From 39392528f4988df03217f7b513e92ed62f5c3211 Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Fri, 20 Mar 2015 16:19:57 -0700
Subject: Disable dev mode on recovery, when configured.

If so desired by the firmware, disable developer mode each time the
recovery mode is entered.

BRANCH=storm
BUG=chrome-os-partner:36059
TEST=with the rest of the patches applied observed desired behavior on
     an SP5 (developer mode state wiped out on entering recovery)

Change-Id: If08dc517363bcc36fcc8b0b875a8700bbcefde4c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/261630
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 firmware/2lib/2misc.c        | 8 ++++++++
 firmware/2lib/include/2api.h | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 53f713b5..8d2cbf3f 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -224,6 +224,14 @@ int vb2_check_dev_switch(struct vb2_context *ctx)
 		vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0);
 	}
 
+	if (ctx->flags & VB2_DISABLE_DEVELOPER_MODE) {
+		/*
+		 * Hardware switch and GBB flag will take precedence over
+		 * this.
+		 */
+		flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
+	}
+
 	/* Check virtual dev switch */
 	if (flags & VB2_SECDATA_FLAG_DEV_MODE)
 		is_dev = 1;
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 92b815f8..d8cc9b8c 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -90,6 +90,9 @@ enum vb2_context_flags {
 
 	/* Wipeout by the app should be requested. */
 	VB2_CONTEXT_FORCE_WIPEOUT_MODE = (1 << 8),
+
+	/* Erase TPM developer mode state if it is enabled. */
+	VB2_DISABLE_DEVELOPER_MODE = (1 << 9),
 };
 
 /*
-- 
cgit v1.2.1