From 52c40f8d35f95815e29e9d79ebb645afb4bf3ff5 Mon Sep 17 00:00:00 2001
From: Will Drewry <wad@chromium.org>
Date: Wed, 6 Oct 2010 14:54:38 -0500
Subject: [PATCH] build_image: fix verity defaults

This changes defaults failure to a panic/recovery reboot and
disables the debugging max_bios argument to ensure that we don't
trigger race conditions in the kernel during un-protected
pending_bio count decrements.  (Can lead to a hung-system.)

TEST=built x86-generic; ensured -1 and the panic changes worked
BUG=chromium-os:6956

Review URL: http://codereview.chromium.org/3595015

Change-Id: I81c9e1a7f406e551cd528d5226902c89165b30f9
---
 build_image | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/build_image b/build_image
index 77aa152a81..49e921dfc3 100755
--- a/build_image
+++ b/build_image
@@ -69,13 +69,13 @@ DEFINE_string usb_disk /dev/sdb3 \
 
 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
   "Default all bootloaders to use kernel-based root fs integrity checking."
-DEFINE_integer verity_error_behavior 2 \
-  "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
-Default: 2"
+DEFINE_integer verity_error_behavior 1 \
+  "Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing) \
+Default: 1"
 DEFINE_integer verity_depth 1 \
   "Kernel verified boot hash tree depth. Default: 1"
-DEFINE_integer verity_max_ios 1024 \
-  "Number of outstanding I/O operations dm-verity caps at. Default: 1024"
+DEFINE_integer verity_max_ios -1 \
+  "Number of outstanding I/O operations dm-verity caps at. Default: -1"
 DEFINE_string verity_algorithm "sha1" \
   "Cryptographic hash algorithm used for kernel vboot. Default : sha1"