Add secure fast/warm-reboot support for Aboot #994
Conversation
|
Could you change the title to "Add secure fast-reboot and warm-reboot support for Aboot" if this is true? #Closed |
scripts/fast-reboot
Outdated
| BOOT_OPTIONS="$(cat "$IMAGE_PATH/kernel-cmdline" | tr '\n' ' ') SONIC_BOOT_TYPE=${BOOT_TYPE_ARG}" | ||
| if is_secureboot; then | ||
| KERNEL_IMAGE="" | ||
| BOOT_OPTIONS="SONIC_BOOT_TYPE=${BOOT_TYPE_ARG}" |
There was a problem hiding this comment.
" [](start = 58, length = 1)
" [](start = 58, length = 1)
Will you add secure_boot_enable=1 into BOOT_OPTIONS?
This is also applied to non-aboot secure boot flow. #Closed
There was a problem hiding this comment.
Because the loading of the kernel and initramfs is done through boot0 the secure_boot_enable=1 option is added automatically. Adding it here would be redundant but harmless.
Let me know if you still want me to add it here.
There was a problem hiding this comment.
Please help added it. This code will be shared to non-aboot secure boot flow which using kexec.
I guess the aboot has the intelligence to keep single secure_boot_enable=1 if there is already one. There is no need to duplicate it on cmdline.
In reply to: 456649028 [](ancestors = 456649028)
There was a problem hiding this comment.
I'll make the change.
The option will likely be duplicated by boot0 since but there's no harm in it.
Also this code will not be used by other vendors since it contained in a if aboot_platform.
It makes this change rather useless if the only hope was to have other vendors reuse it.
qiluo-msft
requested review from
jleveque,
yxieca,
pavel-shirshov,
lguohan and
xumia
Staphylo
force-pushed
the
master-secure-fast-reboot
branch
from
9fe548d to
87f6b88
Compare
|
retest this please |
|
Retest this please |
Staphylo
force-pushed
the
master-secure-fast-reboot
branch
from
87f6b88 to
1cebd63
Compare
|
Retest this please |
|
Does this PR works for warm-reboot, in theory? In reply to: 660299771 [](ancestors = 660299771) |
|
Yes this PR works for both fast-reboot and warm-reboot. |
Instead of having multiple implementation of preparing a SWI image for secureboot, fast-reboot now reuses boot0. SWI images booting in regular mode will keep using the old behavior.
Staphylo
force-pushed
the
master-secure-fast-reboot
branch
from
1cebd63 to
310d1df
Compare
qiluo-msft
changed the title
|
Retest this please |
Instead of having multiple implementation of preparing a SWI image for
secureboot, fast-reboot now reuses boot0.
SWI images booting in regular mode will keep using the old behavior.