[3.0] Documentation: Add references to ARM64 3.0 ISO (#11328)

anphel31 · web-flow · commit 111d62002787 · 2024-12-06T17:01:08.000-05:00
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ Instructions for building Azure Linux 3.0 may be found here: [Toolkit Documentat
 
 ### ISO
 
-To try Azure Linux Download the ISO here: [Azure Linux 3.0 x86_64 ISO](https://aka.ms/azurelinux-3.0-x86_64.iso)
+To try Azure Linux Download the ISO here: [Azure Linux 3.0 x86_64 ISO](https://aka.ms/azurelinux-3.0-x86_64.iso) / [Azure Linux 3.0 aarch64 ISO](https://aka.ms/azurelinux-3.0-aarch64.iso)
 
 Before using a downloaded ISO, [verify the checksum and signature of the image](toolkit/docs/security/iso-image-verification.md).
 
diff --git a/toolkit/docs/security/iso-image-verification.md b/toolkit/docs/security/iso-image-verification.md
@@ -2,6 +2,7 @@
 
 It is strongly recommended that the integrity of the image is verified after downloading it. This is a two-step process. First, ensure that the checksum file has not been tampered with by verifying the signature against Azure Linux's RPM signing public key. Second, check that the ISO image was not corrupted during the download. The following bash script shows the commands necessary to download the iso image and check the signature:
 
+# x86_64 ISO verification:
 ```bash
 # Download the necessary files
 wget https://aka.ms/AzureLinux-3.0-x86_64.iso
@@ -26,3 +27,29 @@ gpg --verify "$SIGNATURE_FILE" "$CHECKSUM_FILE"
 dos2unix "$CHECKSUM_FILE"
 sha256sum --check "$CHECKSUM_FILE"
 ```
+
+# aarch64 ISO verification:
+```bash
+# Download the necessary files
+wget https://aka.ms/AzureLinux-3.0-aarch64.iso
+wget https://aka.ms/azurelinux-3.0-aarch64-iso-checksum
+wget https://aka.ms/azurelinux-3.0-aarch64-iso-checksum-signature
+wget https://raw.githubusercontent.com/microsoft/azurelinux/3.0/SPECS/azurelinux-repos/MICROSOFT-RPM-GPG-KEY
+
+# Set Variables for the checksum and signature file names
+CHECKSUM_FILE="azurelinux-3.0-aarch64-iso-checksum"
+SIGNATURE_FILE="azurelinux-3.0-aarch64-iso-checksum-signature"
+
+# Import the RPM signing public key into the local GPG keystore
+gpg --import MICROSOFT-RPM-GPG-KEY
+
+# Verify that the checksum file was produced by the Azure Linux team
+# The output of this command should contain the following string:
+# 'Good signature from "Azure Linux RPM Release Signing <marinerrpmprod@microsoft.com>"'
+gpg --verify "$SIGNATURE_FILE" "$CHECKSUM_FILE"
+
+# Verify that the ISO image checksum matches the expected checksum
+# We need to fix the line endings on the signature file to get sha256sum to accept it
+dos2unix "$CHECKSUM_FILE"
+sha256sum --check "$CHECKSUM_FILE"
+```
