diff options
Diffstat (limited to 'firmware/lib/vboot_common.c')
| -rw-r--r-- | firmware/lib/vboot_common.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index fd6ef79b..1c826667 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -210,3 +210,17 @@ int VbSharedDataSetKernelKey(VbSharedDataHeader *header, const VbPublicKey *src) return PublicKeyCopy(kdest, src); } + +int vb2_allow_recovery(uint32_t flags) +{ + /* In dev mode, unconditionally allowed. */ + if (flags & VBSD_BOOT_DEV_SWITCH_ON) + return 1; + + /* If EC is in RW, it implies recovery wasn't manually requested. */ + if (!VbExTrustEC(0)) + return 0; + + /* Now we confidently check the recovery switch state at boot */ + return !!(flags & VBSD_BOOT_REC_SWITCH_ON); +} |