Remove Chrome OS specific verity_utils module.
The size of the updated region in the partition should match the size
the verified boot chain requires, or at least be bigger. In Chrome OS,
the kernel partition includes a command line with the size of the
rootfs verity will verify, but the rootfs partition is significantly
bigger (about 800 MB more) so we only update what is required.
In the more general Brillo case, the size of the updated area depends
on how verity is used. This patch removes this logic from the
delta_generator and uses the size of the filesystem, which should
match the size of the verity region in Chrome OS devices using ext2.
Bug: 23084776
Test: sudo emerge_update; `mma` on AOSP
Change-Id: I37f341263d86f127d937b4afc24e9d085131cb08
diff --git a/payload_generator/generate_delta_main.cc b/payload_generator/generate_delta_main.cc
index 0a5e105..8a49c16 100644
--- a/payload_generator/generate_delta_main.cc
+++ b/payload_generator/generate_delta_main.cc
@@ -394,11 +394,6 @@
payload_config.rootfs_partition_size = FLAGS_rootfs_partition_size;
- // Load the rootfs size from verity's kernel command line if rootfs
- // verification is enabled.
- payload_config.source.LoadVerityRootfsSize();
- payload_config.target.LoadVerityRootfsSize();
-
if (payload_config.is_delta) {
// Avoid opening the filesystem interface for full payloads.
CHECK(payload_config.target.rootfs.OpenFilesystem());
diff --git a/payload_generator/payload_generation_config.cc b/payload_generator/payload_generation_config.cc
index e1daeb9..ecf9627 100644
--- a/payload_generator/payload_generation_config.cc
+++ b/payload_generator/payload_generation_config.cc
@@ -22,7 +22,6 @@
#include "update_engine/payload_generator/delta_diff_generator.h"
#include "update_engine/payload_generator/ext2_filesystem.h"
#include "update_engine/payload_generator/raw_filesystem.h"
-#include "update_engine/payload_generator/verity_utils.h"
#include "update_engine/utils.h"
namespace chromeos_update_engine {
@@ -97,24 +96,6 @@
return true;
}
-bool ImageConfig::LoadVerityRootfsSize() {
- if (kernel.path.empty())
- return false;
- uint64_t verity_rootfs_size = 0;
- if (!GetVerityRootfsSize(kernel.path, &verity_rootfs_size)) {
- LOG(INFO) << "Couldn't find verity options in source kernel config, will "
- << "use the rootfs filesystem size instead: " << rootfs.size;
- return false;
- }
- if (rootfs.size != verity_rootfs_size) {
- LOG(WARNING) << "Using the rootfs size found in the kernel config ("
- << verity_rootfs_size << ") instead of the rootfs filesystem "
- << " size (" << rootfs.size << ").";
- rootfs.size = verity_rootfs_size;
- }
- return true;
-}
-
bool ImageConfig::ImageInfoIsEmpty() const {
return image_info.board().empty()
&& image_info.key().empty()
diff --git a/payload_generator/payload_generation_config.h b/payload_generator/payload_generation_config.h
index 372e427..4e99688 100644
--- a/payload_generator/payload_generation_config.h
+++ b/payload_generator/payload_generation_config.h
@@ -80,13 +80,6 @@
// Returns whether the image size was properly detected.
bool LoadImageSize();
- // Load the |rootfs_size| stored in the kernel command line in the
- // |kernel.path| when the kernel is using rootfs verification (dm-verity).
- // Returns whether it loaded the size from the kernel command line. For
- // example, it would return false if no |kernel.path| was provided or the
- // kernel doesn't have verity enabled.
- bool LoadVerityRootfsSize();
-
// Returns whether the |image_info| field is empty.
bool ImageInfoIsEmpty() const;
diff --git a/payload_generator/verity_utils.cc b/payload_generator/verity_utils.cc
deleted file mode 100644
index 06fff05..0000000
--- a/payload_generator/verity_utils.cc
+++ /dev/null
@@ -1,139 +0,0 @@
-//
-// Copyright (C) 2015 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-#include "update_engine/payload_generator/verity_utils.h"
-
-#include <algorithm>
-#include <utility>
-#include <vector>
-
-#include <base/logging.h>
-#include <base/strings/string_number_conversions.h>
-#include <base/strings/string_util.h>
-#include <chromeos/strings/string_utils.h>
-extern "C" {
-#include <vboot/vboot_host.h>
-}
-
-using std::string;
-using std::vector;
-
-extern "C" {
-
-// vboot_host.h has a default VbExError() that will call exit() when a function
-// fails. We redefine that function here so it doesn't exit.
