[build]: Added flag in sonic_version.yml to see if image is secured or non-secured (#16191)
What I did: Added flag in sonic_version.yml to see if compiled image is secured or non-secured. This is done using build/compile time environmental variable SECURE_UPGRADE_MODE as define in HLD: https://github.com/sonic-net/SONiC/blob/master/doc/secure_boot/hld_secure_boot.md This flag does not provide the runtime status of whether the image has booted securely or not. It's possible that compile time signed image (secured image) can boot on non secure platform. Why I did: Flag can be used for manual check or by the test case. ADO: 24319390 How I verify: Manual Verification --- build_version: 'master-16191.346262-cdc5e72a3' debian_version: '11.7' kernel_version: '5.10.0-18-2-amd64' asic_type: broadcom asic_subtype: 'broadcom' commit_id: 'cdc5e72a3' branch: 'master-16191' release: 'none' build_date: Fri Aug 25 03:15:45 UTC 2023 build_number: 346262 built_by: AzDevOps@vmss-soni001UR5 libswsscommon: 1.0.0 sonic_utilities: 1.2 sonic_os_version: 11 secure_boot_image: 'no' Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
This commit is contained in:
abdosi
GitHub
parent
f39adda55e
commit
b6edc374ba
@ -30,3 +30,8 @@ built_by: {{ built_by }}
|
||||
asan: 'yes'
|
||||
{% endif -%}
|
||||
sonic_os_version: {{ sonic_os_version }}
|
||||
{% if SECURE_UPGRADE_MODE == "dev" or SECURE_UPGRADE_MODE == "prod" -%}
|
||||
secure_boot_image: 'yes'
|
||||
{% else -%}
|
||||
secure_boot_image: 'no'
|
||||
{% endif -%}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user