Fail verification if the rootfs hash is empty.

This should let the signer catch errors where there are errors parsing verity output. And failing verification if rootfs hash verification is turned off for whatever reason.

Change-Id: I1e3f239a5b6afab31accdd8f0a737b8685530e8d

BUG=chrome-os-partner:3093, chrome-os-partner:3104
TEST=manually on a badly signed image (verification fails now)

Review URL:
diff --git a/scripts/image_signing/ b/scripts/image_signing/
index 8b61f39..7c0018c 100755
--- a/scripts/image_signing/
+++ b/scripts/image_signing/
@@ -301,12 +301,17 @@
   local expected_hash=$(get_hash_from_config "${new_kernel_config}")
   local got_hash=$(get_hash_from_config "${kernel_config}")
+  if [ -z "${expected_hash}" ]; then
+    echo "FAILED: RootFS hash is empty!"
+    exit 1
+  fi
   if [ ! "${got_hash}" = "${expected_hash}" ]; then
     cat <<EOF
 FAILED: RootFS hash is incorrect.
 Expected: ${expected_hash}
 Got: ${got_hash}
+    exit 1
     echo "PASS: RootFS hash is correct (${expected_hash})"