Skip to content

Commit

Permalink
[secure boot]fix conflict
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidpil2002
davidpil2002 committed Nov 22, 2022
1 parent f2c01da commit 944ac0a
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
15 changes: 13 additions & 2 deletions installer/default_platform.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,13 +577,13 @@ menuentry '$demo_grub_entry' {
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_msdos
insmod ext2
linux /$image_dir/boot/vmlinuz-5.10.0-18-2-amd64 root=$grub_cfg_root rw $GRUB_CMDLINE_LINUX \
$GRUB_CFG_LINUX_CMD /$image_dir/boot/vmlinuz-5.10.0-18-2-amd64 root=$grub_cfg_root rw $GRUB_CMDLINE_LINUX \
net.ifnames=0 biosdevname=0 \
loop=$image_dir/$FILESYSTEM_SQUASHFS loopfstype=squashfs \
systemd.unified_cgroup_hierarchy=0 \
apparmor=1 security=apparmor varlog_size=$VAR_LOG_SIZE usbcore.autosuspend=-1 $ONIE_PLATFORM_EXTRA_CMDLINE_LINUX
echo 'Loading $demo_volume_label $demo_type initial ramdisk ...'
initrd /$image_dir/boot/initrd.img-5.10.0-18-2-amd64
$GRUB_CFG_INITRD_CMD /$image_dir/boot/initrd.img-5.10.0-18-2-amd64
}
EOF
Expand All @@ -606,6 +606,17 @@ EOF
cp $grub_cfg $onie_initrd_tmp/$demo_mnt/grub/grub.cfg
fi
if [ "$secure_boot_state" = "SecureBoot enabled" ]; then
# Secure Boot grub.cfg support
# Saving grub_cfg in the same place where is grubx64.efi,
# this grub_cfg file will be called by first grub.cfg file from: /boot/efi/EFI/debian/grub.cfg
if [ -f $NVOS_BOOT_DIR/grub.cfg ]; then
rm $NVOS_BOOT_DIR/grub.cfg
fi
cp $grub_cfg $NVOS_BOOT_DIR/grub.cfg
fi
cd /
echo "Installed SONiC base image $demo_volume_label successfully"
Expand Down
2 changes: 1 addition & 1 deletion scripts/signing_secure_boot_dev.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,4 +149,4 @@ sudo bash scripts/secure_boot_signature_verification.sh -c $PEM_CERT -e ${CURR_V
#########################
sudo bash scripts/signing_kernel_modules.sh $LINUX_KERNEL_VERSION ${PEM_CERT} ${PEM_PRIV_KEY}

echo "$0 signing & verifying EFI files and Kernel Modules DONE"
echo "$0 signing & verifying EFI files and Kernel Modules DONE"

0 comments on commit 944ac0a

Please sign in to comment.