Skip to content

202511 [PR:25067] [Arista] UEFI boot support for Arista platform #26532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nobutomonakano-arista wants to merge 3 commits into
base: 202511
Choose a base branch
from
Open

202511 [PR:25067] [Arista] UEFI boot support for Arista platform #26532

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
86214ef
Changes necessary to install and Boot an UEFI image from Aboot
Staphylo Jun 13, 2025
71350ad
Add `installer.conf` for all arista devices with UEFI support
Staphylo Oct 24, 2025
13390a9
Add Arista drivers to ONIE image
nobutomonakano-arista Jun 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions build_debian.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,8 @@ sudo cp files/initramfs-tools/union-mount $FILESYSTEM_ROOT/etc/initramfs-tools/s
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/union-mount
sudo cp files/initramfs-tools/varlog $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/varlog
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/varlog
sudo cp files/initramfs-tools/swi2bin $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/swi2bin
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/swi2bin
# Management interface (eth0) dhcp can be optionally turned off (during a migration from another NOS to SONiC)
#sudo cp files/initramfs-tools/mgmt-intf-dhcp $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/mgmt-intf-dhcp
#sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-bottom/mgmt-intf-dhcp
Expand Down Expand Up @@ -453,12 +455,14 @@ if [[ $TARGET_BOOTLOADER == grub ]]; then
( cd $FILESYSTEM_ROOT; sudo rm -f $basename_deb_packages )

if [[ $CONFIGURED_ARCH == amd64 ]]; then
GRUB_PKG=grub-pc-bin
GRUB_PKGS='grub-efi-amd64-bin grub-pc-bin'
elif [[ $CONFIGURED_ARCH == arm64 ]]; then
GRUB_PKG=grub-efi-arm64-bin
GRUB_PKGS=grub-efi-arm64-bin
fi

sudo cp $debs_path/${GRUB_PKG}*.deb $FILESYSTEM_ROOT/$PLATFORM_DIR/grub
for grub_pkg in $GRUB_PKGS; do
sudo cp $debs_path/${grub_pkg}*.deb $FILESYSTEM_ROOT/$PLATFORM_DIR/grub
done
fi

## Disable kexec supported reboot which was installed by default
Expand Down
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_7060x6_16pe_384c/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="Redstart*Moby"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="modprobe.blacklist=snd_hda_intel,hdaudio,amd_sfh"
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_7060x6_32pe/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="*MorandaP"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="modprobe.blacklist=snd_hda_intel,hdaudio,amd_sfh"
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_7060x6_64pe/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="Shearwater*QuicksilverP"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="modprobe.blacklist=snd_hda_intel,hdaudio"
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_7060x6_64pe_b/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="Redstart*QuicksilverP512"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="modprobe.blacklist=snd_hda_intel,hdaudio,amd_sfh"
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_720dt_48s/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="PikeIslandZ PikeIslandZ-F PikeIslandZ-R PikeIslandZ-F PikeIslandZ-R"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX=""
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_7280r4_32qf_32df/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="*CitrineDd"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="modprobe.blacklist=snd_hda_intel,hdaudio,amd_sfh"
2 changes: 2 additions & 0 deletions device/arista/x86_64-arista_7280r4k_32qf_32df/installer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ARISTA_SID="*CitrineDdBk"
ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="modprobe.blacklist=snd_hda_intel,hdaudio,amd_sfh"
4 changes: 3 additions & 1 deletion dockers/docker-platform-monitor/Dockerfile.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ RUN apt-get update && \
pciutils \
nvme-cli \
ethtool \
xxd
xxd \
python3-yaml \
python3-bottle
{% if sonic_asic_platform == 'mellanox' %}
RUN apt-get install -y dbus
{% endif %}
Expand Down
1 change: 1 addition & 0 deletions files/initramfs-tools/modules
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ nls_cp437
nls_utf8
nvme
zstd
efivarfs
159 changes: 159 additions & 0 deletions files/initramfs-tools/swi2bin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
#!/bin/sh -e
# This hook is the 2nd stage of the swi2bin installation

