build-scripts: Update the build scripts to support new dm-verity format.
COS uses the old dm format and not the upstrem dm-verity format. Because
of this COS inhertied kernel patches from ChromeOS. To remove those
kernel patches, the build scripts need to be modified to use the new
format.
BUG=b/240174341
TEST=presubmit
RELEASE_NOTE=None
Change-Id: Ie8175f76c2da6c6810b44e7209a3e857bc51d025
Reviewed-on: https://cos-review.googlesource.com/c/third_party/platform/crosutils/+/36691
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index 63984cf..dcc4034 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -179,13 +179,23 @@
info "rootfs is ${root_fs_blocks} blocks of 4096 bytes."
info "Generating root fs hash tree (salt '${FLAGS_verity_salt}')."
+ info "sudo verity mode=create \
+ alg=${FLAGS_verity_hash_alg} \
+ payload=${FLAGS_rootfs_image} \
+ payload_blocks=${root_fs_blocks} \
+ hashtree=${FLAGS_rootfs_hash} \
+ salt=${FLAGS_verity_salt}) \
+ version=1"
+
# Runs as sudo in case the image is a block device.
table=$(sudo verity mode=create \
alg=${FLAGS_verity_hash_alg} \
payload=${FLAGS_rootfs_image} \
payload_blocks=${root_fs_blocks} \
hashtree=${FLAGS_rootfs_hash} \
- salt=${FLAGS_verity_salt})
+ salt=${FLAGS_verity_salt} \
+ version=1)
+ info "dm-verity table ${table}"
if [[ -f "${FLAGS_rootfs_hash}" ]]; then
sudo chmod a+r "${FLAGS_rootfs_hash}"
fi
@@ -198,7 +208,7 @@
table=${table//HASH_DEV/${base_root}}
table=${table//ROOT_DEV/${base_root}}
fi
- verity_dev="vroot none ro 1,${table}"
+ verity_dev="vroot,,,ro,${table}"
if [[ ${FLAGS_enable_bootcache} -eq ${FLAGS_TRUE} ]]; then
signature=$(rootdigest)
cachestart=$(($(hashstart) + $(veritysize)))
@@ -209,9 +219,9 @@
bootcache_args+=" ${cachestart} ${signature} ${size_limit}"
bootcache_args+=" ${max_trace} ${max_pages}"
bootcache_dev="vboot none ro 1,0 ${cachestart} bootcache ${bootcache_args}"
- device_mapper_args="dm=\"2 ${bootcache_dev}, ${verity_dev}\""
+ device_mapper_args="dm-mod.create=\"${bootcache_dev}, ${verity_dev}\""
else
- device_mapper_args="dm=\"1 ${verity_dev}\""
+ device_mapper_args="dm-mod.create=\"${verity_dev}\""
fi
info "device mapper configuration: ${device_mapper_args}"
fi
diff --git a/build_library/create_legacy_bootloader_templates.sh b/build_library/create_legacy_bootloader_templates.sh
index 99f4123..b3179c2 100755
--- a/build_library/create_legacy_bootloader_templates.sh
+++ b/build_library/create_legacy_bootloader_templates.sh
@@ -164,7 +164,7 @@
menu label chromeos-vusb.A
kernel vmlinuz.A
append ${common_args} ${verity_common} root=${ROOTDEV} \
- i915.modeset=1 cros_legacy dm="DMTABLEA"
+ i915.modeset=1 cros_legacy dm-mod.create="DMTABLEA"
EOF
info "Emitted ${SYSLINUX_DIR}/usb.A.cfg"
@@ -181,7 +181,7 @@
menu label chromeos-vhd.A
kernel vmlinuz.A
append ${common_args} ${verity_common} root=${ROOTDEV} \
- i915.modeset=1 cros_legacy dm="DMTABLEA"
+ i915.modeset=1 cros_legacy dm-mod.create="DMTABLEA"
EOF
info "Emitted ${SYSLINUX_DIR}/root.A.cfg"
@@ -195,7 +195,7 @@
menu label chromeos-vhd.B
kernel vmlinuz.B
append ${common_args} ${verity_common} root=${ROOTDEV} \
- i915.modeset=1 cros_legacy dm="DMTABLEB"
+ i915.modeset=1 cros_legacy dm-mod.create="DMTABLEB"
EOF
info "Emitted ${SYSLINUX_DIR}/root.B.cfg"
@@ -251,12 +251,12 @@
menuentry "verified image A" {
linux /syslinux/vmlinuz.A ${common_args} ${verity_common} \
- i915.modeset=1 cros_efi root=${ROOTDEV} dm="DMTABLEA"
+ i915.modeset=1 cros_efi root=${ROOTDEV} dm-mod.create="DMTABLEA"
}
menuentry "verified image B" {
linux /syslinux/vmlinuz.B ${common_args} ${verity_common} \
- i915.modeset=1 cros_efi root=${ROOTDEV} dm="DMTABLEB"
+ i915.modeset=1 cros_efi root=${ROOTDEV} dm-mod.create="DMTABLEB"
}
# FIXME: usb doesn't support verified boot for now
@@ -306,12 +306,12 @@
menuentry "verified image A" {
linux /syslinux/vmlinuz.A ${common_args} ${verity_common} \
- cros_efi root=${ROOTDEV} dm="DMTABLEA"
+ cros_efi root=${ROOTDEV} dm-mod.create="DMTABLEA"
}
menuentry "verified image B" {
linux /syslinux/vmlinuz.B ${common_args} ${verity_common} \
- cros_efi root=${ROOTDEV} dm="DMTABLEB"
+ cros_efi root=${ROOTDEV} dm-mod.create="DMTABLEB"
}
EOF
diff --git a/update_bootloaders.sh b/update_bootloaders.sh
index ff9c1b2..371859e 100755
--- a/update_bootloaders.sh
+++ b/update_bootloaders.sh
@@ -80,10 +80,10 @@
local template_dir="$4"
local to="$5"
- # Pull out the dm="" values
+ # Pull out the dm-mod.create="" values
dm_table=
- if echo "$kernel_cmdline" | grep -q 'dm="'; then
- dm_table=$(echo "$kernel_cmdline" | sed -s 's/.*dm="\([^"]*\)".*/\1/')
+ if echo "$kernel_cmdline" | grep -q 'dm-mod.create="'; then
+ dm_table=$(echo "$kernel_cmdline" | sed -s 's/.*dm-mod.create="\([^"]*\)".*/\1/')
fi
# Discover last known partition numbers.
@@ -134,10 +134,10 @@
local template_dir="$4"
local to="$5"
- # Pull out the dm="" values
+ # Pull out the dm-mod.create="" values
dm_table=
- if echo "$kernel_cmdline" | grep -q 'dm="'; then
- dm_table=$(echo "$kernel_cmdline" | sed -s 's/.*dm="\([^"]*\)".*/\1/')
+ if echo "$kernel_cmdline" | grep -q 'dm-mod.create="'; then
+ dm_table=$(echo "$kernel_cmdline" | sed -s 's/.*dm-mod.create="\([^"]*\)".*/\1/')
fi
# Discover last known partition numbers.
