Revert "2api: Add vb2_boot_mode in vb2_context denoted the current boot mode"

This reverts commit 2cf76574dbf57c70da3a835f2a45d5619dc058f5.

Reason for revert: b:202258389

Original change's description:
> 2api: Add vb2_boot_mode in vb2_context denoted the current boot mode
>
> Add enum vb2_boot_mode which denotes the most relevant boot mode between
> normal, manual recovery, broken recovery, diagnostic, and developer.
>
> The boot mode constant stores in vb2_context, is exposed externally, and
> decided in vb2api_fw_phase1.
>
> Split out the logic of manual recovery and broken screen. (The broken
> recovery is a recovery boot with !vb2api_allow_recovery)
>
> Add the fifth boot mode, diagnostic boot mode
>
> A boot could match more the one boot mode, this api will pick the most
> relevant boot mode based on the following order:
> 1. Manual recovery boot
> 2. Broken recovery boot
> 3. Diagnostics boot
> 4. Developer boot
> 5. Normal boot
>
> This constant is used in:
> * lib/vboot_api_kernel.c: VbSelectAndLoadKernel()
> * lib/vboot_kernel.c: replace the original vb2_boot_mode
> * coreboot/bootmode for adding elogs
>
> Also bump the vb2sd minor version from 0 to 1.
>
> BUG=b:185551931, b:177196147, b:181931817
> BRANCH=none
> TEST=CC=x86_64-pc-linux-gnu-clang;
>      make clean && make runtests
> TEST=emerge coreboot vboot_reference depthcharge
>
> Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
> Change-Id: I421e4d51c261ba2bdec996a5fb2ebccb33513fa4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2944250
> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>

Bug: b:185551931, b:177196147, b:181931817
Change-Id: Ic184a24f5b580bcaf40d75045476ae77c674dd3d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3209725
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Bhanu Prakash Maiya <bhanumaiya@google.com>

10 files changed, 52 insertions, 153 deletions

diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 53e8e98e..593a12cf 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -89,9 +89,6 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 	if (ctx->flags & VB2_CONTEXT_DISPLAY_INIT)
 		sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE;
 
-	/* Decide the boot mode */
-	vb2_set_boot_mode(ctx);
-
 	/* Return error if recovery is needed */
 	if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
 		/* Always clear RAM when entering recovery mode */
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index bd9ea8ad..54150446 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -734,24 +734,3 @@ char *vb2api_get_debug_info(struct vb2_context *ctx)
 	buf[DEBUG_INFO_MAX_LENGTH] = '\0';
 	return buf;
 }
-
-void vb2_set_boot_mode(struct vb2_context *ctx)
-{
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
-	/* Cast boot mode to non-constant and assign */
-	enum vb2_boot_mode *boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode;
-	*boot_mode = VB2_BOOT_MODE_NORMAL;
-
-	if (sd->recovery_reason) {
-		if (vb2api_allow_recovery(ctx))
-			*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
-		else
-			*boot_mode = VB2_BOOT_MODE_BROKEN_SCREEN;
-	} else if (vb2api_diagnostic_ui_enabled(ctx) &&
-		   vb2_nv_get(ctx, VB2_NV_DIAG_REQUEST)) {
-		*boot_mode = VB2_BOOT_MODE_DIAGNOSTICS;
-	} else if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) {
-		*boot_mode = VB2_BOOT_MODE_DEVELOPER;
-	}
-}
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 19cbdb52..8cc9a923 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -259,58 +259,6 @@ enum vb2_context_flags {
 	VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED = (1 << 27),
 };
 
-/* Boot mode decided in vb2api_fw_phase1.
- *
- * Boot mode is a constant set by verified boot and may be read (but should not
- * be set or cleared) by the caller.
- * The boot modes are mutually exclusive. If a boot fulfill more than one
- * constraints of the listing boot modes, it will be set to the most important
- * one. The priority is the same as the listing order.
- */
-enum vb2_boot_mode {
-	/* Undefined, The boot mode is not set. */
-	VB2_BOOT_MODE_UNDEFINED = 0,
-
-	/*
-	 * Manual recovery boot, regardless of dev mode state.
-	 *
-	 * VB2_CONTEXT_RECOVERY_MODE is set and the recovery is physically
-	 * requested (a.k.a. Manual recovery).  All other recovery requests
-	 * including manual recovery requested by a (compromised) host will end
-	 * up with a broken screen.
-	 */
-	VB2_BOOT_MODE_MANUAL_RECOVERY = 1,
-
-	/*
-	 * Broken screen.
-	 *
-	 * If a recovery boot is not a manual recovery (a.k.a. not requested
-	 * physically), the recovery is not allowed and will end up with
-	 * broken screen.
-	 */
-	VB2_BOOT_MODE_BROKEN_SCREEN = 2,
-
-	/*
-	 * Diagnostic boot.
-	 *
-	 * If diagnostic boot is enabled (a.k.a. vb2api_diagnostic_ui_enabled)
-	 * and the nvdata contains VB2_NV_DIAG_REQUEST from previous boot, it
-	 * will boot to diagnostic mode.
-	 */
-	VB2_BOOT_MODE_DIAGNOSTICS = 3,
-
-	/*
-	 * Developer boot: self-signed kernel okay.
-	 *
-	 * The developer mode switch is set (a.k.a. VB2_CONTEXT_DEVELOPER_MODE)
-	 * and we are in the developer boot mode.
-	 */
-	VB2_BOOT_MODE_DEVELOPER = 4,
-
-	/* Normal boot: kernel must be verified. */
-	VB2_BOOT_MODE_NORMAL = 5,
-};
-
 /* Helper for aligning fields in vb2_context. */
 #define VB2_PAD_STRUCT3(size, align, count) \
 	uint8_t _pad##count[align - (((size - 1) % align) + 1)]
@@ -385,16 +333,6 @@ struct vb2_context {
 	 */
 	uint8_t secdata_fwmp[VB2_SECDATA_FWMP_MAX_SIZE];
 	VB2_PAD_STRUCT(VB2_SECDATA_FWMP_MAX_SIZE, 8);
-
-	/**********************************************************************
-	 * Fields below added in struct version 3.1.
-	 */
-
-	/*
-	 * Mutually exclusive boot mode.
-	 * This constant is initialized after calling vb2api_fw_phase1().
-	 */
-	const enum vb2_boot_mode boot_mode;
 };
 
 /* Resource index for vb2ex_read_resource() */
diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h
index 3d292872..b36e1270 100644
--- a/firmware/2lib/include/2misc.h
+++ b/firmware/2lib/include/2misc.h
@@ -191,19 +191,4 @@ void vb2_clear_recovery(struct vb2_context *ctx);
  */
 void vb2_fill_dev_boot_flags(struct vb2_context *ctx);
 
-/**
- * Determine and set a mutually exclusive boot mode in the vboot context.
- *
- * Determine the most relevant boot mode for current boot, store into
- * ctx->boot_mode, which is a ctx field introduced in struct version 3.1.
- *
- * This function should be only called by vb2api_fw_phase1.
- * The vb2api_fw_phase1 should call this function at its end phase once and all
- * the following steps should directly access ctx->boot_mode to retrieve the
- * most relevant boot mode.
- *
- * @param ctx		Vboot context.
- */
-void vb2_set_boot_mode(struct vb2_context *ctx);
-
 #endif  /* VBOOT_REFERENCE_2MISC_H_ */
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index f442b61f..ea193d74 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -92,7 +92,7 @@ enum vb2_shared_data_status {
 
 /* Current version of vb2_shared_data struct */
 #define VB2_SHARED_DATA_VERSION_MAJOR 3
-#define VB2_SHARED_DATA_VERSION_MINOR 1
+#define VB2_SHARED_DATA_VERSION_MINOR 0
 
 /* MAX_SIZE should not be changed without bumping up DATA_VERSION_MAJOR. */
 #define VB2_CONTEXT_MAX_SIZE 384
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 13e2a6a1..2abd57eb 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -180,15 +180,13 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
 	}
 
