diff options
-rw-r--r-- | firmware/include/vboot_nvstorage.h | 3 | ||||
-rw-r--r-- | firmware/lib/vboot_nvstorage.c | 12 | ||||
-rw-r--r-- | host/lib/crossystem.c | 4 | ||||
-rw-r--r-- | utility/crossystem_main.c | 1 |
4 files changed, 20 insertions, 0 deletions
diff --git a/firmware/include/vboot_nvstorage.h b/firmware/include/vboot_nvstorage.h index 0f6e1fce..79141761 100644 --- a/firmware/include/vboot_nvstorage.h +++ b/firmware/include/vboot_nvstorage.h @@ -56,6 +56,9 @@ typedef enum VbNvParam { VBNV_DEV_BOOT_USB, /* Only boot Google-signed images in developer mode. 0=no, 1=yes. */ VBNV_DEV_BOOT_SIGNED_ONLY, + /* Set by userspace to request that RO firmware disable dev-mode on the next + * boot. This is likely only possible if the dev-switch is virtual. */ + VBNV_DISABLE_DEV_REQUEST, } VbNvParam; diff --git a/firmware/lib/vboot_nvstorage.c b/firmware/lib/vboot_nvstorage.c index 7361817b..de4fa3b0 100644 --- a/firmware/lib/vboot_nvstorage.c +++ b/firmware/lib/vboot_nvstorage.c @@ -22,6 +22,7 @@ #define BOOT_OFFSET 1 #define BOOT_DEBUG_RESET_MODE 0x80 +#define BOOT_DISABLE_DEV_REQUEST 0x40 #define BOOT_TRY_B_COUNT_MASK 0x0F #define RECOVERY_OFFSET 2 @@ -128,6 +129,10 @@ int VbNvGet(VbNvContext* context, VbNvParam param, uint32_t* dest) { *dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_SIGNED_ONLY_MASK ? 1 : 0); return 0; + case VBNV_DISABLE_DEV_REQUEST: + *dest = (raw[BOOT_OFFSET] & BOOT_DISABLE_DEV_REQUEST ? 1 : 0); + return 0; + default: return 1; } @@ -220,6 +225,13 @@ int VbNvSet(VbNvContext* context, VbNvParam param, uint32_t value) { raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_SIGNED_ONLY_MASK; break; + case VBNV_DISABLE_DEV_REQUEST: + if (value) + raw[BOOT_OFFSET] |= BOOT_DISABLE_DEV_REQUEST; + else + raw[BOOT_OFFSET] &= ~BOOT_DISABLE_DEV_REQUEST; + break; + default: return 1; } diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index 27d45c38..a834979d 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -371,6 +371,8 @@ int VbGetSystemPropertyInt(const char* name) { value = VbGetNvStorage(VBNV_RECOVERY_REQUEST); } else if (!strcasecmp(name,"dbg_reset")) { value = VbGetNvStorage(VBNV_DEBUG_RESET_MODE); + } else if (!strcasecmp(name,"disable_dev_request")) { + value = VbGetNvStorage(VBNV_DISABLE_DEV_REQUEST); } else if (!strcasecmp(name,"fwb_tries")) { value = VbGetNvStorage(VBNV_TRY_B_COUNT); } else if (!strcasecmp(name,"fwupdate_tries")) { @@ -449,6 +451,8 @@ int VbSetSystemPropertyInt(const char* name, int value) { return VbSetNvStorage(VBNV_RECOVERY_REQUEST, value); } else if (!strcasecmp(name,"dbg_reset")) { return VbSetNvStorage(VBNV_DEBUG_RESET_MODE, value); + } else if (!strcasecmp(name,"disable_dev_request")) { + return VbSetNvStorage(VBNV_DISABLE_DEV_REQUEST, value); } else if (!strcasecmp(name,"fwb_tries")) { return VbSetNvStorage(VBNV_TRY_B_COUNT, value); } else if (!strcasecmp(name,"fwupdate_tries")) { diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c index 0a2e6def..2161583f 100644 --- a/utility/crossystem_main.c +++ b/utility/crossystem_main.c @@ -37,6 +37,7 @@ const Param sys_param_list[] = { {"arch", IS_STRING, "Platform architecture"}, {"cros_debug", 0, "OS should allow debug features"}, {"dbg_reset", CAN_WRITE, "Debug reset mode request (writable)"}, + {"disable_dev_request", CAN_WRITE, "Disable virtual dev-mode on next boot"}, {"dev_boot_usb", CAN_WRITE, "Enable developer mode boot from USB/SD (writable)"}, {"dev_boot_signed_only", CAN_WRITE, |