1 files changed, 7 insertions, 58 deletions

diff --git a/firmware/lib/ec_sync.c b/firmware/lib/ec_sync.c
index 10ce5576..baf3cfc2 100644
--- a/firmware/lib/ec_sync.c
+++ b/firmware/lib/ec_sync.c
@@ -197,59 +197,16 @@ static VbError_t update_ec(struct vb2_context *ctx, int devidx,
 }
 
 /**
- * Check if the EC has the correct image active.
+ * Set IN_RW flag for a EC
  *
  * @param ctx		Vboot2 context
  * @param devidx	Which device (EC=0, PD=1)
- * @return VBERROR_SUCCESS, or non-zero if error.
  */
-static VbError_t check_ec_active(struct vb2_context *ctx, int devidx)
+static void check_ec_active(struct vb2_context *ctx, int devidx)
 {
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
-	/* Determine whether the EC is in RO or RW */
-	int in_rw = 0;
-	int rv = VbExEcRunningRW(devidx, &in_rw);
-	if (in_rw) {
+	if (!VbExTrustEC(devidx))
 		sd->flags |= IN_RW(devidx);
-	}
-
-	if (sd->recovery_reason) {
-		/*
-		 * Recovery mode; just verify the EC is in RO code.  Don't do
-		 * software sync, since we don't have a RW image.
-		 */
-		if (rv == VBERROR_SUCCESS && in_rw == 1) {
-			/*
-			 * EC is definitely in RW firmware.  We want it in
-			 * read-only code, so preserve the current recovery
-			 * reason and reboot.
-			 *
-			 * We don't reboot on error or unknown EC code, because
-			 * we could end up in an endless reboot loop.  If we
-			 * had some way to track that we'd already rebooted for
-			 * this reason, we could retry only once.
-			 */
-			VB2_DEBUG("want recovery but got EC-RW\n");
-			request_recovery(ctx, sd->recovery_reason);
-			return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
-		}
-
-		VB2_DEBUG("in recovery; EC-RO\n");
-		return VBERROR_SUCCESS;
-	}
-
-	/*
-	 * Not in recovery.  If we couldn't determine where the EC was,
-	 * reboot to recovery.
-	 */
-	if (rv != VBERROR_SUCCESS) {
-		VB2_DEBUG("VbExEcRunningRW() returned %d\n", rv);
-		request_recovery(ctx, VB2_RECOVERY_EC_UNKNOWN_IMAGE);
-		return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
-	}
-
-	return VBERROR_SUCCESS;
 }
 
 #define RO_RETRIES 2  /* Maximum times to retry flashing RO */
@@ -383,18 +340,10 @@ VbError_t ec_sync_phase1(struct vb2_context *ctx, VbCommonParams *cparams)
 	const int do_pd_sync = 0;
 #endif
 
-	/* Make sure the EC is running the correct image */
-	if (check_ec_active(ctx, 0))
-		return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
-	if (do_pd_sync && check_ec_active(ctx, 1))
-		return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
-
-	/*
-	 * In recovery mode; just verify the EC is in RO code.  Don't do
-	 * software sync, since we don't have a RW image.
-	 */
-	if (sd->recovery_reason)
-		return VBERROR_SUCCESS;
+	/* Set IN_RW flags */
+	check_ec_active(ctx, 0);
+	if (do_pd_sync)
+		check_ec_active(ctx, 1);
 
 	/* Check if we need to update RW.  Failures trigger recovery mode. */
 	if (check_ec_hash(ctx, 0, VB_SELECT_FIRMWARE_EC_ACTIVE))