${RECOVERY_IMAGE}" 12) - local efi_offset_bytes=$(( $efi_offset * $block_size )) - local efi_size_bytes=$(( $efi_size * $block_size )) - - local efi_dir=$(mktemp -d) - sudo mount -o loop,offset=${efi_offset_bytes},sizelimit=${efi_size_bytes} \ - "${RECOVERY_IMAGE}" "${efi_dir}" - - sudo sed -i -e "s/cros_legacy/cros_legacy kern_b_hash=$kern_hash/g" \ - "$efi_dir/syslinux/usb.A.cfg" || true - # This will leave the hash in the kernel for all boots, but that should be - # safe. - sudo sed -i -e "s/cros_efi/cros_efi kern_b_hash=$kern_hash/g" \ - "$efi_dir/efi/boot/grub.cfg" || true - safe_umount "$efi_dir" - rmdir "$efi_dir" - trap - EXIT -} - -install_recovery_kernel() { - local kern_a_offset=$(partoffset "$RECOVERY_IMAGE" 2) - local kern_a_size=$(partsize "$RECOVERY_IMAGE" 2) - local kern_b_offset=$(partoffset "$RECOVERY_IMAGE" 4) - local kern_b_size=$(partsize "$RECOVERY_IMAGE" 4) - - if [ $kern_b_size -eq 1 ]; then - echo "Image was created with no KERN-B partition reserved!" 1>&2 - echo "Cannot proceed." 1>&2 - return 1 - fi - - # Backup original kernel to KERN-B - dd if="$RECOVERY_IMAGE" of="$RECOVERY_IMAGE" bs=512 \ - count=$kern_a_size \ - skip=$kern_a_offset \ - seek=$kern_b_offset \ - conv=notrunc - - # We're going to use the real signing block. - if [ $FLAGS_sync_keys -eq $FLAGS_TRUE ]; then - dd if="$INSTALL_VBLOCK" of="$RECOVERY_IMAGE" bs=512 \ - seek=$kern_b_offset \ - conv=notrunc - fi - - # Install the recovery kernel as primary. - dd if="$RECOVERY_KERNEL_IMAGE" of="$RECOVERY_IMAGE" bs=512 \ - seek=$kern_a_offset \ - count=$kern_a_size \ - conv=notrunc - - # Set the 'Success' flag to 1 (to prevent the firmware from updating - # the 'Tries' flag). - sudo $GPT add -i 2 -S 1 "$RECOVERY_IMAGE" - - # Repeat for the legacy bioses. - # Replace vmlinuz.A with the recovery version we built. - # TODO(wad): Extract the $RECOVERY_KERNEL_IMAGE and grab vmlinuz from there. - local sysroot="$FACTORY_ROOT" - local vmlinuz="$sysroot/boot/vmlinuz" - local failed=0 - - if [ "$ARCH" = "x86" ]; then - # There is no syslinux on ARM, so this copy only makes sense for x86. - set +e - local esp_offset=$(partoffset "$RECOVERY_IMAGE" 12) - local esp_mnt=$(mktemp -d) - sudo mount -o loop,offset=$((esp_offset * 512)) "$RECOVERY_IMAGE" "$esp_mnt" - sudo cp "$vmlinuz" "$esp_mnt/syslinux/vmlinuz.A" || failed=1 - safe_umount "$esp_mnt" - rmdir "$esp_mnt" - switch_to_strict_mode - fi - - if [ $failed -eq 1 ]; then - echo "Failed to copy recovery kernel to ESP" - return 1 - fi - return 0 -} - maybe_resize_stateful() { # If we're not minimizing, then just copy and go. if [ $FLAGS_minimize_image -eq $FLAGS_FALSE ]; then @@ -307,11 +166,6 @@ SCRIPTS_DIR=${SCRIPT_ROOT} # If not, resize stateful to 1 sector. # -if [ $FLAGS_kernel_image_only -eq $FLAGS_TRUE -a \ - -n "$FLAGS_kernel_image" ]; then - die_notrace "Cannot use --kernel_image_only with --kernel_image" -fi - if [ $FLAGS_modify_in_place -eq $FLAGS_TRUE ]; then if [ $FLAGS_minimize_image -eq $FLAGS_TRUE ]; then die_notrace "Cannot use --modify_in_place and --minimize_image together." @@ -334,19 +188,6 @@ RECOVERY_KERNEL_FLAGS="fbconsole initramfs vfat tpm i2cdev" USE="${RECOVERY_KERNEL_FLAGS}" emerge_custom_kernel "$FACTORY_ROOT" || failboat "Cannot emerge custom kernel" -if [ -z "$FLAGS_kernel_image" ]; then - create_recovery_kernel_image - echo "Recovery kernel created at $RECOVERY_KERNEL_IMAGE" -else - RECOVERY_KERNEL_IMAGE="$FLAGS_kernel_image" -fi - -if [ $FLAGS_kernel_image_only -eq $FLAGS_TRUE ]; then - echo "Kernel emitted. Stopping there." - rm "$INSTALL_VBLOCK" - exit 0 -fi - trap cleanup EXIT maybe_resize_stateful # Also copies the image if needed. From f2a0ed323ec485f98241b9dd18da7484d8f67770 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Wed, 17 Jul 2013 11:54:04 -0700 Subject: [PATCH 2/2] chore(cros_make_image_bootable): remove rootfs_hash references this was part of the kernel vblock stuff. Just remove it for now. --- bin/cros_make_image_bootable | 41 ------------------------------------ 1 file changed, 41 deletions(-) diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable index 9ab099df21..2a89df9215 100755 --- a/bin/cros_make_image_bootable +++ b/bin/cros_make_image_bootable @@ -89,14 +89,6 @@ DEFINE_boolean cleanup_dirs ${FLAGS_TRUE} \ DEFINE_string boot_args "noinitrd" \ "Additional boot arguments to pass to the commandline" -DEFINE_integer rootfs_size 720 \ - "rootfs filesystem size in MBs." -# ceil(0.1 * rootfs_size) is a good minimum. -DEFINE_integer rootfs_hash_pad 8 \ - "MBs reserved at the end of the rootfs image." - -DEFINE_string rootfs_hash "/tmp/rootfs.hash" \ - "Path where the rootfs hash should be stored." # TODO(taysom): when we turn on boot cache, both verification and # bootcache should have their default be FLAGS_TRUE. DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \ @@ -227,34 +219,6 @@ make_image_bootable() { root_dev=$squashfs_img fi - local rootfs_hash_size=$(stat -c '%s' ${FLAGS_rootfs_hash}) - local rootfs_fs_size=$(get_filesystem_size ${FLAGS_image_type} ${NUM_ROOTFS_A}) - local rootfs_partition_size=$(get_partition_size ${FLAGS_image_type} ${NUM_ROOTFS_A}) - local rootfs_hash_pad=$(( rootfs_partition_size - rootfs_fs_size )) - info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs" - if [[ ${rootfs_hash_size} -gt ${rootfs_hash_pad} ]] - then - die "rootfs_partition_size - rootfs_fs_size is less than the needed " \ - "rootfs_hash_size (${rootfs_hash_size}), update your disk layout " \ - "configuration" - fi - # Unfortunately, mount_gpt_image uses mount and not losetup to create the - # loop devices. This means that they are not the correct size. We have to - # write directly to the image to append the hash tree data. - local hash_offset="$(partoffset ${image} ${NUM_ROOTFS_A})" - if [ $FLAGS_enable_squashfs -eq $FLAGS_TRUE ]; then - rootfs_file_size=$(stat -c '%s' ${root_dev}) - hash_offset=$((hash_offset + (${rootfs_file_size} / 512))) - else - hash_offset=$((hash_offset + (${rootfs_fs_size} / 512))) - fi - sudo dd bs=512 \ - seek=${hash_offset} \ - if="${FLAGS_rootfs_hash}" \ - of="${image}" \ - conv=notrunc \ - status=none - # We should update the esp in place in the image. local bootloader_to="${image}" local esp_offset="$(partoffset ${image} ${NUM_ESP})" @@ -271,10 +235,6 @@ make_image_bootable() { --vmlinuz="${FLAGS_rootfs_mountpoint}"/boot/vmlinuz \ ${bootloader_to_flags} - # We don't need to keep these files around anymore. - sudo rm "${FLAGS_rootfs_hash}" "${FLAGS_output_dir}/vmlinuz.image" \ - "${FLAGS_output_dir}/vmlinuz_hd.vblock" - trap - EXIT ${SCRIPTS_DIR}/mount_gpt_image.sh -u -r "${FLAGS_rootfs_mountpoint}" \ -s "${FLAGS_statefulfs_mountpoint}" @@ -310,7 +270,6 @@ command line parameters are correct" # Store output and temporary files next to image. FLAGS_output_dir="${IMAGE_DIR}" -FLAGS_rootfs_hash="${IMAGE_DIR}/rootfs.hash" FLAGS_rootfs_mountpoint="${IMAGE_DIR}/rootfs_dir" FLAGS_statefulfs_mountpoint="${IMAGE_DIR}/stateful_dir" FLAGS_espfs_mountpoint="${IMAGE_DIR}/esp"