Change-Id: I14cd9dc365093c0450210d7853ad5f67ffa0ddd0
BUG=chromium-os:5183
TEST=1) manually built a dev install shim and verified it's only bootable when dev switch is ON
Review URL: http://codereview.chromium.org/3153001
With the newest Chrome OS BIOS and bootstub, this will be expanded to the
booted kernel partition's UniqueGuid, so that the kernel device can be
determined with certainty, since the BIOS and kernel may enumerate drives
differently.
You can identify the booted kernel partition at runtime with something like
this:
sudo cgpt find -1 -u \
$(cat /proc/cmdline | sed 's/.*kern_guid=\([0-9a-f-]\+\).*/\1/')
Review URL: http://codereview.chromium.org/3035020
This change adds
- --rootfs_hash_pad to specify the MBs reserved for the pad
- the implementation of the above flag
- check if total fs size + pad size exceeds the partition size
- hash appending in make_image_bootable()
Fixes:
- a style for ROOT_FS_HASH usage
- bad mount|grep
- bad bash subst for root devices in all boot paths
- fixed a typo in the update_bootloaders table creation
- disables verified usb for now
Adding the padding argument ensures that the generated hash tree for the root filesystem is appended to the image. Assuming the rootfs is _never_ mounted read-write
again, that hash tree will be valid and vboot will be able to proceed.
BUG=chromium-os:2693
TEST=manual build_image
Review URL: http://codereview.chromium.org/3043011
Change-Id: I67d9b0f91cacdefa309c0cc2dd7fed1d2eddd7a7
The use_vboot and vboot_ flags were confusing from a functionality perspective
since verified boot as a feature encompasses firmware and kernel functionality.
The firmware bits are always enabled, but use_vboot enabled the image-integrity
portion of vboot. It is not called
--enable_rootfs_verification
and all options for the kernel functionality is under --verity_* given that
verity/dm-verity is the current working name for the module and userspace tool.
TEST=ran x86-generic build_image & tegra2-dev-board build_image and checked the resulting boot.config files (with and without --enable_rootfs_verification).
BUG=chromium-os:2693
Review URL: http://codereview.chromium.org/2917008
This should fix the bad parsing and the failed archiving.
EMphasis on should. I'll keep monitoring.
TEST=in progress
BUG=none
Review URL: http://codereview.chromium.org/2812044
Adds rootfs image hashing to the build. If it is hashed
even if the default boot device is not dm-0, the baseline
rootfs integrity information will be included (though
device setup will fail in the logs during boot).
TEST=manually ran without enabling vboot support.
BUG=chromium-os:327
Review URL: http://codereview.chromium.org/2808043
Change flags for key block to 15 so it works in all modes, since I'm
about to fix the vboot bug which prevented flag checking from working.
BUG=none
TEST=none
Makes kernel partition creation standalone. This is motivated
both by the ability to build test kernel partitions easily as well
the need to create all kernel command line configuration after the
rootfs has been completely created.
Instead of a massive overhaul, I'll do this refactor in pieces.
TEST=manually rebuilt the image
BUG=chromium-os:327
Review URL: http://codereview.chromium.org/2825021
