verify_rootfs_chksum.sh: use key=val arguments for verity
The script was failing because it used positional arguments to verity,
but verity now expects key=val style arguments.
To make the script easier to debug the arguments to verity are now
printed before invoking it.
BUG=chromium:801865
TEST=Inside the chroot run "./verify_rootfs_chksum.sh --image path/to/image.bin". Should print out "Root filesystem checksum match!".
Change-Id: I5bb1b0b741d42e156d1babc28a426dd2046be566
Reviewed-on: https://chromium-review.googlesource.com/866059
Commit-Ready: Nicholas Bishop <nbishop@neverware.com>
Tested-by: Nicholas Bishop <nbishop@neverware.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/verify_rootfs_chksum.sh b/verify_rootfs_chksum.sh
index 18e52a2..4b17f70 100755
--- a/verify_rootfs_chksum.sh
+++ b/verify_rootfs_chksum.sh
@@ -81,20 +81,29 @@
KERNEL_CONFIG=$(sudo "${DUMP_KERNEL_CONFIG}" "${KERNEL_IMG}")
kernel_cfg="$(echo "${KERNEL_CONFIG}" | sed -e 's/.*dm="\([^"]*\)".*/\1/g' |
cut -f2- -d,)"
-rootfs_sectors=$(echo ${kernel_cfg} | cut -f2 -d' ')
-verity_algorithm=$(echo ${kernel_cfg} | cut -f8 -d' ')
+rootfs_sectors=$(echo "${kernel_cfg}" | cut -f2 -d' ')
+verity_algorithm=$(echo "${kernel_cfg}" | cut -f7 -d' ')
+verity_salt=$(echo "${kernel_cfg}" | cut -f9 -d' ')
# Compute the rootfs hash tree
VERITY=/bin/verity
-# First argument to verity is reserved/unused and MUST be 0
-table="vroot none ro,"$(sudo "${VERITY}" create 0 \
- "${verity_algorithm}" \
- "${ROOTFS_IMG}" \
- $((rootfs_sectors / 8)) \
- /dev/null)
-expected_hash=$(echo ${kernel_cfg} | cut -f9 -d' ')
-generated_hash=$(echo ${table} | cut -f2- -d, | cut -f9 -d' ')
+verity_cmd=(
+ "${VERITY}"
+ mode=create
+ "${verity_algorithm}"
+ payload="${ROOTFS_IMG}"
+ payload_blocks=$((rootfs_sectors / 8))
+ hashtree=/dev/null
+ "${verity_salt}"
+)
+
+echo "${verity_cmd[@]}"
+
+table="vroot none ro,$(sudo "${verity_cmd[@]}")"
+
+expected_hash=$(echo "${kernel_cfg}" | cut -f8 -d' ')
+generated_hash=$(echo ${table} | cut -f2- -d, | cut -f8 -d' ')
cleanup