PREREQS=""

prereqs() { echo "$PREREQS"; }

case $1 in
prereqs)
prereqs
exit 0
;;
esac

perform_swi2bin=false
verbose=false

for x in $(cat /proc/cmdline); do
case "$x" in
arista.swi2bin=verbose)
perform_swi2bin=true
verbose=true
;;
arista.swi2bin|arista.swi2bin=*)
perform_swi2bin=true
;;
esac
done

if ! $perform_swi2bin; then
exit 0
fi

if $verbose; then
set -x
fi

log() {
echo "[+] $@"
}

is_bin_signed() {
test "$(tail -n 1 "$1")" = "-----END CMS-----"
}

log "Entering initrd phase of installation"

nosname=SONiC-OS
image_name="$(cat /proc/cmdline | sed -e 's/.*loop=\(\S*\)\/.*/\1/')"

bin_signed=false
if is_bin_signed "$rootmnt/host/$image_name/sonic.bin"; then
bin_signed=true
fi
Comment on lines +42 to +54
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is_bin_signed() runs tail -n 1 on the provided path. With #!/bin/sh -e, if the file is missing (e.g., due to a parsing issue for image_name or an unexpected layout), tail will fail and abort the initramfs script, potentially breaking boot. Add an explicit existence/readability check (e.g., return false if the file is absent) before calling tail.

Copilot uses AI. Check for mistakes.
Comment on lines +48 to +54
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image_name is derived from /proc/cmdline using a sed substitution that will return the entire cmdline if it doesn’t match. Later this value is used in paths like $rootmnt/host/$image_name/... and especially rm -rf "/tmp/host/$image_name". If image_name is empty or malformed, this can delete unintended data on the host partition. Validate image_name (non-empty, expected pattern, no whitespace, no path traversal) before using it, and refuse to proceed if it fails validation.

Copilot uses AI. Check for mistakes.

log "Mounting root filesystem"
rootdir=/install-root
installtmp=/tmp/install
rwdir="$installtmp/rw"
workdir="$installtmp/workdir"

mkdir -p "$rootdir"
mkdir -p "$installtmp"

mount -t tmpfs none "$installtmp"
mkdir -p "$rwdir"
mkdir -p "$workdir"

mount -n -o "lowerdir=$rootmnt,upperdir=$rwdir,workdir=$workdir" -t overlay root-overlay "$rootdir"
mount -o bind "$rootmnt/host" "$rootdir/host"
mount -t proc proc "$rootdir/proc"
mount -t devtmpfs udev "$rootdir/dev"
mount -t sysfs sysfs "$rootdir/sys"

log "Installing grub"
espdev="$(blkid --label ESP)"
blkdev="/dev/$(basename "$(readlink -f "/sys/class/block/$(basename "$espdev")/..")")"
esppartnum="$(echo "$espdev" | grep -Eo '[0-9]+$')"

mkdir -p "$rootdir/boot"
mount -o bind "$rootmnt/host/$image_name/boot" "$rootdir/boot"
mkdir -p "$rootdir/boot/efi"
mount "$espdev" "$rootdir/boot/efi"
Comment on lines +75 to +83
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

espdev is obtained via blkid --label ESP. The common/portable interface is blkid -L <label>; --label may not be supported in all util-linux versions. Also, if no ESP is found, espdev will be empty and subsequent basename/readlink/mount operations will fail under -e. Use blkid -L ESP (or equivalent) and add a clear failure check/error message when the ESP can’t be located.

Copilot uses AI. Check for mistakes.

# ensure grub folder exists
mkdir -p "$rootdir/host/grub"

# mounting efivarfs which is necessary for efitools to work
mount -t efivarfs efivarfs "$rootdir/sys/firmware/efi/efivars"

# installing grub packages from platform.tar.gz
chroot "$rootdir" sh -c "dpkg -i /host/$image_name/platform/grub/*"

# install grub-efi on /boot/efi/SONiC-OS and configuration on /host/grub/
chroot "$rootdir" grub-install \
--target=x86_64-efi \
--boot-directory=/host \
--efi-directory=/boot/efi \
--bootloader-id=$nosname

if $bin_signed; then
log "Installing signed shim/grub/mm"

# installing signed grub, shim, mm and other efi tools
mkdir -p "$rootdir/boot/efi/EFI/$nosname"
cp "$rootdir/host/$image_name/boot/"*.efi "$rootdir/boot/efi/EFI/$nosname"
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cp "$rootdir/host/$image_name/boot/"*.efi ... will fail (and abort the script due to -e) if the glob doesn’t match any files. Even when bin_signed is true, a missing/renamed EFI artifact would hard-fail installation. Add an explicit check that the expected EFI files exist before attempting the copy, and emit a clear error if they don’t.

