2 files changed, 17 insertions, 2 deletions

diff --git a/board/cr50/board.h b/board/cr50/board.h
index 3dd8b100cf..f85d938b29 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -342,6 +342,7 @@ void board_reboot_ec(void);
 void board_closed_loop_reset(void);
 int board_wipe_tpm(int reset_required);
 int board_is_first_factory_boot(void);
+int board_fwmp_fips_mode_enabled(void);
 
 int usb_i2c_board_enable(void);
 void usb_i2c_board_disable(void);
diff --git a/board/cr50/wp.c b/board/cr50/wp.c
index f14608faa3..8e9be0edeb 100644
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -370,11 +370,12 @@ int board_wipe_tpm(int reset_required)
 
 /*
  * These definitions and the structure layout were manually copied from
- * src/platform/vboot_reference/firmware/lib/include/rollback_index.h. at
- * git sha c7282f6.
+ * src/platform/vboot_reference/firmware/2lib/include/2secdata.h. at
+ * git sha 38d7d1c.
  */
 #define FWMP_HASH_SIZE		    32
 #define FWMP_DEV_DISABLE_CCD_UNLOCK BIT(6)
+#define FWMP_DEV_FIPS_MODE	    BIT(7)
 #define FIRMWARE_FLAG_DEV_MODE      0x02
 
 struct RollbackSpaceFirmware {
@@ -460,6 +461,19 @@ int board_fwmp_allows_unlock(void)
 #endif
 }
 
+int board_fwmp_fips_mode_enabled(void)
+{
+	struct RollbackSpaceFirmware fw;
+
+	if (tpm_read_success ==
+	    read_tpm_nvmem(FIRMWARE_NV_INDEX, sizeof(fw), &fw)) {
+		return !!(fw.flags & FWMP_DEV_FIPS_MODE);
+	}
+
+	/* If not found or other error, assume fips mode is disabled */
+	return 0;
+}
+
 int board_vboot_dev_mode_enabled(void)
 {
 	struct RollbackSpaceFirmware fw;