The use_vboot and vboot_ flags were confusing from a functionality perspective
since verified boot as a feature encompasses firmware and kernel functionality.
The firmware bits are always enabled, but use_vboot enabled the image-integrity
portion of vboot. It is not called
--enable_rootfs_verification
and all options for the kernel functionality is under --verity_* given that
verity/dm-verity is the current working name for the module and userspace tool.
TEST=ran x86-generic build_image & tegra2-dev-board build_image and checked the resulting boot.config files (with and without --enable_rootfs_verification).
BUG=chromium-os:2693
Review URL: http://codereview.chromium.org/2917008
This should fix the bad parsing and the failed archiving.
EMphasis on should. I'll keep monitoring.
TEST=in progress
BUG=none
Review URL: http://codereview.chromium.org/2812044
Adds rootfs image hashing to the build. If it is hashed
even if the default boot device is not dm-0, the baseline
rootfs integrity information will be included (though
device setup will fail in the logs during boot).
TEST=manually ran without enabling vboot support.
BUG=chromium-os:327
Review URL: http://codereview.chromium.org/2808043
Change flags for key block to 15 so it works in all modes, since I'm
about to fix the vboot bug which prevented flag checking from working.
BUG=none
TEST=none
Makes kernel partition creation standalone. This is motivated
both by the ability to build test kernel partitions easily as well
the need to create all kernel command line configuration after the
rootfs has been completely created.
Instead of a massive overhaul, I'll do this refactor in pieces.
TEST=manually rebuilt the image
BUG=chromium-os:327
Review URL: http://codereview.chromium.org/2825021
