vboot: add vb2api_phone_recovery_ui_enabled()stabilize-quickfix-13310.91.Bstabilize-quickfix-13310.76.Bstabilize-quickfix-13310.73.Bstabilize-13310.99.Bstabilize-13310.94.Bstabilize-13310.83.Bstabilize-13310.74.Bstabilize-13310.72.Brelease-R85-13310.B

Add a new flag VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED to
vb2_secdata_kernel_flags to separate phone recovery functionality from
UI instructions. Also add vb2api_phone_recovery_ui_enabled() to control
the UI behavior.

BRANCH=none
BUG=b:156532222
TEST=make runtests

Cq-Depend: chromium:2260155
Change-Id: Ib91a206e680ba2cb47762d8a5c0c0ce146918b7d
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2259632
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>

7 files changed, 50 insertions, 10 deletions

diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c
index 3155d189..dd91ec83 100644
--- a/firmware/2lib/2kernel.c
+++ b/firmware/2lib/2kernel.c
@@ -143,9 +143,10 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx)
 		return rv;
 	}
 
-	/* Enable phone recovery */
+	/* Enable phone recovery while disabling the UI */
 	secdata_flags = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS);
 	secdata_flags &= ~VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_DISABLED;
+	secdata_flags |= VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED;
 	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, secdata_flags);
 
 	/* Read kernel version from secdata. */
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index eaab89d9..86b866de 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -506,6 +506,17 @@ int vb2api_phone_recovery_enabled(struct vb2_context *ctx)
 		 VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_DISABLED);
 }
 
+int vb2api_phone_recovery_ui_enabled(struct vb2_context *ctx)
+{
+	/*
+	 * When phone recovery functionality is disabled, return 0 even if
+	 * PHONE_RECOVERY_UI_DISABLED is not set.
+	 */
+	return vb2api_phone_recovery_enabled(ctx) &&
+	       !(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS) &
+		 VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED);
+}
+
 enum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target(
 	struct vb2_context *ctx)
 {
diff --git a/firmware/2lib/2ui_screens.c b/firmware/2lib/2ui_screens.c
index b41146d7..042d6d4c 100644
--- a/firmware/2lib/2ui_screens.c
+++ b/firmware/2lib/2ui_screens.c
@@ -196,7 +196,7 @@ static const struct vb2_screen_info advanced_options_screen = {
 vb2_error_t recovery_select_init(struct vb2_ui_context *ui)
 {
 	ui->state.selected_item = RECOVERY_SELECT_ITEM_PHONE;
-	if (!vb2api_phone_recovery_enabled(ui->ctx)) {
+	if (!vb2api_phone_recovery_ui_enabled(ui->ctx)) {
 		VB2_DEBUG("WARNING: Phone recovery not available\n");
 		ui->state.disabled_item_mask |=
 			1 << RECOVERY_SELECT_ITEM_PHONE;
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 1696289a..9131dea0 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -854,13 +854,21 @@ uint32_t vb2api_get_recovery_reason(struct vb2_context *ctx);
 uint32_t vb2api_get_locale_id(struct vb2_context *ctx);
 
 /**
- * Whether phone recovery is enabled or not.
+ * Whether phone recovery functionality is enabled or not.
  *
  * @param ctx		Vboot context
  * @return 1 if enabled, 0 if disabled.
  */
 int vb2api_phone_recovery_enabled(struct vb2_context *ctx);
 
+/**
+ * Whether phone recovery instructions in recovery UI are enabled or not.
+ *
+ * @param ctx		Vboot context
+ * @return 1 if enabled, 0 if disabled.
+ */
+int vb2api_phone_recovery_ui_enabled(struct vb2_context *ctx);
+
 /* Default boot target in developer mode. */
 enum vb2_dev_default_boot_target {
 	/* Default to boot from internal disk. */
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index 56ebb3b2..3b2fa3ca 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -89,15 +89,17 @@ enum vb2_secdata_kernel_param {
 /* Flags for kernel space */
 enum vb2_secdata_kernel_flags {
 	/*
-	 * Phone recovery is disabled.
+	 * Phone recovery functionality is disabled.
 	 *
-	 * RW firmware currently sets this flag to disable phone recovery on
-	 * first boot (see function vb2api_kernel_phase1()).  A future RW update
-	 * will flip this flag back to 0 when phone recovery is ready.  In the
-	 * case that there are TPM communication issues, phone recovery is
-	 * enabled by the default value of 0.  See b/147744345 for details.
+	 * RW firmware currently clears this flag to enable phone recovery on
+	 * first boot (see function vb2api_kernel_phase1()).  In the case that
+	 * there are TPM communication issues, phone recovery is enabled by the
+	 * default value of 0.  See b/147744345 for details.
 	 */
 	VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_DISABLED = (1 << 0),
+
+	/* Phone recovery instructions in recovery UI are disabled. */
+	VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED = (1 << 1),
 };
 
 /**
diff --git a/tests/vb2_kernel_tests.c b/tests/vb2_kernel_tests.c
index 09ef7067..216776de 100644
--- a/tests/vb2_kernel_tests.c
+++ b/tests/vb2_kernel_tests.c
@@ -213,9 +213,11 @@ static void phase1_tests(void)
 		"  key data");
 	TEST_EQ(sd->kernel_version_secdata, 0x20002,
 		"  secdata_kernel version");
-	/* Make sure phone recovery is enabled */
+	/* Make sure phone recovery functionality is enabled, but UI disabled */
 	TEST_EQ(vb2api_phone_recovery_enabled(ctx), 1,
 		"  phone recovery enabled");
+	TEST_EQ(vb2api_phone_recovery_ui_enabled(ctx), 0,
+		"  phone recovery ui disabled");
 
 	/* Bad secdata_fwmp causes failure in normal mode only */
 	reset_common_data(FOR_PHASE1);
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index b82076f4..0f89ee51 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -839,6 +839,8 @@ static void phone_recovery_enabled_tests(void)
 	vb2_secdata_kernel_init(ctx);
 	TEST_EQ(vb2api_phone_recovery_enabled(ctx), 1,
 		"phone recovery enabled");
+	TEST_EQ(vb2api_phone_recovery_ui_enabled(ctx), 1,
+		"  ui also enabled");
 
 	/* Phone recovery disabled */
 	reset_common_data();
@@ -848,6 +850,20 @@ static void phone_recovery_enabled_tests(void)
 			       VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_DISABLED);
 	TEST_EQ(vb2api_phone_recovery_enabled(ctx), 0,
 		"phone recovery disabled");
+	TEST_EQ(vb2api_phone_recovery_ui_enabled(ctx), 0,
+		"  ui also disabled");
+
+	/* Only UI disabled */
+	reset_common_data();
+	vb2api_secdata_kernel_create(ctx);
+	vb2_secdata_kernel_init(ctx);
+	vb2_secdata_kernel_set(
+		ctx, VB2_SECDATA_KERNEL_FLAGS,
+		VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED);
+	TEST_EQ(vb2api_phone_recovery_enabled(ctx), 1,
+		"phone recovery enabled again");
+	TEST_EQ(vb2api_phone_recovery_ui_enabled(ctx), 0,
+		"  ui disabled");
 }
 
 static void dev_default_boot_tests(void)