 	/*
-	 * If in the broken screen, save the recovery reason as subcode.
+	 * If in non-manual recovery mode, save the recovery reason as subcode.
 	 * Otherwise, clear any leftover recovery requests or subcodes.
 	 */
 	vb2_clear_recovery(ctx);
 
 	/* Select boot path */
-	switch (ctx->boot_mode) {
-	case VB2_BOOT_MODE_MANUAL_RECOVERY:
-	case VB2_BOOT_MODE_BROKEN_SCREEN:
+	if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
 		/* If we're in recovery mode just to do memory retraining, all
 		   we need to do is reboot. */
 		if (sd->recovery_reason == VB2_RECOVERY_TRAIN_AND_REBOOT) {
@@ -213,12 +211,12 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
 			VB2_DEBUG("NO_BOOT in RECOVERY mode\n");
 
 		/* Recovery boot.  This has UI. */
-		if (ctx->boot_mode == VB2_BOOT_MODE_MANUAL_RECOVERY)
+		if (vb2api_allow_recovery(ctx))
 			VB2_TRY(vb2ex_manual_recovery_ui(ctx));
 		else
 			VB2_TRY(vb2ex_broken_screen_ui(ctx));
-		break;
-	case VB2_BOOT_MODE_DIAGNOSTICS:
+	} else if (vb2api_diagnostic_ui_enabled(ctx) &&
+		   vb2_nv_get(ctx, VB2_NV_DIAG_REQUEST)) {
 		/*
 		 * Need to clear the request flag and commit nvdata changes
 		 * immediately to avoid booting back into diagnostic tool when a
@@ -234,16 +232,12 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
 		 * return either of reboot or shutdown.
 		 */
 		return VB2_REQUEST_REBOOT;
-	case VB2_BOOT_MODE_DEVELOPER:
+	} else if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) {
 		/* Developer boot.  This has UI. */
 		VB2_TRY(vb2ex_developer_ui(ctx));
-		break;
-	case VB2_BOOT_MODE_NORMAL:
+	} else {
 		/* Normal boot */
 		VB2_TRY(vb2_normal_boot(ctx));
-		break;
-	default:
-		return VB2_ERROR_ESCAPE_NO_BOOT;
 	}
 
 	/*
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 2c71d163..34a8a426 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -6,7 +6,6 @@
  * (Firmware portion)
  */
 
-#include "2api.h"
 #include "2common.h"
 #include "2misc.h"
 #include "2nvstorage.h"
@@ -32,6 +31,34 @@ enum vb2_load_partition_flags {
 
 #define LOWEST_TPM_VERSION 0xffffffff
 
+enum vb2_boot_mode {
+	/* Normal boot: kernel must be verified. */
+	VB2_BOOT_MODE_NORMAL = 0,
+
+	/* Recovery boot, regardless of dev mode state. */
+	VB2_BOOT_MODE_RECOVERY = 1,
+
+	/* Developer boot: self-signed kernel okay. */
+	VB2_BOOT_MODE_DEVELOPER = 2,
+};
+
+/**
+ * Return the current boot mode (normal, recovery, or dev).
+ *
+ * @param ctx          Vboot context
+ * @return Current boot mode (see vb2_boot_mode enum).
+ */
+static enum vb2_boot_mode get_boot_mode(struct vb2_context *ctx)
+{
+	if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
+		return VB2_BOOT_MODE_RECOVERY;
+
+	if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
+		return VB2_BOOT_MODE_DEVELOPER;
+
+	return VB2_BOOT_MODE_NORMAL;
+}
+
 /**
  * Check if a valid keyblock is required.
  *
@@ -42,7 +69,7 @@ enum vb2_load_partition_flags {
 static int need_valid_keyblock(struct vb2_context *ctx)
 {
 	/* Normal and recovery modes always require official OS */
-	if (ctx->boot_mode != VB2_BOOT_MODE_DEVELOPER)
+	if (get_boot_mode(ctx) != VB2_BOOT_MODE_DEVELOPER)
 		return 1;
 
 	/* FWMP can require developer mode to use signed kernels */
@@ -237,8 +264,9 @@ static vb2_error_t vb2_verify_kernel_vblock(
 	}
 
