diff options
author | Julius Werner <jwerner@chromium.org> | 2018-03-22 14:38:11 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-03-26 20:16:25 -0700 |
commit | 3f896a5b638c26632098ff9fdf563686a55c10dd (patch) | |
tree | fda5cb41a2c31c90a634848e233802a0a2e28e55 /firmware | |
parent | 754e56bff6911fdd667b6c03d8b7ba1269dba966 (diff) | |
download | vboot-3f896a5b638c26632098ff9fdf563686a55c10dd.tar.gz |
Add new GBB_FLAG_FORCE_MANUAL_RECOVERY
It seems like there are some testing use cases where we want the device
to boot into the recovery installer but it is impractical to fully
simulate a user-triggered recovery. This has become impossible with the
recent change to always require manual recovery to boot an image, even
when the developer mode switch is enabled (CL:924458).
This patch adds a new GBB flag to support this use case. When the flag
is set, all recovery mode is manual recovery mode, regardless of wheter
the developer mode switch is on or not.
Since the GBB_FLAG_ENABLE_SERIAL was killed off before it ever really
worked anyway, we can safely reuse the bit reserved for it.
BRANCH=None
BUG=None
TEST=make runtests, manually confirmed on Kevin
Change-Id: I4f51dfd20b4ff04c522f53596896dccbceee52dc
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976660
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/include/2common.h | 1 | ||||
-rw-r--r-- | firmware/2lib/include/2struct.h | 4 | ||||
-rw-r--r-- | firmware/include/gbb_header.h | 4 | ||||
-rw-r--r-- | firmware/lib/include/vboot_common.h | 5 | ||||
-rw-r--r-- | firmware/lib/vboot_common.c | 9 | ||||
-rw-r--r-- | firmware/lib/vboot_ui.c | 2 | ||||
-rw-r--r-- | firmware/lib/vboot_ui_menu.c | 8 |
7 files changed, 20 insertions, 13 deletions
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 019a34ac..be5c484a 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -12,6 +12,7 @@ #include "2return_codes.h" #include "2sha.h" #include "2struct.h" +#include "2sysincludes.h" struct vb2_public_key; diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 3411de77..d1185593 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -296,8 +296,8 @@ enum vb2_gbb_flag { */ VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP = (1 << 13), - /* Enable serial */ - VB2_GBB_FLAG_ENABLE_SERIAL = (1 << 14), + /* Recovery mode always assumes manual recovery, even if EC_IN_RW=1 */ + VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY = (1 << 14), /* Disable FWMP */ VB2_GBB_FLAG_DISABLE_FWMP = (1 << 15), diff --git a/firmware/include/gbb_header.h b/firmware/include/gbb_header.h index 4503ffaa..11586e92 100644 --- a/firmware/include/gbb_header.h +++ b/firmware/include/gbb_header.h @@ -72,8 +72,8 @@ * dev_boot_fastboot_full_cap=0. */ #define GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP 0x00002000 -/* Enable serial console */ -#define GBB_FLAG_ENABLE_SERIAL 0x00004000 +/* Recovery mode always assumes manual recovery, even if EC_IN_RW=1 */ +#define GBB_FLAG_FORCE_MANUAL_RECOVERY 0x00004000 /* Disable using FWMP */ #define GBB_FLAG_DISABLE_FWMP 0x00008000 diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h index acfb58b7..44dba262 100644 --- a/firmware/lib/include/vboot_common.h +++ b/firmware/lib/include/vboot_common.h @@ -8,6 +8,7 @@ #ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_ #define VBOOT_REFERENCE_VBOOT_COMMON_H_ +#include "2api.h" #include "vboot_struct.h" #ifndef ARRAY_SIZE @@ -145,9 +146,9 @@ int VbSharedDataSetKernelKey(VbSharedDataHeader *header, * requests including manual recovery requested by a (compromised) host will * end up with 'broken' screen. * - * @param flags Flags of VbSharedDataHeader. + * @param ctx vboot2 context pointer * @return 1: Yes. 0: No or not sure. */ -int vb2_allow_recovery(uint32_t flags); +int vb2_allow_recovery(struct vb2_context *ctx); #endif /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */ diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index d3851940..f336f2c0 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -10,6 +10,7 @@ #include "2sysincludes.h" #include "2common.h" +#include "2misc.h" #include "2rsa.h" #include "2sha.h" #include "vboot_api.h" @@ -211,8 +212,12 @@ int VbSharedDataSetKernelKey(VbSharedDataHeader *header, const VbPublicKey *src) return PublicKeyCopy(kdest, src); } -int vb2_allow_recovery(uint32_t flags) +int vb2_allow_recovery(struct vb2_context *ctx) { + /* GBB_FLAG_FORCE_MANUAL_RECOVERY forces this to always return true. */ + if (vb2_get_sd(ctx)->gbb_flags & VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY) + return 1; + /* * If EC is in RW, it implies recovery wasn't manually requested. * On some platforms, EC_IN_RW can't be reset by the EC, thus, this may @@ -223,5 +228,5 @@ int vb2_allow_recovery(uint32_t flags) return 0; /* Now we confidently check the recovery switch state at boot */ - return !!(flags & VBSD_BOOT_REC_SWITCH_ON); + return !!(vb2_get_sd(ctx)->vbsd->flags & VBSD_BOOT_REC_SWITCH_ON); } diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c index 1db0e4a7..5eb78f0a 100644 --- a/firmware/lib/vboot_ui.c +++ b/firmware/lib/vboot_ui.c @@ -403,7 +403,7 @@ static VbError_t recovery_ui(struct vb2_context *ctx) VB2_DEBUG("VbBootRecovery() start\n"); - if (!vb2_allow_recovery(shared->flags)) { + if (!vb2_allow_recovery(ctx)) { /* * We have to save the reason here so that it will survive * coming up three-finger-salute. We're saving it in diff --git a/firmware/lib/vboot_ui_menu.c b/firmware/lib/vboot_ui_menu.c index 050051ce..c050ec8e 100644 --- a/firmware/lib/vboot_ui_menu.c +++ b/firmware/lib/vboot_ui_menu.c @@ -231,7 +231,7 @@ static VbError_t enter_language_menu(struct vb2_context *ctx) static VbError_t enter_recovery_base_screen(struct vb2_context *ctx) { - if (!vb2_allow_recovery(vb2_get_sd(ctx)->vbsd->flags)) + if (!vb2_allow_recovery(ctx)) vb2_change_menu(VB_MENU_RECOVERY_BROKEN, 0); else if (usb_nogood) vb2_change_menu(VB_MENU_RECOVERY_NO_GOOD, 0); @@ -289,7 +289,7 @@ static VbError_t language_action(struct vb2_context *ctx) * Non-manual recovery mode is meant to be left via hard reset (into * manual recovery mode). Need to commit NVRAM changes immediately. */ - if (vbsd->recovery_reason && !vb2_allow_recovery(vbsd->flags)) + if (vbsd->recovery_reason && !vb2_allow_recovery(ctx)) vb2_nv_commit(ctx); /* Return to previous menu. */ @@ -319,7 +319,7 @@ static VbError_t to_dev_action(struct vb2_context *ctx) /* Sanity check, should never happen. */ if (!(vbsd_flags & VBSD_HONOR_VIRT_DEV_SWITCH) || (vbsd_flags & VBSD_BOOT_DEV_SWITCH_ON) || - !vb2_allow_recovery(vbsd_flags)) + !vb2_allow_recovery(ctx)) return VBERROR_KEEP_LOOPING; VB2_DEBUG("Enabling dev-mode...\n"); @@ -828,7 +828,7 @@ VbError_t VbBootRecoveryMenu(struct vb2_context *ctx) VbError_t retval = vb2_init_menus(ctx); if (VBERROR_SUCCESS != retval) return retval; - if (vb2_allow_recovery(vb2_get_sd(ctx)->vbsd->flags)) + if (vb2_allow_recovery(ctx)) retval = recovery_ui(ctx); else retval = broken_ui(ctx); |