forked from sonic-net/sonic-linux-kernel
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmanage-config
More file actions
executable file
·42 lines (35 loc) · 1.25 KB
/
manage-config
File metadata and controls
executable file
·42 lines (35 loc) · 1.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
#
# SPDX-License-Identifier: GPL-2.0
#
# Add / Remove options in kernel configuration,
# and Verify the kernel configuration afterwards.
ARCH=amd64
SECURE_UPGRADE_MODE="no_sign"
SECURE_UPGRADE_KERNEL_CAFILE=
if [ $# -ge 1 ]; then
ARCH=$1
fi
if [ $# -ge 2 ]; then
SECURE_UPGRADE_MODE=$2
fi
if [ $# -ge 3 ]; then
SECURE_UPGRADE_KERNEL_CAFILE=$3
fi
# Secure Boot support
echo "Secure Boot params: SECURE_UPGRADE_MODE=${SECURE_UPGRADE_MODE}, SECURE_UPGRADE_KERNEL_CAFILE=${SECURE_UPGRADE_KERNEL_CAFILE}"
if [ ${SECURE_UPGRADE_MODE} == "dev" -o ${SECURE_UPGRADE_MODE} == "prod" ]; then
echo "Enable secure boot configs"
if [ ! -f "${SECURE_UPGRADE_KERNEL_CAFILE}" ]; then
echo "ERROR: SECURE_UPGRADE_KERNEL_CAFILE=${SECURE_UPGRADE_KERNEL_CAFILE} file does not exist"
exit 1
fi
if [ -f debian/config.local/${ARCH}/config.sonic-secureboot ]; then
cat debian/config.local/${ARCH}/config.sonic-secureboot >> debian/config.local/${ARCH}/config.sonic
fi
# save the new pub key in kernel
sed -i "s|^CONFIG_SYSTEM_TRUSTED_KEYS=.*|CONFIG_SYSTEM_TRUSTED_KEYS=\"$SECURE_UPGRADE_KERNEL_CAFILE\"|g" debian/config.local/${ARCH}/config.sonic
echo "Secure Boot kernel configuration done."
else
echo "No Secure Boot Kernel configuration required."
fi