 	/* Check for rollback of key version except in recovery mode. */
+	enum vb2_boot_mode boot_mode = get_boot_mode(ctx);
 	uint32_t key_version = keyblock->data_key.key_version;
-	if (ctx->boot_mode != VB2_BOOT_MODE_MANUAL_RECOVERY) {
+	if (boot_mode != VB2_BOOT_MODE_RECOVERY) {
 		if (key_version < (sd->kernel_version_secdata >> 16)) {
 			keyblock_valid = 0;
 			if (need_keyblock_valid) {
@@ -260,7 +288,7 @@ static vb2_error_t vb2_verify_kernel_vblock(
 	}
 
 	/* If in developer mode and using key hash, check it. */
-	if (ctx->boot_mode == VB2_BOOT_MODE_DEVELOPER &&
+	if (boot_mode == VB2_BOOT_MODE_DEVELOPER &&
 	    vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_USE_KEY_HASH)) {
 		VB2_TRY(vb2_verify_kernel_dev_key_hash(ctx, keyblock));
 	}
@@ -328,7 +356,7 @@ static vb2_error_t vb2_verify_kernel_vblock(
 
 	/* If not in recovery mode, check for rollback of the kernel version. */
 	if (need_keyblock_valid &&
-	    ctx->boot_mode != VB2_BOOT_MODE_MANUAL_RECOVERY &&
+	    boot_mode != VB2_BOOT_MODE_RECOVERY &&
 	    sd->kernel_version < sd->kernel_version_secdata) {
 		VB2_DEBUG("Kernel version too low.\n");
 		return VB2_ERROR_KERNEL_PREAMBLE_VERSION_ROLLBACK;
@@ -711,7 +739,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx,
 		 * non-officially-signed kernel, there's no rollback
 		 * protection, so we can stop at the first valid kernel.
 		 */
-		if (ctx->boot_mode == VB2_BOOT_MODE_MANUAL_RECOVERY ||
+		if (get_boot_mode(ctx) == VB2_BOOT_MODE_RECOVERY ||
 		    !keyblock_valid) {
 			VB2_DEBUG("In recovery mode or dev-signed kernel\n");
 			break;
diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c
index c1e71afa..f122eb38 100644
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -80,9 +80,6 @@ static void test_slk(vb2_error_t retval, int recovery_reason, const char *desc)
 		ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
 
 	expected_recovery_reason = recovery_reason;
-	/* The VbSelectAndLoadKernel directly leverages the value at
-	   ctx->boot_mode, so we have to call vb2_set_boot_mode first. */
-	vb2_set_boot_mode(ctx);
 	TEST_EQ(VbSelectAndLoadKernel(ctx, &kparams), retval, desc);
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST),
 		recovery_reason, "  recovery reason");
diff --git a/tests/vboot_kernel2_tests.c b/tests/vboot_kernel2_tests.c
index 30bef640..5424e86c 100644
--- a/tests/vboot_kernel2_tests.c
+++ b/tests/vboot_kernel2_tests.c
@@ -47,7 +47,6 @@ static struct vb2_shared_data *sd;
 static struct vb2_workbuf wb;
 static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]
 	__attribute__((aligned(VB2_WORKBUF_ALIGN)));
-static enum vb2_boot_mode *boot_mode;
 
 static VbSelectAndLoadKernelParams lkp;
 static VbDiskInfo disk_info;
@@ -83,9 +82,6 @@ static void reset_common_data(void)
 	vb2_secdata_kernel_init(ctx);
 	ctx->flags = VB2_CONTEXT_RECOVERY_MODE;
 
-	boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
-
 	sd = vb2_get_sd(ctx);
 	sd->kernel_version_secdata = 0xabcdef | (1 << 24);
 
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 1f77cc5c..14e7e1f2 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -51,7 +51,6 @@ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]
 static struct vb2_context *ctx;
 static struct vb2_shared_data *sd;
 static struct vb2_packed_key mock_key;
-static enum vb2_boot_mode *boot_mode;
 
