diff options
author | Joel Kitching <kitching@google.com> | 2019-03-17 18:14:18 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-26 13:20:09 -0700 |
commit | 3d8d93b1e2688b703b55cf471a737e44baf3f144 (patch) | |
tree | 3704740e83ce068af05c6a90c2e80153662624f4 | |
parent | e1761d644a336f98a73d65317eea90fb7c81d24f (diff) | |
download | vboot-3d8d93b1e2688b703b55cf471a737e44baf3f144.tar.gz |
vboot: do not check for VB2_CONTEXT_FORCE_DEVELOPER_MODEstabilize-11998.B
As part of chromium:942901, physical dev switch functionality
is being deprecated.
VB2_CONTEXT_FORCE_DEVELOPER_MODE is for the express purpose
of enabling developer mode when the physical dev switch is
on. (See: coreboot's src/security/vboot/vboot_logic.c)
Remove the check of this context flag for deciding whether
developer mode is enabled.
In order to retain a path to developer mode on devices
with physical dev switch, this CL depends on
VBSD_HONOR_VIRT_DEV_SWITCH check being removed first
(see CL:1526070). (Alternately, we can wait for CB:31943
to be merged and pulled downstream.)
This constant will be marked as deprecated in a subsequent
CL, once the coreboot CL has been pulled downstream.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1526070
BRANCH=none
Change-Id: I81b54b9e2b8d3c6f9c00b40dd0771cda0585037c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1524757
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
-rw-r--r-- | firmware/2lib/2misc.c | 4 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 2 | ||||
-rw-r--r-- | tests/vb2_misc_tests.c | 20 |
3 files changed, 2 insertions, 24 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 2f68639e..5d82fc03 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -258,10 +258,6 @@ int vb2_check_dev_switch(struct vb2_context *ctx) if (flags & VB2_SECDATA_FLAG_DEV_MODE) is_dev = 1; - /* Handle forcing dev mode via physical switch */ - if (ctx->flags & VB2_CONTEXT_FORCE_DEVELOPER_MODE) - is_dev = 1; - /* Check if GBB is forcing dev mode */ if (sd->gbb_flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON) is_dev = 1; diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 9bf67727..ac4b0587 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -78,6 +78,8 @@ enum vb2_context_flags { /* * Force developer mode enabled. Caller may set this flag when * initializing the context. + * + * Deprecated as part of chromium:942901. */ VB2_CONTEXT_FORCE_DEVELOPER_MODE = (1 << 5), diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index 1bb9686f..f17ac1b1 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -377,16 +377,6 @@ static void dev_switch_tests(void) " doesn't set dev on in secdata but does set last boot dev"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - /* Force enabled by ctx flag */ - reset_common_data(); - cc.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; - TEST_SUCC(vb2_check_dev_switch(&cc), "dev on via ctx flag"); - TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev"); - vb2_secdata_get(&cc, VB2_SECDATA_FLAGS, &v); - TEST_EQ(v, VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER, - " doesn't set dev on in secdata but does set last boot dev"); - TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - /* Request disable by ctx flag */ reset_common_data(); vb2_secdata_set(&cc, VB2_SECDATA_FLAGS, @@ -453,16 +443,6 @@ static void dev_switch_tests(void) TEST_NEQ(cc.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx in dev"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - /* Can still override with context flag */ - reset_common_data(); - cc.flags |= VB2_CONTEXT_RECOVERY_MODE; - cc.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; - TEST_SUCC(vb2_check_dev_switch(&cc), "secdata fail recovery ctx"); - TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev"); - TEST_NEQ(cc.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx in dev"); - TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - /* Force wipeout by ctx flag */ reset_common_data(); cc.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE; |