vboot: do not change screens when dev boot disallowed

In CL:2716747, VB2_SCREEN_DEVELOPER_TO_NORM is pulled up to act
as the root screen in the case of dev boot being disallowed.

As such, the screen changes can be removed from
VB2_SCREEN_DEVELOPER_MODE init() and reinit() functions.
If the user does manage to get into the developer mode screen
while developer mode is disabled, rely on the individual checks
in these functions to prevent booting:

- vb2_ui_developer_mode_boot_internal_action
- vb2_ui_developer_mode_boot_external_action
- vb2_ui_developer_mode_boot_altfw_action

BUG=b:159579189, b:181087237
TEST=make clean && make runtests
BRANCH=none

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic72d30709baeac2fc7e681d973413e2e9c8b0483
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2730669
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2848046
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Tested-by: Nick Vaccaro <nvaccaro@google.com>
Commit-Queue: Chung-Sheng Wu <chungsheng@chromium.org>

2 files changed, 29 insertions, 17 deletions

diff --git a/firmware/2lib/2ui_screens.c b/firmware/2lib/2ui_screens.c
index 7f30af9a..34b64871 100644
--- a/firmware/2lib/2ui_screens.c
+++ b/firmware/2lib/2ui_screens.c
@@ -688,10 +688,6 @@ vb2_error_t developer_mode_init(struct vb2_ui_context *ui)
 	enum vb2_dev_default_boot_target default_boot =
 		vb2api_get_dev_default_boot_target(ui->ctx);
 
-	/* TODO(b/159579189): Split this case into a separate root screen */
-	if (!vb2_dev_boot_allowed(ui->ctx))
-		return vb2_ui_screen_change(ui, VB2_SCREEN_DEVELOPER_TO_NORM);
-
 	/* Don't show "Return to secure mode" button if GBB forces dev mode. */
 	if (vb2_get_gbb(ui->ctx)->flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON)
 		VB2_SET_BIT(ui->state->hidden_item_mask,
@@ -781,10 +777,6 @@ vb2_error_t developer_mode_action(struct vb2_ui_context *ui)
 	const int use_short = vb2api_use_short_dev_screen_delay(ui->ctx);
 	uint64_t elapsed_ms;
 
-	/* TODO(b/159579189): Split this case into a separate root screen */
-	if (!vb2_dev_boot_allowed(ui->ctx))
-		return vb2_ui_screen_change(ui, VB2_SCREEN_DEVELOPER_TO_NORM);
-
 	/* Once any user interaction occurs, stop the timer. */
 	if (ui->key)
 		ui->disable_timer = 1;
diff --git a/tests/vb2_ui_tests.c b/tests/vb2_ui_tests.c
index 39acd2d9..607087e7 100644
--- a/tests/vb2_ui_tests.c
+++ b/tests/vb2_ui_tests.c
@@ -598,6 +598,14 @@ static void developer_tests(void)
 	TEST_EQ(mock_beep_count, 2, "  beeped twice");
 	TEST_TRUE(mock_iters >= mock_vbtlk_total, "  used up mock_vbtlk");
 
+	/* Don't proceed to internal disk after timeout (dev mode disallowed) */
+	reset_common_data(FOR_DEVELOPER);
+	mock_dev_boot_allowed = 0;
+	TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL),
+		VB2_REQUEST_SHUTDOWN,
+		"do not proceed to internal disk after timeout "
+		"(dev mode disallowed)");
+
 	/* Use short delay */
 	reset_common_data(FOR_DEVELOPER);
 	gbb.flags |= VB2_GBB_FLAG_DEV_SCREEN_SHORT_DELAY;
@@ -687,6 +695,15 @@ static void developer_tests(void)
 	TEST_EQ(vb2_developer_menu(ctx), VB2_REQUEST_SHUTDOWN,
 		"default boot from external disk not allowed, don't boot");
 
+	/* Don't proceed to external disk after timeout (dev mode disallowed) */
+	reset_common_data(FOR_DEVELOPER);
+	mock_dev_boot_allowed = 0;
+	mock_default_boot = VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL;
+	TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL),
+		VB2_REQUEST_SHUTDOWN,
+		"do not proceed to external disk after timeout "
+		"(dev mode disallowed)");
+
 	/* If no external disk, don't boot */
 	reset_common_data(FOR_DEVELOPER);
 	add_mock_vbtlk(VB2_ERROR_LK_NO_DISK_FOUND, VB_DISK_FLAG_REMOVABLE);
@@ -727,15 +744,6 @@ static void developer_tests(void)
 			"VB_BUTTON_VOL_UP_LONG_PRESS = boot external");
 	}
 
-	/* If dev mode is disabled, directly goes to to_norm screen */
-	reset_common_data(FOR_DEVELOPER);
-	mock_dev_boot_allowed = 0;
-	TEST_EQ(vb2_developer_menu(ctx), VB2_REQUEST_SHUTDOWN,
-		"if dev mode is disabled, directly goes to to_norm screen");
-	DISPLAYED_EQ("to_norm", VB2_SCREEN_DEVELOPER_TO_NORM, MOCK_IGNORE,
-		     MOCK_IGNORE, MOCK_IGNORE, MOCK_IGNORE, MOCK_IGNORE);
-	DISPLAYED_NO_EXTRA();
-
 	/* Select to_norm in dev menu and confirm */
 	reset_common_data(FOR_DEVELOPER);
 	add_mock_keypress(VB_KEY_UP);
@@ -746,6 +754,18 @@ static void developer_tests(void)
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST), 1,
 		"  disable dev request");
 
+	/* Select to_norm in dev menu and confirm (dev mode disallowed) */
+	reset_common_data(FOR_DEVELOPER);
+	mock_dev_boot_allowed = 0;
+	add_mock_keypress(VB_KEY_UP);
+	add_mock_keypress(VB_KEY_ENTER);
+	add_mock_keypress(VB_KEY_ENTER);
+	TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL),
+		VB2_REQUEST_REBOOT,
+		"select to_norm in dev menu and confirm (dev mode disallowed)");
+	TEST_EQ(vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST), 1,
+		"  disable dev request");
+
 	/* Select to_norm in dev menu and cancel */
 	reset_common_data(FOR_DEVELOPER);
 	add_mock_keypress(VB_KEY_UP);