From b910de849c20c932f2e9644f2fa89f4b2f85ba78 Mon Sep 17 00:00:00 2001 From: Will Drewry Date: Wed, 23 Feb 2011 13:26:50 -0600 Subject: [PATCH] kernel build: use %U+1 for dm-verity booting Using %U+1 will ensure that we avoid device enumeration issues during recovery mode boots. TEST=build_image+dev recovery kernel and boot to it on new cros fw / fixed enumeration problem used build with mp recovery kernel on cr-48 -> installed then booted fine used dev recovery kernel on a legacy machine; installed fine, booted fine tested with cr-48, mp recovery kernel, and noenable_rootfs_verification to ensure /dev/sd%D%P still worked as normal. Change-Id: I5b1277a47536738a78c18988fd912cc05ebddd4b BUG=chromium-os:5470 Review URL: http://codereview.chromium.org/6549034 --- bin/cros_make_image_bootable | 2 ++ build_kernel_image.sh | 14 ++++++++------ mod_image_for_recovery.sh | 2 +- update_bootloaders.sh | 16 ++++++++-------- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable index c1a2d0e2b5..a520f52b69 100755 --- a/bin/cros_make_image_bootable +++ b/bin/cros_make_image_bootable @@ -143,6 +143,8 @@ make_image_bootable() { local image="$1" local use_dev_keys= + # Default to non-verified, non-UUID boot unless verified. + # Long term we want root=PARTUUID=uuid+1. cros_root=/dev/sd%D%P if [[ "${FLAGS_arch}" = "arm" ]]; then cros_root='/dev/${devname}${rootpart}' diff --git a/build_kernel_image.sh b/build_kernel_image.sh index f54bc3b8ec..01d0185369 100755 --- a/build_kernel_image.sh +++ b/build_kernel_image.sh @@ -47,13 +47,15 @@ DEFINE_string keys_dir "${SRC_ROOT}/platform/vboot_reference/tests/testkeys" \ DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \ "Use developer keys for signing. (Default: false)" # Note, to enable verified boot, the caller would manually pass: -# --boot_args='dm="... /dev/sd%D%P /dev/sd%D%P ..." \ +# --boot_args='dm="... %U+1 %U+1 ..." \ # --root=/dev/dm-0 DEFINE_string boot_args "noinitrd" \ "Additional boot arguments to pass to the commandline (Default: noinitrd)" +# By default, we use a firmware enumerated value, but it isn't reliable for +# production use. If +%d can be added upstream, then we can use: +# root=PARTUID=uuid+1 DEFINE_string root "/dev/sd%D%P" \ - "Expected device root (Default: root=/dev/sd%D%P)" - + "Expected device root partition" # If provided, will automatically add verified boot arguments. DEFINE_string rootfs_image "" \ "Optional path to the rootfs device or image.(Default: \"\")" @@ -64,8 +66,8 @@ DEFINE_integer verity_error_behavior 2 \ (Default: 2)" DEFINE_integer verity_tree_depth 1 \ "Optional Verified boot hash tree depth. (Default: 1)" -DEFINE_integer verity_max_ios 1024 \ - "Optional number of outstanding I/O operations. (Default: 1024)" +DEFINE_integer verity_max_ios -1 \ + "Optional number of outstanding I/O operations. (Default: -1)" DEFINE_string verity_hash_alg "sha1" \ "Cryptographic hash algorithm used for dm-verity. (Default: sha1)" @@ -108,7 +110,7 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then # under