Suggested change
cp "$rootdir/host/$image_name/boot/"*.efi "$rootdir/boot/efi/EFI/$nosname"
set -- "$rootdir/host/$image_name/boot/"*.efi
if [ ! -e "$1" ]; then
echo "Error: expected signed EFI artifacts matching $rootdir/host/$image_name/boot/*.efi, but none were found" >&2
exit 1
fi
cp "$@" "$rootdir/boot/efi/EFI/$nosname"

Copilot uses AI. Check for mistakes.

# creating new EFI boot entry
chroot "$rootdir" efibootmgr \
--create \
--quiet \
--label "$nosname" \
--disk "$blkdev" \
--part "$esppartnum" \
--loader "/EFI/$nosname/shimx64.efi"
fi

# FIXME: populate fake entry in grub.cfg to allow the installer to find the /host
# partition
grubentry="SONiC-OS-$(echo "$image_name" | cut -c7-)"
cat > "$rootdir/host/grub/grub.cfg" <<EOF
menuentry '$grubentry' {
# root=$ROOT rw
}
EOF
Comment on lines +118 to +125
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This writes a new /host/grub/grub.cfg via cat > ..., which overwrites any existing configuration. The subsequent sed -i only deletes the injected entry and cannot restore the original file contents. To avoid data loss, either (a) append the temporary entry and remove it later, or (b) back up the original grub.cfg and restore it after the installer completes (including on failure paths).

Copilot uses AI. Check for mistakes.

log "Running SONiC installer"

chroot "$rootdir" bash "/host/$image_name/sonic.bin"

# FIXME: remove fake grub entry
sed -i "/^menuentry .$grubentry./,/}/d" "$rootdir/host/grub/grub.cfg"

sync

log "Cleaning up behind installer"

# unmounting chroot paths
umount "$rootdir/sys/firmware/efi/efivars"
umount "$rootdir/boot/efi"
umount "$rootdir/boot"
umount "$rootdir/sys"
umount "$rootdir/dev"
umount "$rootdir/proc"
umount "$rootdir/host"
umount "$rootdir"

# unmounting other paths
mkdir -p /tmp/host
mount -o move "$rootmnt/host" /tmp/host
umount "$rootmnt"
rm -rf "/tmp/host/$image_name"
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rm -rf "/tmp/host/$image_name" can delete unintended host-partition data if $image_name is empty or not the expected directory name (it is derived from kernel cmdline parsing). Add a guard (e.g., ensure image_name matches an expected prefix and that the target path is within /tmp/host/ and exists as a directory) before performing this removal.

Suggested change
rm -rf "/tmp/host/$image_name"
target_dir="/tmp/host/$image_name"
case "$image_name" in
""|.|..|*/*)
log "Refusing to remove unexpected image directory: $image_name"
;;
*)
if [ -d "$target_dir" ]; then
target_real="$(cd "$target_dir" 2>/dev/null && pwd -P)" || target_real=""
case "$target_real" in
/tmp/host/*)
rm -rf -- "$target_dir"
;;
*)
log "Refusing to remove path outside /tmp/host: $target_dir"
;;
esac
else
log "Skipping cleanup for missing image directory: $target_dir"
fi
;;
esac

Copilot uses AI. Check for mistakes.
umount /tmp/host

log "Done installing, rebooting..."

sync

echo b > /proc/sysrq-trigger
2 changes: 1 addition & 1 deletion files/initramfs-tools/varlog
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/sh -e

PREREQS=""
PREREQS="swi2bin"

prereqs() { echo "$PREREQS"; }

Expand Down
1 change: 1 addition & 0 deletions installer/default_platform.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -595,6 +595,7 @@ menuentry '$demo_grub_entry' {
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_msdos
insmod ext2
insmod efi_gop
Copy link

Copilot AI Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

insmod efi_gop is added unconditionally. On non-UEFI boots (e.g., BIOS), this module may be unavailable and insmod failures can drop to the GRUB rescue prompt or otherwise break boot. Gate this with a $grub_platform check (similar to the existing xen check) so it only runs on EFI platforms.

