diff options
| -rw-r--r-- | firmware/2lib/2misc.c | 2 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 13cd35a2..75a9f360 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -408,7 +408,7 @@ int vb2_allow_recovery(struct vb2_context *ctx) * return false (=RW). That's ok because if recovery is manual, we will * get the right signal and that's the case we care about. */ - if (!vb2ex_ec_trusted()) + if (!(ctx->flags & VB2_CONTEXT_EC_TRUSTED) && !vb2ex_ec_trusted()) return 0; /* Now we confidently check the recovery switch state at boot */ diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index fb8bc51b..fb656da9 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -233,6 +233,13 @@ enum vb2_context_flags { * NO_BOOT means the OS is not allowed to boot. Only relevant for EFS2. */ VB2_CONTEXT_NO_BOOT = (1 << 23), + + /* + * TRUSTED means EC is running an RO copy and PD isn't enabled. At + * least that was last known to the GSC. If EC RO is correctly behaving, + * it doesn't jump to RW when this flag is set. + */ + VB2_CONTEXT_EC_TRUSTED = (1 << 24), }; /* Helper for aligning fields in vb2_context. */ |