build_image: fix verity defaults

This changes defaults failure to a panic/recovery reboot and disables the debugging max_bios argument to ensure that we don't trigger race conditions in the kernel during un-protected pending_bio count decrements. (Can lead to a hung-system.) TEST=built x86-generic; ensured -1 and the panic changes worked BUG=chromium-os:6956 Review URL: http://codereview.chromium.org/3595015 Change-Id: I81c9e1a7f406e551cd528d5226902c89165b30f9
2025-09-24 07:01:13 +02:00 · 2010-10-06 14:54:38 -05:00 · 2010-10-06 14:54:38 -05:00 · 52c40f8d35
commit 52c40f8d35
parent 146e8e8a80
1 changed files with 5 additions and 5 deletions
--- a/10
+++ b/10
@ -69,13 +69,13 @@ DEFINE_string usb_disk /dev/sdb3 \

 DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
  "Default all bootloaders to use kernel-based root fs integrity checking."
-DEFINE_integer verity_error_behavior 2 \
-  "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing) \
-Default: 2"
+DEFINE_integer verity_error_behavior 1 \
+  "Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing) \
+Default: 1"
 DEFINE_integer verity_depth 1 \
  "Kernel verified boot hash tree depth. Default: 1"
-DEFINE_integer verity_max_ios 1024 \
-  "Number of outstanding I/O operations dm-verity caps at. Default: 1024"
+DEFINE_integer verity_max_ios -1 \
+  "Number of outstanding I/O operations dm-verity caps at. Default: -1"
 DEFINE_string verity_algorithm "sha1" \
  "Cryptographic hash algorithm used for kernel vboot. Default : sha1"