-void VbExError(const char* format, ...) {
- va_list ap;
- va_start(ap, format);
- fprintf(stderr, "ERROR: ");
- va_end(ap);
-}
-
-}
-
-namespace {
-
-// Splits a string with zero or more arguments separated by spaces into a list
-// of strings, but respecting the double quotes. For example, the string:
-// a="foo" b=foo c="bar baz" "my dir"/"my file"
-// has only four arguments, since some parts are grouped together due to the
-// double quotes.
-vector<string> SplitQuotedArgs(const string arglist) {
- vector<string> terms = chromeos::string_utils::Split(
- arglist, " ", false, false);
- vector<string> result;
- string last_term;
- size_t quotes = 0;
- for (const string& term : terms) {
- if (quotes % 2 == 0 && term.empty())
- continue;
-
- quotes += std::count(term.begin(), term.end(), '"');
- if (last_term.empty()) {
- last_term = term;
- } else {
- last_term += " " + term;
- }
- if (quotes % 2 == 0) {
- result.push_back(last_term);
- last_term.clear();
- quotes = 0;
- }
- }
- // Unterminated quoted string found.
- if (!last_term.empty())
- result.push_back(last_term);
- return result;
-}
-
-} // namespace
-
-namespace chromeos_update_engine {
-
-bool ParseVerityRootfsSize(const string& kernel_cmdline,
- uint64_t* rootfs_size) {
- vector<string> kernel_args = SplitQuotedArgs(kernel_cmdline);
-
- for (const string& arg : kernel_args) {
- std::pair<string, string> key_value =
- chromeos::string_utils::SplitAtFirst(arg, "=", true);
- if (key_value.first != "dm")
- continue;
- string value = key_value.second;
- if (value.size() > 1 && value.front() == '"' && value.back() == '"')
- value = value.substr(1, value.size() - 1);
-
- vector<string> dm_parts = SplitQuotedArgs(value);
- // Check if this is a dm-verity device.
- if (std::find(dm_parts.begin(), dm_parts.end(), "verity") == dm_parts.end())
- continue;
- for (const string& dm_part : dm_parts) {
- key_value = chromeos::string_utils::SplitAtFirst(dm_part, "=", true);
- if (key_value.first != "hashstart")
- continue;
- if (!base::StringToUint64(key_value.second, rootfs_size))
- continue;
- // The hashstart= value is specified in 512-byte blocks, so we need to
- // convert that to bytes.
- *rootfs_size *= 512;
- return true;
- }
- }
- return false;
-}
-
-bool GetVerityRootfsSize(const string& kernel_dev, uint64_t* rootfs_size) {
- string kernel_cmdline;
- char *config = FindKernelConfig(kernel_dev.c_str(), USE_PREAMBLE_LOAD_ADDR);
- if (!config) {
- LOG(WARNING) << "Error retrieving kernel command line from '"
- << kernel_dev << "', ignoring.";
- return false;
- }
- kernel_cmdline = string(config, MAX_KERNEL_CONFIG_SIZE);
-
- // FindKernelConfig() expects the caller to free the char*.
- free(config);
-
- if (!ParseVerityRootfsSize(kernel_cmdline, rootfs_size)) {
- LOG(INFO) << "Didn't find the rootfs size in the kernel command line: "
- << kernel_cmdline;
- return false;
- }
- return true;
-}
-
-} // namespace chromeos_update_engine
diff --git a/payload_generator/verity_utils.h b/payload_generator/verity_utils.h
deleted file mode 100644
index c99531e..0000000
--- a/payload_generator/verity_utils.h
+++ /dev/null
@@ -1,31 +0,0 @@
-//
-// Copyright (C) 2015 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-#ifndef UPDATE_ENGINE_PAYLOAD_GENERATOR_VERITY_UTILS_H_
-#define UPDATE_ENGINE_PAYLOAD_GENERATOR_VERITY_UTILS_H_
-
-#include <string>
-
-namespace chromeos_update_engine {
-
-bool GetVerityRootfsSize(const std::string& kernel_dev, uint64_t* rootfs_size);
-
-bool ParseVerityRootfsSize(const std::string& kernel_cmdline,
- uint64_t* rootfs_size);
-
-} // namespace chromeos_update_engine
-
-#endif // UPDATE_ENGINE_PAYLOAD_GENERATOR_VERITY_UTILS_H_
diff --git a/payload_generator/verity_utils_unittest.cc b/payload_generator/verity_utils_unittest.cc
deleted file mode 100644
index fd42f61..0000000
--- a/payload_generator/verity_utils_unittest.cc
+++ /dev/null
@@ -1,73 +0,0 @@
-//
-// Copyright (C) 2015 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-#include "update_engine/payload_generator/verity_utils.h"
-
-#include <gtest/gtest.h>
-
-namespace chromeos_update_engine {
-
-// A real kernel command line found on a device.
