From 391afeceb5a603fd19f523ffe5906dedf2b39d80 Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Fri, 30 Aug 2019 17:05:59 -0700
Subject: nvmem: allow printing encrypted contents only in DEV images

The dump_nvmem CLI command used for debugging can also print out the
encrypted contents of the NVMEM objects in case it is passed any
command line parameter.

Let's limit this capability to DEV images only.

BRANCH=cr50, cr50-mp
BUG=none
TEST=verified that the contents still can be printed by images built
     with CR50_DEV.

Change-Id: I4e1204f2470b1481453ffd940102d8739b5d5a34
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1779489
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
---
 common/new_nvmem.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/new_nvmem.c b/common/new_nvmem.c
index 90976e1ec0..fee15a3fc0 100644
--- a/common/new_nvmem.c
+++ b/common/new_nvmem.c
@@ -3198,9 +3198,15 @@ test_export_static enum ec_error_list browse_flash_contents(int print)
 
 static int command_dump_nvmem(int argc, char **argv)
 {
+	int print = 1;
+
 	nvmem_disable_commits();
 
-	browse_flash_contents(1 + (argc > 1));
+#ifdef CR50_DEV
+	/* Allow dumping ecnrypted NVMEM contents only to DEV builds. */
+	print += (argc > 1);
+#endif
+	browse_flash_contents(print);
 
 	nvmem_enable_commits();
 
-- 
cgit v1.2.1