Support symcrypt fips config for aboot/uboot (#10729)
Why I did it Support symcrypt fips config for aboot/uboot
This commit is contained in:
parent
3eea73cf3f
commit
0552d6b172
@ -200,6 +200,14 @@ elif [ "$IMAGE_TYPE" = "aboot" ]; then
|
|||||||
generate_device_list ".platforms_asic"
|
generate_device_list ".platforms_asic"
|
||||||
zip -g $OUTPUT_ABOOT_IMAGE .platforms_asic
|
zip -g $OUTPUT_ABOOT_IMAGE .platforms_asic
|
||||||
|
|
||||||
|
if [ "$ENABLE_FIPS" = "y" ]; then
|
||||||
|
echo "sonic_fips=1" > kernel-cmdline
|
||||||
|
else
|
||||||
|
echo "sonic_fips=0" > kernel-cmdline
|
||||||
|
fi
|
||||||
|
zip -g $OUTPUT_ABOOT_IMAGE kernel-cmdline
|
||||||
|
rm kernel-cmdline
|
||||||
|
|
||||||
zip -g $OUTPUT_ABOOT_IMAGE $ABOOT_BOOT_IMAGE
|
zip -g $OUTPUT_ABOOT_IMAGE $ABOOT_BOOT_IMAGE
|
||||||
rm $ABOOT_BOOT_IMAGE
|
rm $ABOOT_BOOT_IMAGE
|
||||||
if [ "$SONIC_ENABLE_IMAGE_SIGNATURE" = "y" ]; then
|
if [ "$SONIC_ENABLE_IMAGE_SIGNATURE" = "y" ]; then
|
||||||
|
@ -86,7 +86,7 @@ installer_image_path="$image_path/$installer_image"
|
|||||||
|
|
||||||
boot_config="$target_path/boot-config"
|
boot_config="$target_path/boot-config"
|
||||||
|
|
||||||
cmdline_allowlist="crashkernel hwaddr_ma1"
|
cmdline_allowlist="crashkernel hwaddr_ma1 sonic_fips"
|
||||||
|
|
||||||
# for backward compatibility with the sonic_upgrade= behavior
|
# for backward compatibility with the sonic_upgrade= behavior
|
||||||
install="${install:-${sonic_upgrade:-}}"
|
install="${install:-${sonic_upgrade:-}}"
|
||||||
|
@ -181,6 +181,9 @@ if [ "$install_env" = "onie" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
extra_cmdline_linux=%%EXTRA_CMDLINE_LINUX%%
|
||||||
|
echo "EXTRA_CMDLINE_LINUX=$extra_cmdline_linux"
|
||||||
|
|
||||||
# Update Bootloader Menu with installed image
|
# Update Bootloader Menu with installed image
|
||||||
bootloader_menu_config
|
bootloader_menu_config
|
||||||
|
|
||||||
|
@ -181,6 +181,9 @@ if [ "$install_env" = "onie" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
extra_cmdline_linux=%%EXTRA_CMDLINE_LINUX%%
|
||||||
|
echo "EXTRA_CMDLINE_LINUX=$extra_cmdline_linux"
|
||||||
|
|
||||||
# Update Bootloader Menu with installed image
|
# Update Bootloader Menu with installed image
|
||||||
bootloader_menu_config
|
bootloader_menu_config
|
||||||
|
|
||||||
|
@ -16,9 +16,10 @@ mount_partition() {
|
|||||||
|
|
||||||
bootloader_menu_config() {
|
bootloader_menu_config() {
|
||||||
if [ "$install_env" = "onie" ]; then
|
if [ "$install_env" = "onie" ]; then
|
||||||
|
fw_setenv -f linuxargs "${extra_cmdline_linux}"
|
||||||
fw_setenv -f nos_bootcmd "test -n \$boot_once && setenv do_boot_once \$boot_once && setenv boot_once && saveenv && run do_boot_once; run boot_next"
|
fw_setenv -f nos_bootcmd "test -n \$boot_once && setenv do_boot_once \$boot_once && setenv boot_once && saveenv && run do_boot_once; run boot_next"
|
||||||
|
|
||||||
fw_setenv -f sonic_image_1 "ext4load mmc 0:1 \$loadaddr \$sonic_dir_1/boot/sonic_arm64.fit && setenv bootargs quiet console=\$consoledev,\$baudrate root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 loopfstype=squashfs loop=\$sonic_dir_1/fs.squashfs systemd.unified_cgroup_hierarchy=0 && bootm \$loadaddr"
|
fw_setenv -f sonic_image_1 "ext4load mmc 0:1 \$loadaddr \$sonic_dir_1/boot/sonic_arm64.fit && setenv bootargs quiet console=\$consoledev,\$baudrate root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 loopfstype=squashfs loop=\$sonic_dir_1/fs.squashfs systemd.unified_cgroup_hierarchy=0 \${linuxargs} && bootm \$loadaddr"
|
||||||
fw_setenv -f sonic_image_2 "NONE"
|
fw_setenv -f sonic_image_2 "NONE"
|
||||||
fw_setenv -f sonic_dir_1 $image_dir
|
fw_setenv -f sonic_dir_1 $image_dir
|
||||||
fw_setenv -f sonic_dir_2 "NONE"
|
fw_setenv -f sonic_dir_2 "NONE"
|
||||||
@ -37,9 +38,10 @@ bootloader_menu_config() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
fw_setenv linuxargs "${extra_cmdline_linux}"
|
||||||
