From 83a548decee29f843b9d3178824f6393af9b73e6 Mon Sep 17 00:00:00 2001
From: selvipal <selvipal@cisco.com>
Date: Thu, 11 Jan 2024 08:28:30 -0800
Subject: [PATCH] Disable Key Validation feature during sonic-installation for
 Cisco Platforms (#3115)

Disabling key validation feature in grub file as its not yet supported for Cisco platforms

What I did
Check if the platform we are installing the image on is a Cisco platform
Return success if it is so we are on Cisco platform. This way, we do not perform signature verification as this feature is not yet supported on our platforms.
How I did it
Modified sonic-installer grub.py code
---
 sonic_installer/bootloader/grub.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sonic_installer/bootloader/grub.py b/sonic_installer/bootloader/grub.py
index c2bfe8d534..d76ddcc0c7 100644
--- a/sonic_installer/bootloader/grub.py
+++ b/sonic_installer/bootloader/grub.py
@@ -157,7 +157,10 @@ def is_secure_upgrade_image_verification_supported(self):
 
         check_if_verification_is_enabled_and_supported_code = '''
         SECURE_UPGRADE_ENABLED=0
-        if [ -d "/sys/firmware/efi/efivars" ]; then
+        #Disabling the check for cisco-8000 platforms as platform-side support is not ready yet. This will be removed once platform
+        #support is added.
+        ASIC_TYPE=$(sonic-cfggen -y /etc/sonic/sonic_version.yml -v asic_type)
+        if [ -d "/sys/firmware/efi/efivars" ] && [[ ${ASIC_TYPE} != *"cisco-8000"* ]]; then
             if ! [ -n "$(ls -A /sys/firmware/efi/efivars 2>/dev/null)" ]; then
                 mount -t efivarfs none /sys/firmware/efi/efivars 2>/dev/null
             fi