Call VbExEcRunningRW to set IN_RW flag

CL:693008 changed check_ac_active so that we ask CR50 to verify EC
is in RO. While this is the right decision, on some platforms ECs
can't reset EC_IN_RW. This causes check_ec_active to set IN_RW
wrongly when EC is in RO after reboot.

This patch replaces VbExTrustEC with VbExEcRunningRW. If RW is
owned it may say it's in RO. Then, the software sync will proceed
and flash RW while the EC is running RW copy.

It also removes redundant checks for VbExTrustEC() when deciding
whether to allow developer mode to be enabled from the INSERT
screen. The INSERT screen can only be reached by manual recovery,
which resets the EC, we don't need to check again before going to
TODEV.

BUG=b:67976359
BRANCH=none
TEST=make runtests

Change-Id: Ide722146ca8683411dd9072a39387aa9531f6cfc
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/740878

1 files changed, 6 insertions, 1 deletions

diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index 1c826667..60483b2c 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -217,7 +217,12 @@ int vb2_allow_recovery(uint32_t flags)
 	if (flags & VBSD_BOOT_DEV_SWITCH_ON)
 		return 1;
 
-	/* If EC is in RW, it implies recovery wasn't manually requested. */
+	/*
+	 * If EC is in RW, it implies recovery wasn't manually requested.
+	 * On some platforms, EC_IN_RW can't be reset by the EC, thus, this may
+	 * return false (=RW). That's ok because if recovery is manual, we will
+	 * get the right signal and that's the case we care about.
+	 */
 	if (!VbExTrustEC(0))
 		return 0;