-static const char* kVerityKernelCommandLine =
- "console= loglevel=7 init=/sbin/init cros_secure oops=panic panic=-1 "
- "root=/dev/dm-0 rootwait ro dm_verity.error_behavior=3 "
- "dm_verity.max_bios=-1 dm_verity.dev_wait=1 "
- "dm=\"1 vroot none ro 1,0 1536000 verity payload=PARTUUID=%U/PARTNROFF=1 "
- "hashtree=PARTUUID=%U/PARTNROFF=1 hashstart=1536000 alg=sha1 "
- "root_hexdigest=16b55bbea634fc3abf4c339da207cf050b1809d6 "
- "salt=18a095c4e473b68558afefdf83438d482cf37894d312afce6991c8267ea233f6\" "
- "noinitrd vt.global_cursor_default=0 kern_guid=%U ";
-
-// A real kernel command line from a parrot device, including the bootcache.
-static const char* kVerityAndBootcacheKernelCommandLine =
- "console= loglevel=7 init=/sbin/init cros_secure oops=panic panic=-1 "
- "root=/dev/dm-1 rootwait ro dm_verity.error_behavior=3 "
- "dm_verity.max_bios=-1 dm_verity.dev_wait=1 "
- "dm=\"2 vboot none ro 1,0 2545920 bootcache PARTUUID=%U/PARTNROFF=1 "
- "2545920 d5d03fb5459b6a75f069378c1799ba313d8ea89a 512 20000 100000, vroot "
- "none ro 1,0 2506752 verity payload=254:0 hashtree=254:0 hashstart=2506752 "
- "alg=sha1 root_hexdigest=3deebbc697a30cc585cf85a3b4351dc772861321 "
- "salt=6a13027cdf234c58a0b1f43e6a7428f41672cca89d5574c1f405649df65fb071\" "
- "noinitrd vt.global_cursor_default=0 kern_guid=%U add_efi_memmap "
- "boot=local noresume noswap i915.modeset=1 tpm_tis.force=1 "
- "tpm_tis.interrupts=0 nmi_watchdog=panic,lapic "
- "iTCO_vendor_support.vendorsupport=3";
-
-TEST(VerityUtilsTest, ParseVerityRootfsSizeWithInvalidValues) {
- uint64_t rootfs_size = 0;
- EXPECT_FALSE(ParseVerityRootfsSize("", &rootfs_size));
-
- // Not a verity dm device.
- EXPECT_FALSE(ParseVerityRootfsSize(
- "dm=\"1 vroot none ro 1,0 1234 something\"", &rootfs_size));
- EXPECT_FALSE(ParseVerityRootfsSize(
- "ro verity hashattr=1234", &rootfs_size));
-
- // The verity doesn't have the hashstart= attribute.
- EXPECT_FALSE(ParseVerityRootfsSize(
- "dm=\"1 vroot none ro 1,0 1234 verity payload=fake\"", &rootfs_size));
-}
-
-TEST(VerityUtilsTest, ParseVerityRootfsSizeWithValidValues) {
- uint64_t rootfs_size = 0;
- EXPECT_TRUE(ParseVerityRootfsSize(kVerityKernelCommandLine, &rootfs_size));
- EXPECT_EQ(1536000 * 512, rootfs_size);
- EXPECT_TRUE(ParseVerityRootfsSize(kVerityAndBootcacheKernelCommandLine,
- &rootfs_size));
- EXPECT_EQ(2506752 * 512, rootfs_size);
-}
-
-} // namespace chromeos_update_engine
diff --git a/update_engine.gyp b/update_engine.gyp
index 5d1ce97..65a1394 100644
--- a/update_engine.gyp
+++ b/update_engine.gyp
@@ -302,7 +302,6 @@
'payload_generator/raw_filesystem.cc',
'payload_generator/tarjan.cc',
'payload_generator/topological_sort.cc',
- 'payload_generator/verity_utils.cc',
],
},
# server-side delta generator.
@@ -423,7 +422,6 @@
'payload_generator/payload_file_unittest.cc',
'payload_generator/tarjan_unittest.cc',
'payload_generator/topological_sort_unittest.cc',
- 'payload_generator/verity_utils_unittest.cc',
'payload_state_unittest.cc',
'postinstall_runner_action_unittest.cc',
'prefs_unittest.cc',