Disable Key Validation feature during sonic-installation for Cisco Platforms (#3115)

selvipal · web-flow · commit 359e6925e1cc · 2024-01-11T08:28:30.000-08:00
Disabling key validation feature in grub file as its not yet supported for Cisco platforms

What I did
Check if the platform we are installing the image on is a Cisco platform
Return success if it is so we are on Cisco platform. This way, we do not perform signature verification as this feature is not yet supported on our platforms.
How I did it
Modified sonic-installer grub.py code
diff --git a/sonic_installer/bootloader/grub.py b/sonic_installer/bootloader/grub.py
@@ -157,7 +157,10 @@ def is_secure_upgrade_image_verification_supported(self):
 
         check_if_verification_is_enabled_and_supported_code = '''
         SECURE_UPGRADE_ENABLED=0
-        if [ -d "/sys/firmware/efi/efivars" ]; then
+        #Disabling the check for cisco-8000 platforms as platform-side support is not ready yet. This will be removed once platform
+        #support is added.
+        ASIC_TYPE=$(sonic-cfggen -y /etc/sonic/sonic_version.yml -v asic_type)
+        if [ -d "/sys/firmware/efi/efivars" ] && [[ ${ASIC_TYPE} != *"cisco-8000"* ]]; then
             if ! [ -n "$(ls -A /sys/firmware/efi/efivars 2>/dev/null)" ]; then
                 mount -t efivarfs none /sys/firmware/efi/efivars 2>/dev/null
             fi
