From a762fa782793e7b13ba13ceed474f20c54afbdd3 Mon Sep 17 00:00:00 2001
From: Joel Kitching <kitching@google.com>
Date: Tue, 20 Aug 2019 15:25:22 +0800
Subject: vboot/secdata: remove VbUnlockDevice function

VbUnlockDevice is only used in fastboot.  Currently fastboot
"unlocking" is disabled (see CL:1757973).

BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none

Change-Id: I0de44c2bb8d8150dafb0b73e7a0be6e63564a26b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1758150
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
---
 Makefile                        |  2 --
 firmware/include/vboot_api.h    | 15 ------------
 firmware/lib/rollback_index.c   |  4 ++++
 firmware/lib/vboot_api_kernel.c | 10 --------
 tests/vboot_api_kernel6_tests.c | 53 -----------------------------------------
 5 files changed, 4 insertions(+), 80 deletions(-)
 delete mode 100644 tests/vboot_api_kernel6_tests.c

diff --git a/Makefile b/Makefile
index 160c0074..300a873d 100644
--- a/Makefile
+++ b/Makefile
@@ -700,7 +700,6 @@ TEST_NAMES = \
 	tests/vboot_api_kernel2_tests \
 	tests/vboot_api_kernel4_tests \
 	tests/vboot_api_kernel5_tests \
-	tests/vboot_api_kernel6_tests \
 	tests/vboot_detach_menu_tests \
 tests/vboot_common_tests \
 	tests/vboot_display_tests \
@@ -1313,7 +1312,6 @@ endif
 	${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel2_tests
 	${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel4_tests
 	${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel5_tests
-	${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel6_tests
 	${RUNTEST} ${BUILD_RUN}/tests/vboot_detach_menu_tests
 	${RUNTEST} ${BUILD_RUN}/tests/vboot_common_tests
 	${RUNTEST} ${BUILD_RUN}/tests/vboot_display_tests
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index 7f00ddc6..a1825952 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -172,21 +172,6 @@ vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx,
 				    VbSelectAndLoadKernelParams *kparams,
 				    void *boot_image, size_t image_size);
 
-/**
- * Fastboot API to enter dev mode.
- *
- * This routine is used by fastboot oem unlock command to switch the device into
- * dev mode.
- *
- * NOTE: The caller MUST be in read-only firmware, and MUST have just obtained
- * explicit physical confirmation from the user via a trusted input method
- * before calling this function! Also, on successful return from this function,
- * the caller needs to reboot the device immediately for changes to take effect.
- *
- * @return VBERROR_... error, VB2_SUCCESS on success.
- */
-vb2_error_t VbUnlockDevice(void);
-
 /*****************************************************************************/
 /* Timer and delay (first two from utility.h) */
 
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index b0d4eb58..b4b49fab 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -119,6 +119,8 @@ vb2_error_t SetVirtualDevMode(int val)
 {
 	RollbackSpaceFirmware rsf;
 
+	VB2_DEBUG("Enabling developer mode...\n");
+
 	if (TPM_SUCCESS != ReadSpaceFirmware(&rsf))
 		return VBERROR_TPM_FIRMWARE_SETUP;
 
@@ -136,6 +138,8 @@ vb2_error_t SetVirtualDevMode(int val)
 	if (TPM_SUCCESS != WriteSpaceFirmware(&rsf))
 		return VBERROR_TPM_SET_BOOT_MODE_STATE;
 
+	VB2_DEBUG("Mode change will take effect on next reboot\n");
+
 	return VB2_SUCCESS;
 }
 
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index ec9aaa14..ae1df41e 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -611,13 +611,3 @@ vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx,
 	vb2_kernel_cleanup(ctx);
 	return retval;
 }
-
-vb2_error_t VbUnlockDevice(void)
-{
-	VB2_DEBUG("Enabling dev-mode...\n");
-	if (VB2_SUCCESS != SetVirtualDevMode(1))
-		return VBERROR_TPM_SET_BOOT_MODE_STATE;
-
-	VB2_DEBUG("Mode change will take effect on next reboot.\n");
-	return VB2_SUCCESS;
-}
diff --git a/tests/vboot_api_kernel6_tests.c b/tests/vboot_api_kernel6_tests.c
deleted file mode 100644
index 63aff75d..00000000
--- a/tests/vboot_api_kernel6_tests.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Tests for vboot_api_kernel.c
- */
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "2common.h"
-#include "rollback_index.h"
-#include "test_common.h"
-#include "vboot_api.h"
-
-/* Mock data */
-static uint32_t virtual_dev_mode_fail;
-
-/**
- * Reset mock data (for use before each test)
- */
-static void ResetMocks(void)
-{
-	virtual_dev_mode_fail = 0;
-}
-
-/* Mocks */
-vb2_error_t SetVirtualDevMode(int val)
-{
-	if (virtual_dev_mode_fail)
-		return VB2_ERROR_MOCK;
-	return VB2_SUCCESS;
-}
-
-static void VbUnlockDeviceTest(void)
-{
-	ResetMocks();
-	TEST_EQ(VbUnlockDevice(), 0, "unlock success");
-
-	ResetMocks();
-	virtual_dev_mode_fail = 1;
-	TEST_EQ(VbUnlockDevice(), VBERROR_TPM_SET_BOOT_MODE_STATE,
-		"set dev fail");
-}
-
-int main(void)
-{
-	VbUnlockDeviceTest();
-
-	return gTestSuccess ? 0 : 255;
-}
-- 
cgit v1.2.1