vboot: do not check for VB2_CONTEXT_FORCE_DEVELOPER_MODEstabilize-11998.B

As part of chromium:942901, physical dev switch functionality
is being deprecated.

VB2_CONTEXT_FORCE_DEVELOPER_MODE is for the express purpose
of enabling developer mode when the physical dev switch is
on.  (See: coreboot's src/security/vboot/vboot_logic.c)

Remove the check of this context flag for deciding whether
developer mode is enabled.

In order to retain a path to developer mode on devices
with physical dev switch, this CL depends on
VBSD_HONOR_VIRT_DEV_SWITCH check being removed first
(see CL:1526070).  (Alternately, we can wait for CB:31943
to be merged and pulled downstream.)

This constant will be marked as deprecated in a subsequent
CL, once the coreboot CL has been pulled downstream.

BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1526070
BRANCH=none

Change-Id: I81b54b9e2b8d3c6f9c00b40dd0771cda0585037c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1524757
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

3 files changed, 2 insertions, 24 deletions

diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 2f68639e..5d82fc03 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -258,10 +258,6 @@ int vb2_check_dev_switch(struct vb2_context *ctx)
 	if (flags & VB2_SECDATA_FLAG_DEV_MODE)
 		is_dev = 1;
 
-	/* Handle forcing dev mode via physical switch */
-	if (ctx->flags & VB2_CONTEXT_FORCE_DEVELOPER_MODE)
-		is_dev = 1;
-
 	/* Check if GBB is forcing dev mode */
 	if (sd->gbb_flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON)
 		is_dev = 1;
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 9bf67727..ac4b0587 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -78,6 +78,8 @@ enum vb2_context_flags {
 	/*
 	 * Force developer mode enabled.  Caller may set this flag when
 	 * initializing the context.
+	 *
+	 * Deprecated as part of chromium:942901.
 	 */
 	VB2_CONTEXT_FORCE_DEVELOPER_MODE = (1 << 5),
 
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index 1bb9686f..f17ac1b1 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -377,16 +377,6 @@ static void dev_switch_tests(void)
 		"  doesn't set dev on in secdata but does set last boot dev");
 	TEST_EQ(mock_tpm_clear_called, 1, "  tpm clear");
 
-	/* Force enabled by ctx flag */
-	reset_common_data();
-	cc.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
-	TEST_SUCC(vb2_check_dev_switch(&cc), "dev on via ctx flag");
-	TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, "  sd in dev");
-	vb2_secdata_get(&cc, VB2_SECDATA_FLAGS, &v);
-	TEST_EQ(v, VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER,
-		"  doesn't set dev on in secdata but does set last boot dev");
-	TEST_EQ(mock_tpm_clear_called, 1, "  tpm clear");
-
 	/* Request disable by ctx flag */
 	reset_common_data();
 	vb2_secdata_set(&cc, VB2_SECDATA_FLAGS,
@@ -453,16 +443,6 @@ static void dev_switch_tests(void)
 	TEST_NEQ(cc.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, "  ctx in dev");
 	TEST_EQ(mock_tpm_clear_called, 1, "  tpm clear");
 
-	/* Can still override with context flag */
-	reset_common_data();
-	cc.flags |= VB2_CONTEXT_RECOVERY_MODE;
-	cc.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
-	sd->status &= ~VB2_SD_STATUS_SECDATA_INIT;
-	TEST_SUCC(vb2_check_dev_switch(&cc), "secdata fail recovery ctx");
-	TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, "  sd in dev");
-	TEST_NEQ(cc.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, "  ctx in dev");
-	TEST_EQ(mock_tpm_clear_called, 1, "  tpm clear");
-
 	/* Force wipeout by ctx flag */
 	reset_common_data();
 	cc.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE;