diff options
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2kernel.c | 3 | ||||
-rw-r--r-- | firmware/2lib/2misc.c | 6 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 8 | ||||
-rw-r--r-- | firmware/2lib/include/2secdata.h | 7 | ||||
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 1 |
5 files changed, 24 insertions, 1 deletions
diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c index dd91ec83..02ea5446 100644 --- a/firmware/2lib/2kernel.c +++ b/firmware/2lib/2kernel.c @@ -143,10 +143,11 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) return rv; } - /* Enable phone recovery while disabling the UI */ + /* Enable phone recovery while disabling the UI; disable diagnostics. */ secdata_flags = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS); secdata_flags &= ~VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_DISABLED; secdata_flags |= VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED; + secdata_flags |= VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED; vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS, secdata_flags); /* Read kernel version from secdata. */ diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 8e5444a6..7c4ca262 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -517,6 +517,12 @@ int vb2api_phone_recovery_ui_enabled(struct vb2_context *ctx) VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED); } +int vb2api_diagnostic_ui_enabled(struct vb2_context *ctx) +{ + return !(vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS) & + VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED); +} + enum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target( struct vb2_context *ctx) { diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 649ee096..205b2891 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -854,6 +854,14 @@ int vb2api_phone_recovery_enabled(struct vb2_context *ctx); */ int vb2api_phone_recovery_ui_enabled(struct vb2_context *ctx); +/** + * Whether diagnostic UI functionality is enabled or not. + * + * @param ctx Vboot context + * @return 1 if enabled, 0 if disabled. + */ +int vb2api_diagnostic_ui_enabled(struct vb2_context *ctx); + /* Default boot target in developer mode. */ enum vb2_dev_default_boot_target { /* Default to boot from internal disk. */ diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index 3b2fa3ca..425dcfff 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -100,6 +100,13 @@ enum vb2_secdata_kernel_flags { /* Phone recovery instructions in recovery UI are disabled. */ VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_UI_DISABLED = (1 << 1), + + /* + * Diagnostic UI is disabled. This includes both hiding the entry + * point on the recovery UI menu ("Launch diagnostics"), and + * disallowing the user from booting into the diagnostic UI. + */ + VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2), }; /** diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 500d3725..4ae52c57 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -241,6 +241,7 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VB2_TRY(VbBootRecoveryLegacyClamshell(ctx)); } } else if (DIAGNOSTIC_UI && !MENU_UI && + vb2api_diagnostic_ui_enabled(ctx) && vb2_nv_get(ctx, VB2_NV_DIAG_REQUEST)) { vb2_nv_set(ctx, VB2_NV_DIAG_REQUEST, 0); |