fw_setenv nos_bootcmd "test -n \$boot_once && setenv do_boot_once \$boot_once && setenv boot_once && saveenv && run do_boot_once; run boot_next"
|
fw_setenv nos_bootcmd "test -n \$boot_once && setenv do_boot_once \$boot_once && setenv boot_once && saveenv && run do_boot_once; run boot_next"
|
||||||
|
|
||||||
fw_setenv sonic_image_$idx "ext4load mmc 0:1 \$loadaddr \$sonic_dir_$idx/boot/sonic_arm64.fit && setenv bootargs quiet console=\$consoledev,\$baudrate root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 loopfstype=squashfs loop=\$sonic_dir_$idx/fs.squashfs systemd.unified_cgroup_hierarchy=0 && bootm \$loadaddr"
|
fw_setenv sonic_image_$idx "ext4load mmc 0:1 \$loadaddr \$sonic_dir_$idx/boot/sonic_arm64.fit && setenv bootargs quiet console=\$consoledev,\$baudrate root=/dev/mmcblk0p1 rw rootwait rootfstype=ext4 loopfstype=squashfs loop=\$sonic_dir_$idx/fs.squashfs systemd.unified_cgroup_hierarchy=0 \${linuxargs} && bootm \$loadaddr"
|
||||||
fw_setenv sonic_dir_$idx $image_dir
|
fw_setenv sonic_dir_$idx $image_dir
|
||||||
fw_setenv sonic_version_$idx `echo $image_dir | sed "s/^image-/SONiC-OS-/g"`
|
fw_setenv sonic_version_$idx `echo $image_dir | sed "s/^image-/SONiC-OS-/g"`
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ prepare_boot_menu() {
|
|||||||
BORDER='echo "---------------------------------------------------";echo;'
|
BORDER='echo "---------------------------------------------------";echo;'
|
||||||
fw_setenv ${FW_ARG} print_menu $BORDER $BOOT1 $BOOT2 $BOOT3 $BORDER > /dev/null
|
fw_setenv ${FW_ARG} print_menu $BORDER $BOOT1 $BOOT2 $BOOT3 $BORDER > /dev/null
|
||||||
|
|
||||||
fw_setenv ${FW_ARG} linuxargs "net.ifnames=0 loopfstype=squashfs loop=$image_dir/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG" > /dev/null
|
fw_setenv ${FW_ARG} linuxargs "net.ifnames=0 loopfstype=squashfs loop=$image_dir/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG ${extra_cmdline_linux}" > /dev/null
|
||||||
fw_setenv ${FW_ARG} linuxargs_old "net.ifnames=0 loopfstype=squashfs loop=$image_dir_old/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG" > /dev/null
|
fw_setenv ${FW_ARG} linuxargs_old "net.ifnames=0 loopfstype=squashfs loop=$image_dir_old/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG" > /dev/null
|
||||||
sonic_bootargs_old='setenv bootargs root='$demo_dev' rw rootwait rootfstype=ext4 panic=1 console=ttyS0,115200 ${othbootargs} ${mtdparts} ${linuxargs_old}'
|
sonic_bootargs_old='setenv bootargs root='$demo_dev' rw rootwait rootfstype=ext4 panic=1 console=ttyS0,115200 ${othbootargs} ${mtdparts} ${linuxargs_old}'
|
||||||
fw_setenv ${FW_ARG} sonic_bootargs_old $sonic_bootargs_old > /dev/null || true
|
fw_setenv ${FW_ARG} sonic_bootargs_old $sonic_bootargs_old > /dev/null || true
|
||||||
|
@ -147,7 +147,7 @@ prepare_boot_menu() {
|
|||||||
BORDER='echo "---------------------------------------------------";echo;'
|
BORDER='echo "---------------------------------------------------";echo;'
|
||||||
fw_setenv ${FW_ARG} print_menu $BORDER $BOOT1 $BOOT2 $BOOT3 $BORDER > /dev/null
|
fw_setenv ${FW_ARG} print_menu $BORDER $BOOT1 $BOOT2 $BOOT3 $BORDER > /dev/null
|
||||||
|
|
||||||
fw_setenv ${FW_ARG} linuxargs "net.ifnames=0 loopfstype=squashfs loop=$image_dir/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG loglevel=4" > /dev/null
|
fw_setenv ${FW_ARG} linuxargs "net.ifnames=0 loopfstype=squashfs loop=$image_dir/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG loglevel=4 ${extra_cmdline_linux}" > /dev/null
|
||||||
fw_setenv ${FW_ARG} linuxargs_old "net.ifnames=0 loopfstype=squashfs loop=$image_dir_old/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG loglevel=4" > /dev/null
|
fw_setenv ${FW_ARG} linuxargs_old "net.ifnames=0 loopfstype=squashfs loop=$image_dir_old/$FILESYSTEM_SQUASHFS systemd.unified_cgroup_hierarchy=0 varlog_size=$VAR_LOG loglevel=4" > /dev/null
|
||||||
|
|
||||||
# Set boot configs
|
# Set boot configs
|
||||||
|
Loading…
Reference in New Issue
Block a user