Support to verify reboot for secure boot#979
Conversation
qiluo-msft
requested review from
jleveque,
lguohan,
marian-pritsak,
yxieca and
zhenggen-xu
|
@Staphylo Could you please help review ? #Closed |
sonic_installer/main.py
Outdated
| @cli.command('verify_reboot') | ||
| def verify_reboot(): |
There was a problem hiding this comment.
Along with Qi's comment above, this command should also be named form clearly, e.g., verify-next-image.
sonic_installer/bootloader/aboot.py
Outdated
| if not super(AbootBootloader, self).verify_reboot(): | ||
| return False | ||
| image = self.get_next_image() | ||
| image_path = self.get_image_path(image) + '/sonic.swi' |
There was a problem hiding this comment.
sonic.swi [](start = 52, length = 9)
Magic string in aboot.py #Closed
scripts/fast-reboot
Outdated
| debug "Next image ${NEXT_SONIC_IMAGE} doesn't exist ..." | ||
| exit ${EXIT_NEXT_IMAGE_NOT_EXISTS} | ||
| # Verify reboot by sonic_installer | ||
| local message=$(sonic_installer verify-reboot) |
There was a problem hiding this comment.
message [](start = 10, length = 7)
Did you only capture stdout but stderr? #Closed
There was a problem hiding this comment.
Added the stderr message.
sonic_installer/bootloader/aboot.py
Outdated
| if not super(AbootBootloader, self).verify_reboot(): | ||
| return False | ||
| image = self.get_next_image() | ||
| image_path = self.get_image_path(image) + '/sonic.swi' |
|
This pull request introduces 2 alerts when merging b10af37 into 1b992b3 - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging db0a9d2 into 1b992b3 - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging 7914998 into 1b992b3 - view on LGTM.com new alerts:
|
|
retest default please |
scripts/fast-reboot
Outdated
| exit ${EXIT_NEXT_IMAGE_NOT_EXISTS} | ||
| # Verify the next image by sonic_installer | ||
| local message=$(sonic_installer verify_next_image 2>&1) | ||
| if [ $? -ne 0 ]; then |
There was a problem hiding this comment.
This part of the reboot script is executed under -e option, meaning that the failure will trigger script to exit. Please take examples in the script to catch error code.
There was a problem hiding this comment.
Thanks, the command can be simplified, fixed. #Closed
There was a problem hiding this comment.
If you simplified this way, the sonic_installer verify-next-image will only output Failed or Done, which has no context in fast-reboot output.
As Ying suggested: Please take examples in the script to catch error code.
Your original debug command is still useful.
In reply to: 453135626 [](ancestors = 453135626)
#### Why I did it To pick up fixes from submodule sonic-sairedis which include the following fixes: ``` commit 1027eef3a331e84560827c7584ee8009baf434d5 (HEAD -> 202012, origin/202012) Author: gechiang <[email protected]> Date: Wed Dec 8 03:13:34 2021 -0800 [202012] Prevent other notification event storms to keep enqueue unchecked and drained all memory that leads to crashing the switch router (sonic-net#976) commit 94455e50d3444dcd60093b7a39c7f427337a94d2 Author: VenkatCisco <[email protected]> Date: Tue Jun 15 03:23:20 2021 -0700 Add cisco-8000 checks to syncd_init_common (sonic-net#839) commit 2df539483ed68519c3c9c6df958d3ed2f31dd629 Author: Kamil Cudnik <[email protected]> Date: Mon Dec 6 20:50:23 2021 +0100 [lgtm] Add gmock libs to lgtm (sonic-net#979) ```
…d (#995) Root group name was changed from `cli` to `sonic_installer` in sonic-net/sonic-utilities#983. However, `verify-next-image` subcommand was being added in an already-open PR sonic-net/sonic-utilities#979 at the time. It did not get updated before merge. This aligns it with the new group name.
5 participants
- What I did
Add a command "sonic_installer verify_reboot" to verify the image before reboot.
The command will be called when reboot/fast-reboot/warm-reboot.
- How I did it
- How to verify it
- Previous command output (if the output of a command-line utility has changed)
- New command output (if the output of a command-line utility has changed)