sonic-net · qiluo-msft · Oct 11, 2025 · Sep 11, 2025 · Sep 22, 2025 · Sep 22, 2025
diff --git a/sonic_installer/bootloader/grub.py b/sonic_installer/bootloader/grub.py
@@ -19,6 +19,10 @@
 from .onie import OnieInstallerBootloader
 
 PLATFORMS_ASIC = "installer/platforms_asic"
+BOOT_PARAMETER_PREFIX_LINUX = "linux "
+BOOT_PARAMETER_PREFIX_LINUXEFI = "linuxefi "
+LEN_BOOT_PARAMETER_PREFIX_LINUX = len(BOOT_PARAMETER_PREFIX_LINUX)
+LEN_BOOT_PARAMETER_PREFIX_LINUXEFI = len(BOOT_PARAMETER_PREFIX_LINUXEFI)
 
 class GrubBootloader(OnieInstallerBootloader):
 
@@ -93,8 +97,11 @@ def get_linux_cmdline(self, image):
         config.close()
         for line in menuentry.split('\n'):
             line = line.strip()
-            if line.startswith('linux '):
-                cmdline = line[6:].strip()
+            if line.startswith(BOOT_PARAMETER_PREFIX_LINUXEFI):
+                cmdline = line[LEN_BOOT_PARAMETER_PREFIX_LINUXEFI:].strip()
+                break
+            elif line.startswith(BOOT_PARAMETER_PREFIX_LINUX):
+                cmdline = line[LEN_BOOT_PARAMETER_PREFIX_LINUX:].strip()
                 break
         return cmdline
 
@@ -106,8 +113,11 @@ def set_linux_cmdline(self, image, cmdline):
         new_menuentry = old_menuentry
         for line in old_menuentry.split('\n'):
             line = line.strip()
-            if line.startswith('linux '):
-                new_menuentry = old_menuentry.replace(line, "linux " + cmdline)
+            if line.startswith(BOOT_PARAMETER_PREFIX_LINUXEFI):
+                new_menuentry = old_menuentry.replace(line, BOOT_PARAMETER_PREFIX_LINUXEFI + cmdline)
+                break
+            elif line.startswith(BOOT_PARAMETER_PREFIX_LINUX):
+                new_menuentry = old_menuentry.replace(line, BOOT_PARAMETER_PREFIX_LINUX + cmdline)
                 break
         config = open(HOST_PATH + '/grub/grub.cfg', 'w')
         config.write(old_config.replace(old_menuentry, new_menuentry))

diff --git a/tests/installer_bootloader_grub_test.py b/tests/installer_bootloader_grub_test.py
@@ -68,7 +68,6 @@ def test_set_fips_grub():
     grub_config = os.path.join(current_path, 'installer_bootloader_input/host/grub/grub.cfg')
     tmp_host_path = os.path.join(current_path, 'installer_bootloader_input/_tmp_host')
     tmp_grub_path = os.path.join(tmp_host_path, 'grub')
-    tmp_grub_config = os.path.join(tmp_grub_path, 'grub.cfg')
     os.makedirs(tmp_grub_path, exist_ok=True)
     shutil.copy(grub_config, tmp_grub_path)
 
@@ -89,6 +88,41 @@ def test_set_fips_grub():
     # Cleanup the _tmp_host folder
     shutil.rmtree(tmp_host_path)
 
+
+@patch(
+    "sonic_installer.bootloader.grub.HOST_PATH",
+    os.path.join(
+        os.path.dirname(os.path.abspath(__file__)),
+        'installer_bootloader_input/_tmp_host_efi'
+    )
+)
+def test_set_fips_grub_efi():
+    # Prepare the grub.cfg in the _tmp_host folder
+    current_path = os.path.dirname(os.path.abspath(__file__))
+    grub_config = os.path.join(current_path, 'installer_bootloader_input/host/grub/grub_efi.cfg')
+    tmp_host_path = os.path.join(current_path, 'installer_bootloader_input/_tmp_host_efi')
+    tmp_grub_path = os.path.join(tmp_host_path, 'grub')
+    os.makedirs(tmp_grub_path, exist_ok=True)
+    tmp_grub_config = os.path.join(tmp_grub_path, 'grub.cfg')
+    shutil.copy(grub_config, tmp_grub_config)
+
+    image = 'SONiC-OS-internal-202205.57377412-84a9a7f11b'
+    bootloader = grub.GrubBootloader()
+
+    # The the default setting
+    assert not bootloader.get_fips(image)
+
+    # Test fips enabled
+    bootloader.set_fips(image, True)
+    assert bootloader.get_fips(image)
+
+    # Test fips disabled
+    bootloader.set_fips(image, False)
+    assert not bootloader.get_fips(image)
+
+    # Cleanup the _tmp_host folder
+    shutil.rmtree(tmp_host_path)
+
 def test_verify_image():
 