Suggested change
insmod efi_gop
if [ x$grub_platform = xefi ]; then insmod efi_gop; fi

Copilot uses AI. Check for mistakes.
$GRUB_CFG_LINUX_CMD /$image_dir/boot/vmlinuz-6.12.41+deb13-sonic-${arch} root=$grub_cfg_root rw $GRUB_CMDLINE_LINUX \
net.ifnames=0 biosdevname=0 \
loop=$image_dir/$FILESYSTEM_SQUASHFS loopfstype=squashfs \
Expand Down
4 changes: 3 additions & 1 deletion platform/broadcom/one-image.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ $(SONIC_ONE_IMAGE)_IMAGE_TYPE = onie
$(SONIC_ONE_IMAGE)_INSTALLS += $(PDDF_PLATFORM_MODULE)
$(SONIC_ONE_IMAGE)_INSTALLS += $(SYSTEMD_SONIC_GENERATOR)
$(SONIC_ONE_IMAGE)_INSTALLS += $(FLASHROM)
$(SONIC_ONE_IMAGE)_LAZY_INSTALLS += $(DELL_S6000_PLATFORM_MODULE) \
$(SONIC_ONE_IMAGE)_LAZY_INSTALLS += \
$(ARISTA_PLATFORM_MODULE_ALL) \
$(DELL_S6000_PLATFORM_MODULE) \
$(DELL_Z9264F_PLATFORM_MODULE) \
$(DELL_S5212F_PLATFORM_MODULE) \
$(DELL_S5224F_PLATFORM_MODULE) \
Expand Down
11 changes: 11 additions & 0 deletions platform/broadcom/platform-modules-arista.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,21 @@ ARISTA_PLATFORM_MODULE_VERSION = 1.0

export ARISTA_PLATFORM_MODULE_VERSION

ARISTA_PLATFORMS = $(subst device/arista/,, $(wildcard device/arista/x86_64-arista_[0-9]*))

export ARISTA_PLATFORMS

ARISTA_PLATFORM_MODULE = sonic-platform-arista_$(ARISTA_PLATFORM_MODULE_VERSION)_amd64.deb
$(ARISTA_PLATFORM_MODULE)_SRC_PATH = $(PLATFORM_PATH)/sonic-platform-modules-arista
$(ARISTA_PLATFORM_MODULE)_DEPENDS += $(LINUX_HEADERS) $(LINUX_HEADERS_COMMON)
SONIC_DPKG_DEBS += $(ARISTA_PLATFORM_MODULE)

ARISTA_PLATFORM_MODULE_ALL = sonic-platform-arista-all_$(ARISTA_PLATFORM_MODULE_VERSION)_amd64.deb
$(ARISTA_PLATFORM_MODULE_ALL)_SRC_PATH = $(PLATFORM_PATH)/sonic-platform-modules-arista
$(ARISTA_PLATFORM_MODULE_ALL)_DEPENDS += $(LINUX_HEADERS) $(LINUX_HEADERS_COMMON)
$(ARISTA_PLATFORM_MODULE_ALL)_PLATFORM = $(ARISTA_PLATFORMS)
SONIC_DPKG_DEBS += $(ARISTA_PLATFORM_MODULE_ALL)

ARISTA_PLATFORM_MODULE_PYTHON3 = python3-sonic-platform-arista_$(ARISTA_PLATFORM_MODULE_VERSION)_all.deb
$(eval $(call add_extra_package,$(ARISTA_PLATFORM_MODULE),$(ARISTA_PLATFORM_MODULE_PYTHON3)))

Expand All @@ -19,6 +29,7 @@ ARISTA_PLATFORM_MODULE_LIBS = sonic-platform-arista-libs_$(ARISTA_PLATFORM_MODUL
$(eval $(call add_extra_package,$(ARISTA_PLATFORM_MODULE),$(ARISTA_PLATFORM_MODULE_LIBS)))

export ARISTA_PLATFORM_MODULE \
ARISTA_PLATFORM_MODULE_ALL \
ARISTA_PLATFORM_MODULE_PYTHON3 \
ARISTA_PLATFORM_MODULE_DRIVERS \
ARISTA_PLATFORM_MODULE_LIBS
Expand Down
Loading