From e81a23207fcaa16aa76feef0ea8524c0b97e4f0e Mon Sep 17 00:00:00 2001
From: Liam McLoughlin <lmcloughlin@chromium.org>
Date: Mon, 24 Sep 2012 10:37:34 +0000
Subject: [PATCH] Updated verity error_behavior and max_ios defaults to match
 expected values

BUG=chromium-os:34696
TEST=Run ensure_secure_kernelparams.sh on an image built with this change

Change-Id: I16a6f5127bdfae958f9cd0d9ce1b0c55a0f68c67
Reviewed-on: https://gerrit.chromium.org/gerrit/33888
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
---
 bin/cros_make_image_bootable                        | 4 ++--
 build_kernel_image.sh                               | 4 ++--
 build_library/create_legacy_bootloader_templates.sh | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/bin/cros_make_image_bootable b/bin/cros_make_image_bootable
index 99d33afb9c..71adfe7c33 100755
--- a/bin/cros_make_image_bootable
+++ b/bin/cros_make_image_bootable
@@ -99,9 +99,9 @@ DEFINE_string rootfs_hash "/tmp/rootfs.hash" \
   "Path where the rootfs hash should be stored."
 DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
   "Default all bootloaders to use kernel-based root fs integrity checking."
-DEFINE_integer verity_error_behavior 2 \
+DEFINE_integer verity_error_behavior 3 \
   "Kernel verified boot error behavior (0: I/O errors, 1: reboot, 2: nothing)"
-DEFINE_integer verity_max_ios 1024 \
+DEFINE_integer verity_max_ios -1 \
   "Number of outstanding I/O operations dm-verity caps at."
 DEFINE_string verity_algorithm "sha1" \
   "Cryptographic hash algorithm used for kernel vboot."
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index c401dad8c5..63917c9e3e 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -36,9 +36,9 @@ DEFINE_string rootfs_image "" \
   "Optional path to the rootfs device or image.(Default: \"\")"
 DEFINE_string rootfs_hash "" \
   "Optional path to output the rootfs hash to. (Default: \"\")"
-DEFINE_integer verity_error_behavior 2 \
+DEFINE_integer verity_error_behavior 3 \
   "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \
-(Default: 2)"
+(Default: 3)"
 DEFINE_integer verity_max_ios -1 \
   "Optional number of outstanding I/O operations. (Default: -1)"
 DEFINE_string verity_hash_alg "sha1" \
diff --git a/build_library/create_legacy_bootloader_templates.sh b/build_library/create_legacy_bootloader_templates.sh
index bae387c4f4..4b74379cee 100755
--- a/build_library/create_legacy_bootloader_templates.sh
+++ b/build_library/create_legacy_bootloader_templates.sh
@@ -24,10 +24,10 @@ DEFINE_string boot_args "" \
   "Additional boot arguments to pass to the commandline (Default: '')"
 DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
   "Controls if verity is used for root filesystem checking (Default: false)"
-DEFINE_integer verity_error_behavior 2 \
+DEFINE_integer verity_error_behavior 3 \
   "Verified boot error behavior [0: I/O errors, 1: reboot, 2: nothing] \
-(Default: 2)"
-DEFINE_integer verity_max_ios 1024 \
+(Default: 3)"
+DEFINE_integer verity_max_ios -1 \
   "Optional number of outstanding I/O operations. (Default: 1024)"
 
 # Parse flags