From b38e3a63a8b1d42fd707e4c23e71c3f3ed84e6ad Mon Sep 17 00:00:00 2001 From: Daisuke Nojiri Date: Wed, 12 May 2021 12:41:05 -0700 Subject: cros_ec: Use boot mode to check if EC can be trusted Currently, EC_IN_RW signal is used for the AP to decide whether EC is running an RO copy or not. coreboot will set VB2_CONTEXT_EC_TRUSTED based on the EC's boot mode if supported. It means the EC is in RO and PD is disabled. This patch makes vb2_allow_recovery check VB2_CONTEXT_EC_TRUSTED prior to entering recovery mode. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Signed-off-by: Daisuke Nojiri Change-Id: Ie7fb337085f9c5f73ee82049d490a719f76a26bb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2893095 Reviewed-by: Furquan Shaikh Reviewed-by: Julius Werner --- firmware/2lib/2misc.c | 2 +- firmware/2lib/include/2api.h | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 13cd35a2..75a9f360 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -408,7 +408,7 @@ int vb2_allow_recovery(struct vb2_context *ctx) * return false (=RW). That's ok because if recovery is manual, we will * get the right signal and that's the case we care about. */ - if (!vb2ex_ec_trusted()) + if (!(ctx->flags & VB2_CONTEXT_EC_TRUSTED) && !vb2ex_ec_trusted()) return 0; /* Now we confidently check the recovery switch state at boot */ diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index fb8bc51b..fb656da9 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -233,6 +233,13 @@ enum vb2_context_flags { * NO_BOOT means the OS is not allowed to boot. Only relevant for EFS2. */ VB2_CONTEXT_NO_BOOT = (1 << 23), + + /* + * TRUSTED means EC is running an RO copy and PD isn't enabled. At + * least that was last known to the GSC. If EC RO is correctly behaving, + * it doesn't jump to RW when this flag is set. + */ + VB2_CONTEXT_EC_TRUSTED = (1 << 24), }; /* Helper for aligning fields in vb2_context. */ -- cgit v1.2.1