Cr50: Enhance the console unlock warning message

Because the virtual dev-mode switch is stored in the TPM, when we erase the TPM memory prior to unlocking the Cr50 console on reboot the system reinitializes itself in normal mode. This is by design (Chromebooks should fail into a more-secure state when possible), but it can be unexpected. This adds some extra caution to the unlock warning message, so that owners who are fiddling with it for the first time aren't unpleasantly surprised by losing all their work. BUG=chrome-os-partner:57407 BRANCH=none TEST=make buildall; test on Reef From the Cr50 console, run lock on lock off Observe the new, scarier warning. Change-Id: I6fd1248a5a4c131fa107a902a4539fa73f2308f6 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/414387 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2026-01-08 16:41:55 +00:00 · 2016-11-23 09:40:52 -08:00
parent c459c8278e
commit 1ece199078
1 changed files with 5 additions and 2 deletions
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -228,8 +228,11 @@ DECLARE_VENDOR_COMMAND(VENDOR_CC_SET_LOCK, vc_lock);
 /****************************************************************************/
 static const char warning[] = "\n\t!!! WARNING !!!\n\n"
 	"\tThe AP will be impolitely shut down and the TPM persistent memory\n"
-	"\tERASED before the console is unlocked. If this is not what you\n"
-	"\twant, simply do nothing and the unlock process will fail.\n\n";
+	"\tERASED before the console is unlocked. The system will reboot in\n"
+	"\tnormal mode and ALL encrypted content will be LOST.\n\n"
+	"\tIf this is not what you want, simply do nothing and the unlock\n"
+	"\tprocess will fail.\n\n"
+	"\n\t!!! WARNING !!!\n\n";

 static int command_lock(int argc, char **argv)
 {