-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backport: secureboot support #14246
backport: secureboot support #14246
Conversation
Backporting sonic-net#12692 PR on 202205 branch. The diffs of sonic-net#12692 does not cleanly gets apply. on 202205 branch. Hence the patch sonic-net#12692 slightly modified so that it can get applied on 202205 branch without functional break. Signed-off-by: Sachin Naik <sachnaik@cisco.com>
@davidpil2002 , would you please review this one for 202205? thanks |
@sacnaik In general look good to me. |
The older ONIE version does not support mokutil command. This backport changes will address the issue.
|
looks good to me, |
hi @sacnaik , You are welcome to review it as well |
Backported #14589 as well |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is not an approved feature for 202205 branch. Please request back porting to 202211 branch instead.
#14589) …1.11 by using efivar tool instead #### Why I did it solution to BUG below/ #14316 bug report also in this issue: backport: secureboot support #14246 #### How I did it When installing an image secure boot is checking if the UEFI have the secure boot flag enabled or disabled using a tool name `mokutil` this tool its not exist in ONIE version older than 2021.11 so its crasshing the install. To fix that we add a coded that checking secure boot enabled/disabled by using efivar tool that should exist in any UEFI system #### How to verify it Install the image in a device with ONIE version older than 2021.11 and check that the installation and boot succeed (all docker up).
Already Backport msft repo 202205 branch. |
sonic-net#14589) …1.11 by using efivar tool instead #### Why I did it solution to BUG below/ sonic-net#14316 bug report also in this issue: backport: secureboot support sonic-net#14246 #### How I did it When installing an image secure boot is checking if the UEFI have the secure boot flag enabled or disabled using a tool name `mokutil` this tool its not exist in ONIE version older than 2021.11 so its crasshing the install. To fix that we add a coded that checking secure boot enabled/disabled by using efivar tool that should exist in any UEFI system #### How to verify it Install the image in a device with ONIE version older than 2021.11 and check that the installation and boot succeed (all docker up).
Added the label "Icluded in Chassis for 202205 branch" label to keep the consistency where this PR was already backported by Abhishek separately even though this PR got closed. |
Backporting PR#12692 to the 202205 branch.
The diffs of PR#12692 do not cleanly get applied to the 202205 branch. Hence patch #12692 was slightly modified for the 202205 branch.
Why I did it
To support UEFI secure boot on the 202205 branch
How I did it
The feature is supported at the master branch see #12692.
Backported #12692 from master to 202205 branch
How to verify it
Booted on UEFI secure boot-enabled hardware.
Which release branch to backport (provide reason below if selected)
Description for the changelog
Refer HLD: sonic-net/SONiC#1028
Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)