 /**
  * Reset mock data (for use before each test)
@@ -115,9 +114,6 @@ static void ResetMocks(void)
 	fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp;
 	memcpy(&fwmp->dev_key_hash, mock_digest, sizeof(fwmp->dev_key_hash));
 
-	boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode;
-	*boot_mode = VB2_BOOT_MODE_NORMAL;
-
 	// TODO: more workbuf fields - flags, secdata_firmware
 
 	vb2api_secdata_kernel_create(ctx);
@@ -341,7 +337,6 @@ static void LoadKernelTest(void)
 	/* In dev mode, fail if hash is bad too */
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	keyblock_verify_fail = 2;
 	TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
 		       "Fail key block dev hash");
@@ -349,7 +344,6 @@ static void LoadKernelTest(void)
 	/* But just bad sig is ok */
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	keyblock_verify_fail = 1;
 	TestLoadKernel(0, "Succeed keyblock dev sig");
 	TEST_EQ(sd->flags & VB2_SD_FLAG_KERNEL_SIGNED, 0, "  use hash");
@@ -357,7 +351,6 @@ static void LoadKernelTest(void)
 	/* In dev mode and requiring signed kernel, fail if sig is bad */
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1);
 	keyblock_verify_fail = 1;
 	TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
@@ -365,7 +358,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY;
 	keyblock_verify_fail = 1;
 	TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
@@ -395,7 +387,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_1
 		| VB2_KEYBLOCK_FLAG_MINIOS_0;
@@ -404,7 +395,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_0
 		| VB2_KEYBLOCK_FLAG_MINIOS_0;
@@ -412,7 +402,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_0
 		| VB2_KEYBLOCK_FLAG_MINIOS_0;
@@ -421,7 +410,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_1
 		| VB2_KEYBLOCK_FLAG_MINIOS_0;
@@ -430,7 +418,6 @@ static void LoadKernelTest(void)
 	/* Check keyblock flags (dev mode + signed kernel required) */
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1);
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_0
@@ -440,7 +427,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY;
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_1
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_0
@@ -450,7 +436,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY;
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_0
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_0
@@ -460,7 +445,6 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
 	vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1);
 	kbh.keyblock_flags = VB2_KEYBLOCK_FLAG_RECOVERY_0
 		| VB2_KEYBLOCK_FLAG_DEVELOPER_1
@@ -493,12 +477,12 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	kbh.data_key.key_version = 1;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	TestLoadKernel(0, "Key version ignored in dev mode");
 
 	ResetMocks();
 	kbh.data_key.key_version = 1;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
+	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
 	TestLoadKernel(0, "Key version ignored in rec mode");
 
 	ResetMocks();
@@ -516,18 +500,18 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	kph.kernel_version = 0;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	TestLoadKernel(0, "Kernel version ignored in dev mode");
 
 	ResetMocks();
 	kph.kernel_version = 0;
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
+	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
 	TestLoadKernel(0, "Kernel version ignored in rec mode");
 
 	/* Check kernel version (dev mode + signed kernel required) */
 	ResetMocks();
 	kbh.data_key.key_version = 0;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1);
 	TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
 		       "Keyblock key version checked in dev mode "
@@ -535,7 +519,7 @@ static void LoadKernelTest(void)
 
 	ResetMocks();
 	kbh.data_key.key_version = 0;
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY;
 	TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
 		       "Keyblock key version checked in dev mode "
@@ -543,7 +527,7 @@ static void LoadKernelTest(void)
 
 	/* Check developer key hash - bad */
 	ResetMocks();
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH;
 	fwmp->dev_key_hash[0]++;
 	TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
@@ -551,14 +535,15 @@ static void LoadKernelTest(void)
 
 	/* Check developer key hash - bad (recovery mode) */
 	ResetMocks();
-	*boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY;
+	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH;
 	fwmp->dev_key_hash[0]++;
 	TestLoadKernel(0, "Bad keyblock dev fwmp hash ignored in rec mode");
 
 	/* Check developer key hash - good */
 	ResetMocks();
-	*boot_mode = VB2_BOOT_MODE_DEVELOPER;
+	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH;
 	TestLoadKernel(0, "Good keyblock dev fwmp hash");