     bootloader = grub.GrubBootloader()

diff --git a/tests/installer_bootloader_input/host/grub/grub_efi.cfg b/tests/installer_bootloader_input/host/grub/grub_efi.cfg
@@ -0,0 +1,51 @@
+serial --port=0x3f8 --speed=9600 --word=8 --parity=no --stop=1
+terminal_input console serial
+terminal_output console serial
+
+set timeout=5
+
+if [ -s $prefix/grubenv ]; then
+    load_env
+fi
+if [ "${saved_entry}" ]; then
+    set default="${saved_entry}"
+fi
+if [ "${next_entry}" ]; then
+    set default="${next_entry}"
+    unset next_entry
+    save_env next_entry
+fi
+if [ "${onie_entry}" ]; then
+    set next_entry="${default}"
+    set default="${onie_entry}"
+    unset onie_entry
+    save_env onie_entry next_entry
+fi
+
+menuentry 'SONiC-OS-internal-202205.57377412-84a9a7f11b' {
+        search --no-floppy --label --set=root SONiC-OS
+        echo    'Loading SONiC-OS OS kernel ...'
+        insmod gzio
+        if [ x = xxen ]; then insmod xzio; insmod lzopio; fi
+        insmod part_msdos
+        insmod ext2
+        linuxefi   /image-internal-202205.57377412-84a9a7f11b/boot/vmlinuz-5.10.0-12-2-amd64 root=UUID=df89970c-bf6d-40cf-80fc-a977c89054dd  rw console=tty0 console=ttyS0,9600n8 quiet intel_idle.max_cstate=0                   net.ifnames=0 biosdevname=0                 loop=image-internal-202205.57377412-84a9a7f11b/fs.squashfs loopfstype=squashfs                                       systemd.unified_cgroup_hierarchy=0                 apparmor=1 security=apparmor varlog_size=4096 usbcore.autosuspend=-1 acpi_enforce_resources=lax acpi=noirq
+        echo    'Loading SONiC-OS OS initial ramdisk ...'
+        initrd  /image-internal-202205.57377412-84a9a7f11b/boot/initrd.img-5.10.0-12-2-amd64
+}
+menuentry 'SONiC-OS-master-11298.116581-1a4f95389' {
+        search --no-floppy --label --set=root SONiC-OS
+        echo    'Loading SONiC-OS OS kernel ...'
+        insmod gzio
+        if [ x = xxen ]; then insmod xzio; insmod lzopio; fi
+        insmod part_msdos
+        insmod ext2
+        linuxefi   /image-master-11298.116581-1a4f95389/boot/vmlinuz-5.10.0-12-2-amd64 root=UUID=df89970c-bf6d-40cf-80fc-a977c89054dd  rw console=tty0 console=ttyS0,9600n8 quiet intel_idle.max_cstate=0 sonic_fips=1                  net.ifnames=0 biosdevname=0                 loop=image-master-11298.116581-1a4f95389/fs.squashfs loopfstype=squashfs                                       systemd.unified_cgroup_hierarchy=0                 apparmor=1 security=apparmor varlog_size=4096 usbcore.autosuspend=-1 acpi_enforce_resources=lax acpi=noirq
+        echo    'Loading SONiC-OS OS initial ramdisk ...'
+        initrd  /image-master-11298.116581-1a4f95389/boot/initrd.img-5.10.0-12-2-amd64
+}
+menuentry ONIE {
+        search --no-floppy --label --set=root ONIE-BOOT
+        echo    'Loading ONIE ...'
+        chainloader +1
+}