Moved knowledge of rootdev to one place

This CL centralizes the setting of which root device to use
in a single place. A boolean flag, --verity_is_enabled, indicates
if the the verity device should be used.

This is the first of about a half-dozen CLs to fix all the references
to dm-0.

BUG=chromium-os:25441
TEST=built images with and without verity enabled.
     cbuildbot --remote -g Id6c6e766 amd64-generic-paladin daisy-paladin

Change-Id: Id6c6e766bfde3651266323f7bc94c0e1f87cea38
Reviewed-on: https://gerrit.chromium.org/gerrit/32239
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>

bin/cros_make_image_bootable

@@ -161,9 +161,9 @@ make_image_bootable() {
   local use_dev_keys=
 
   # Default to non-verified
-  cros_root="PARTUUID=%U/PARTNROFF=1"
+  local enable_rootfs_verification_flag=--noenable_rootfs_verification
   if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
-    cros_root=/dev/dm-0
+    enable_rootfs_verification_flag=--enable_rootfs_verification
   fi
 
   trap "mount_gpt_cleanup" EXIT
@@ -223,8 +223,8 @@ make_image_bootable() {
     --verity_max_ios=${FLAGS_verity_max_ios} \
     --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --verity_salt=${FLAGS_verity_salt} \
-    --root=${cros_root} \
     --keys_dir="${FLAGS_keys_dir}" \
+    ${enable_rootfs_verification_flag} \
     ${use_dev_keys}
 
   # Check the size of kernel image and issue warning when image size is

build_kernel_image.sh

@@ -31,11 +31,6 @@ DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
 # --root=/dev/dm-0
 DEFINE_string boot_args "noinitrd" \
   "Additional boot arguments to pass to the commandline (Default: noinitrd)"
-# By default, we use a firmware enumerated value, but it isn't reliable for
-# production use.  If +%d can be added upstream, then we can use:
-#   root=PARTUID=uuid+1
-DEFINE_string root "PARTUUID=%U/PARTNROFF=1" \
-  "Expected device root partition"
 # If provided, will automatically add verified boot arguments.
 DEFINE_string rootfs_image "" \
   "Optional path to the rootfs device or image.(Default: \"\")"
@@ -50,6 +45,8 @@ DEFINE_string verity_hash_alg "sha1" \
   "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
 DEFINE_string verity_salt "" \
   "Salt to use for rootfs hash (Default: \"\")"
+DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
+  "Enable kernel-based root fs integrity checking. (Default: true)"
 
 # Parse flags
 FLAGS "$@" || exit 1
@@ -94,10 +91,9 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
   if [[ -f "${FLAGS_rootfs_hash}" ]]; then
     sudo chmod a+r "${FLAGS_rootfs_hash}"
   fi
-  # Don't claim the root device unless the root= flag is pointed to
-  # the verified boot device.  Doing so will claim /dev/sdDP out from
-  # under the system.
-  if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then
+  # Don't claim the root device unless verity is enabled.
+  # Doing so will claim /dev/sdDP out from under the system.
+  if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
     base_root='%U+1'  # kern_guid + 1
     table=${table//HASH_DEV/${base_root}}
     table=${table//ROOT_DEV/${base_root}}
@@ -109,13 +105,18 @@ fi
 mkdir -p "${FLAGS_working_dir}"
 
 # Only let dm-verity block if rootfs verification is configured.
+# By default, we use a firmware enumerated value, but it isn't reliable for
+# production use.  If +%d can be added upstream, then we can use:
+#   root_dev=PARTUID=uuid+1
 dev_wait=0
-if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then
+root_dev="PARTUUID=%U/PARTNROFF=1"
+if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
+  root_dev=/dev/dm-0
   dev_wait=1
 fi
 
 cat <<EOF > "${FLAGS_working_dir}/boot.config"
-root=${FLAGS_root}
+root=${root_dev}
 rootwait
 ro
 dm_verity.error_behavior=${FLAGS_verity_error_behavior}

mod_image_for_recovery.sh

@@ -121,9 +121,9 @@ create_recovery_kernel_image() {
   local root_offset=$(partoffset "$FLAGS_image" 3)
   local root_size=$(partsize "$FLAGS_image" 3)
 
-  cros_root="PARTUUID=%U/PARTNROFF=1"  # only used for non-verified images
+  local enable_rootfs_verification_flag=--noenable_rootfs_verification
   if grep -q enable_rootfs_verification "${IMAGE_DIR}/boot.desc"; then
-    cros_root=/dev/dm-0
+    enable_rootfs_verification_flag=--enable_rootfs_verification
   fi
 
   # Tie the installed recovery kernel to the final kernel.  If we don't
@@ -159,8 +159,8 @@ create_recovery_kernel_image() {
     --working_dir="${IMAGE_DIR}" \
     --boot_args="noinitrd panic=60 cros_recovery kern_b_hash=$kern_hash" \
     --keep_work \
-    --root=${cros_root} \
     --keys_dir="${FLAGS_keys_dir}" \
+    ${enable_rootfs_verification_flag} \
     --nouse_dev_keys 1>&2 || failboat "build_kernel_image"
   sudo mount | sed 's/^/16651 /'
   sudo losetup -a | sed 's/^/16651 /'