kernel build: use %U+1 for dm-verity booting

Using %U+1 will ensure that we avoid device enumeration issues during recovery mode
boots.

TEST=build_image+dev recovery kernel and boot to it on new cros fw / fixed enumeration problem
         used build with mp recovery kernel on cr-48 -> installed then booted fine
         used dev recovery kernel on a legacy machine; installed fine, booted fine
         tested with cr-48, mp recovery kernel, and noenable_rootfs_verification to ensure /dev/sd%D%P still worked as normal.

Change-Id: I5b1277a47536738a78c18988fd912cc05ebddd4b

BUG=chromium-os:5470

Review URL: http://codereview.chromium.org/6549034

bin/cros_make_image_bootable

@@ -143,6 +143,8 @@ make_image_bootable() {
   local image="$1"
   local use_dev_keys=
 
+  # Default to non-verified, non-UUID boot unless verified.
+  # Long term we want root=PARTUUID=uuid+1.
   cros_root=/dev/sd%D%P
   if [[ "${FLAGS_arch}" = "arm" ]]; then
     cros_root='/dev/${devname}${rootpart}'

build_kernel_image.sh

@@ -47,13 +47,15 @@ DEFINE_string keys_dir "${SRC_ROOT}/platform/vboot_reference/tests/testkeys" \
 DEFINE_boolean use_dev_keys ${FLAGS_FALSE} \
   "Use developer keys for signing. (Default: false)"
 # Note, to enable verified boot, the caller would manually pass:
-# --boot_args='dm="... /dev/sd%D%P /dev/sd%D%P ..." \
+# --boot_args='dm="... %U+1 %U+1 ..." \
 # --root=/dev/dm-0
 DEFINE_string boot_args "noinitrd" \
   "Additional boot arguments to pass to the commandline (Default: noinitrd)"
+# By default, we use a firmware enumerated value, but it isn't reliable for
+# production use.  If +%d can be added upstream, then we can use:
+#   root=PARTUID=uuid+1
 DEFINE_string root "/dev/sd%D%P" \
-  "Expected device root (Default: root=/dev/sd%D%P)"
+  "Expected device root partition"
-
 # If provided, will automatically add verified boot arguments.
 DEFINE_string rootfs_image "" \
   "Optional path to the rootfs device or image.(Default: \"\")"
@@ -64,8 +66,8 @@ DEFINE_integer verity_error_behavior 2 \
 (Default: 2)"
 DEFINE_integer verity_tree_depth 1 \
   "Optional Verified boot hash tree depth. (Default: 1)"
-DEFINE_integer verity_max_ios 1024 \
+DEFINE_integer verity_max_ios -1 \
-  "Optional number of outstanding I/O operations. (Default: 1024)"
+  "Optional number of outstanding I/O operations. (Default: -1)"
 DEFINE_string verity_hash_alg "sha1" \
   "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
 
@@ -108,7 +110,7 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
   # under the system.
   if [[ ${FLAGS_root} = "/dev/dm-0" ]]; then
     if [[ "${FLAGS_arch}" = "x86" ]]; then
-      base_root='/dev/sd%D%P'
+      base_root='%U+1'  # kern_guid + 1
     elif [[ "${FLAGS_arch}" = "arm" ]]; then
       base_root='/dev/${devname}${rootpart}'
     fi

mod_image_for_recovery.sh

@@ -185,7 +185,7 @@ create_recovery_kernel_image() {
 
   trap "sudo losetup -d $root_dev" EXIT
 
-  cros_root=/dev/sd%D%P
+  cros_root=/dev/sd%D%P  # only used for non-verified images
   if [[ "${ARCH}" = "arm" ]]; then
     cros_root='/dev/${devname}${rootpart}'
   fi

update_bootloaders.sh

@@ -77,7 +77,7 @@ set -e
 # be set when the rootfs is stuffed.
 if ! type -p update_x86_bootloaders; then
   update_x86_bootloaders() {
-    local old_root="$1"  # e.g., sd%D%P
+    local old_root="$1"  # e.g., /dev/sd%D%P or %U+1
     local kernel_cmdline="$2"
     local esp_fs_dir="$3"
     local template_dir="$4"
@@ -89,25 +89,25 @@ if ! type -p update_x86_bootloaders; then
     fi
 
     # Rewrite grub table
-    grub_dm_table_a=${dm_table//${old_root}/\$linuxpartA}
+    grub_dm_table_a=${dm_table//${old_root}/\/dev\/\$linuxpartA}
-    grub_dm_table_b=${dm_table//${old_root}/\$linuxpartB}
+    grub_dm_table_b=${dm_table//${old_root}/\/dev\/\$linuxpartB}
     sed -e "s|DMTABLEA|${grub_dm_table_a}|g" \
         -e "s|DMTABLEB|${grub_dm_table_b}|g" \
         "${template_dir}"/efi/boot/grub.cfg |
         sudo dd of="${esp_fs_dir}"/efi/boot/grub.cfg
 
     # Rewrite syslinux DM_TABLE
-    syslinux_dm_table_usb=${dm_table//\/dev\/${old_root}/${FLAGS_usb_disk}}
+    syslinux_dm_table_usb=${dm_table//${old_root}/${FLAGS_usb_disk}}
     sed -e "s|DMTABLEA|${syslinux_dm_table_usb}|g" \
         "${template_dir}"/syslinux/usb.A.cfg |
         sudo dd of="${esp_fs_dir}"/syslinux/usb.A.cfg
 
-    syslinux_dm_table_a=${dm_table//\/dev\/${old_root}/HDROOTA}
+    syslinux_dm_table_a=${dm_table//${old_root}/HDROOTA}
     sed -e "s|DMTABLEA|${syslinux_dm_table_a}|g" \
         "${template_dir}"/syslinux/root.A.cfg |
         sudo dd of="${esp_fs_dir}"/syslinux/root.A.cfg
 
-    syslinux_dm_table_b=${dm_table//\/dev\/${old_root}/HDROOTB}
+    syslinux_dm_table_b=${dm_table//${old_root}/HDROOTB}
     sed -e "s|DMTABLEB|${syslinux_dm_table_b}|g" \
         "${template_dir}"/syslinux/root.B.cfg |
         sudo dd of="${esp_fs_dir}"/syslinux/root.B.cfg
@@ -117,7 +117,7 @@ if ! type -p update_x86_bootloaders; then
     sudo cp -f "${template_dir}"/vmlinuz "${esp_fs_dir}"/syslinux/vmlinuz.B
 
     # The only work left for the installer is to pick the correct defaults
-    # and replace HDROOTA and HDROOTB with the correct /dev/sd%D%P.
+    # and replace HDROOTA and HDROOTB with the correct /dev/sd%D%P/%U+1
   }
 fi
 
@@ -187,7 +187,7 @@ if [[ "${FLAGS_arch}" = "x86" ]]; then
 
   # Extract kernel flags
   kernel_cfg=
-  old_root="sd%D%P"
+  old_root="%U+1"
   if [[ -n "${FLAGS_kernel_cmdline}" ]]; then
     info "Using supplied kernel_cmdline to update templates."
     kernel_cfg="${FLAGS_kernel_cmdline}"