Fixed a bug regarding secure upgrade verify

Fixed return value from cms verification script used for secure upgrade. Also modified and added prints to be similar to ONIE verification
sonic-net · Nov 9, 2022 · e5f3d6f · e5f3d6f
1 parent 3cf5935
commit e5f3d6f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/scripts/verify_image_sign.sh b/scripts/verify_image_sign.sh
@@ -25,7 +25,7 @@ clean_up ()
 {
     if  [ -d ${EFI_CERTS_DIR} ]; then rm -rf ${EFI_CERTS_DIR}; fi
     if  [ -d "${TMP_DIR}" ]; then rm -rf ${TMP_DIR}; fi
-    exit $?
+    exit $1
 }
 
 TMP_DIR=$(mktemp -d)
@@ -63,13 +63,13 @@ for file in $(ls $EFI_CERTS_DIR | grep "db-"); do
     LOG=$(verify_image_sign_common $image_file $DATA_FILE $CMS_SIG_FILE)
     VALIDATION_RES=$?
     if [ $VALIDATION_RES -eq 0 ]; then
-        RESULT="CMS Verified OK this is using efi keys"
+        RESULT="CMS Verified OK using efi keys"
         echo "verification ok:$RESULT"
         # No need to continue.
         # Exit without error if any success signature verification.
         clean_up 0
     fi
 done
-echo "Error: image not verified $LOG"
+echo "Failure: CMS signature Verification Failed: $LOG"
 
 clean_up 1
diff --git a/scripts/verify_image_sign_common.sh b/scripts/verify_image_sign_common.sh
@@ -21,7 +21,7 @@ RESULT="CMS Verification Failure"
 LOG=$(openssl cms -verify $no_check_time -noout -CAfile $EFI_CERTS_DIR/cert.pem -binary -in ${CMS_SIG_FILE} -content ${DATA_FILE} -inform pem 2>&1 > /dev/null )
 VALIDATION_RES=$?
 if [ $VALIDATION_RES -eq 0 ]; then
-    RESULT="CMS Verified OK this is using efi keys"
+    RESULT="CMS Verified OK"
     if  [ -d "${TMP_DIR}" ]; then rm -rf ${TMP_DIR}; fi
     echo "verification ok:$RESULT"
     # No need to continue.