Add hook to boot0 for fast-sanitize

sonic-net · Jan 22, 2021 · 299e82c · 299e82c
1 parent b62a1a8
commit 299e82c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 15 deletions.
diff --git a/files/Aboot/boot0.j2 b/files/Aboot/boot0.j2
@@ -86,7 +86,7 @@ installer_image_path="$image_path/$installer_image"
 
 boot_config="$target_path/boot-config"
 
-cmdline_allowlist="crashkernel"
+cmdline_allowlist="crashkernel hwaddr_ma1"
 
 # for backward compatibility with the sonic_upgrade= behavior
 install="${install:-${sonic_upgrade:-}}"
@@ -653,14 +653,9 @@ write_default_cmdline() {
 
 write_cmdline() {
     # use extra parameters from kernel-params hook if the file exists
-    if [ -f "$target_path/$kernel_params" ]; then
-        if $secureboot && $debug; then
-            warn "Unsafe: Loading extra kernel parameters from $kernel_params"
-            cat "$target_path/$kernel_params" | cmdline_append
-        elif ! $secureboot; then
-            info "Loading extra kernel parameters from $kernel_params"
-            cat "$target_path/$kernel_params" | cmdline_append
-        fi
+    if [ -f "$target_path/$kernel_params" ] && ! $secureboot; then
+        info "Loading extra kernel parameters from $kernel_params"
+        cat "$target_path/$kernel_params" | cmdline_append
     fi
 
     # FIXME: sonic sometimes adds extra kernel parameters from user space
@@ -766,8 +761,8 @@ secureboot_boot() {
 
 regular_boot() {
     # boot uses the image installed on the flash
-    run_hooks pre-kexec
     write_regular_configs "$image_path"
+    run_hooks pre-kexec
     update_next_boot
     run_kexec
 }

diff --git a/files/initramfs-tools/arista-convertfs.j2 b/files/initramfs-tools/arista-convertfs.j2
@@ -152,10 +152,10 @@ done
 [ -z "$aboot_flag" ] && exit 0
 
 # Check kdump
-$in_kdump && exit 0
+[ "$in_kdump" = true ] && exit 0
 
 # Skip this script for warm-reboot/fast-reboot from sonic
-$sonic_fast_reboot && [ "$prev_os" != eos ] && exit 0
+[ "$sonic_fast_reboot" = true ] && [ "$prev_os" != eos ] && exit 0
 
 # Get flash dev name
 if [ -z "$block_flash" ]; then

diff --git a/files/initramfs-tools/union-mount.j2 b/files/initramfs-tools/union-mount.j2
@@ -90,7 +90,7 @@ mkdir -p "$rw_dir"
 mkdir -p "$work_dir"
 
 ## Remove the files not in allowlist in the rw folder
-if $secureboot && ! $in_kdump; then
+if [ "$secureboot" = true ] && [ "$in_kdump" = false ]; then
     if [ "$bootloader" = "aboot" ]; then
         swi_path="${rootmnt}/host/$(sed -E 's/.*loop=([^ ]+).*/\1/' /proc/cmdline)"
         unzip -q "$swi_path" allowlist_paths.conf -d /tmp
@@ -124,8 +124,8 @@ case "${ROOT}" in
 esac
 
 mkdir -p ${rootmnt}/var/lib/docker
-if ! $in_kdump; then
-    if $secureboot; then
+if [ "$in_kdump" = false ]; then
+    if [ "$secureboot" = true ]; then
         mount -t tmpfs -o rw,nodev,size={{ DOCKER_RAMFS_SIZE }} tmpfs ${rootmnt}/var/lib/docker
         if [ "$bootloader" = "aboot" ]; then
             unzip -qp "$swi_path" dockerfs.tar.gz | tar xz --numeric-owner -C ${rootmnt}/var/lib/docker