the system. if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then if [[ "${FLAGS_arch}" = "x86" ]]; then - base_root='/dev/sd%D%P' + base_root='%U+1' # kern_guid + 1 elif [[ "${FLAGS_arch}" = "arm" ]]; then base_root='/dev/${devname}${rootpart}' fi diff --git a/mod_image_for_recovery.sh b/mod_image_for_recovery.sh index 4119e59afe..07856cd039 100755 --- a/mod_image_for_recovery.sh +++ b/mod_image_for_recovery.sh @@ -185,7 +185,7 @@ create_recovery_kernel_image() { trap "sudo losetup -d $root_dev" EXIT - cros_root=/dev/sd%D%P + cros_root=/dev/sd%D%P # only used for non-verified images if [[ "${ARCH}" = "arm" ]]; then cros_root='/dev/${devname}${rootpart}' fi diff --git a/update_bootloaders.sh b/update_bootloaders.sh index 0b34172dcc..de9ccdfe6b 100755 --- a/update_bootloaders.sh +++ b/update_bootloaders.sh @@ -77,7 +77,7 @@ set -e # be set when the rootfs is stuffed. if ! type -p update_x86_bootloaders; then update_x86_bootloaders() { - local old_root="$1" # e.g., sd%D%P + local old_root="$1" # e.g., /dev/sd%D%P or %U+1 local kernel_cmdline="$2" local esp_fs_dir="$3" local template_dir="$4" @@ -89,25 +89,25 @@ if ! type -p update_x86_bootloaders; then fi # Rewrite grub table - grub_dm_table_a=${dm_table//${old_root}/\$linuxpartA} - grub_dm_table_b=${dm_table//${old_root}/\$linuxpartB} + grub_dm_table_a=${dm_table//${old_root}/\/dev\/\$linuxpartA} + grub_dm_table_b=${dm_table//${old_root}/\/dev\/\$linuxpartB} sed -e "s|DMTABLEA|${grub_dm_table_a}|g" \ -e "s|DMTABLEB|${grub_dm_table_b}|g" \ "${template_dir}"/efi/boot/grub.cfg | sudo dd of="${esp_fs_dir}"/efi/boot/grub.cfg # Rewrite syslinux DM_TABLE - syslinux_dm_table_usb=${dm_table//\/dev\/${old_root}/${FLAGS_usb_disk}} + syslinux_dm_table_usb=${dm_table//${old_root}/${FLAGS_usb_disk}} sed -e "s|DMTABLEA|${syslinux_dm_table_usb}|g" \ "${template_dir}"/syslinux/usb.A.cfg | sudo dd of="${esp_fs_dir}"/syslinux/usb.A.cfg - syslinux_dm_table_a=${dm_table//\/dev\/${old_root}/HDROOTA} + syslinux_dm_table_a=${dm_table//${old_root}/HDROOTA} sed -e "s|DMTABLEA|${syslinux_dm_table_a}|g" \ "${template_dir}"/syslinux/root.A.cfg | sudo dd of="${esp_fs_dir}"/syslinux/root.A.cfg - syslinux_dm_table_b=${dm_table//\/dev\/${old_root}/HDROOTB} + syslinux_dm_table_b=${dm_table//${old_root}/HDROOTB} sed -e "s|DMTABLEB|${syslinux_dm_table_b}|g" \ "${template_dir}"/syslinux/root.B.cfg | sudo dd of="${esp_fs_dir}"/syslinux/root.B.cfg @@ -117,7 +117,7 @@ if ! type -p update_x86_bootloaders; then sudo cp -f "${template_dir}"/vmlinuz "${esp_fs_dir}"/syslinux/vmlinuz.B # The only work left for the installer is to pick the correct defaults - # and replace HDROOTA and HDROOTB with the correct /dev/sd%D%P. + # and replace HDROOTA and HDROOTB with the correct /dev/sd%D%P/%U+1 } fi @@ -187,7 +187,7 @@ if [[ "${FLAGS_arch}" = "x86" ]]; then # Extract kernel flags kernel_cfg= - old_root="sd%D%P" + old_root="%U+1" if [[ -n "${FLAGS_kernel_cmdline}" ]]; then info "Using supplied kernel_cmdline to update templates." kernel_cfg="${FLAGS_kernel_cmdline}"