From 1ece199078c2665b625debd196ca389e5bda58f1 Mon Sep 17 00:00:00 2001 From: Bill Richardson Date: Wed, 23 Nov 2016 09:40:52 -0800 Subject: [PATCH] Cr50: Enhance the console unlock warning message Because the virtual dev-mode switch is stored in the TPM, when we erase the TPM memory prior to unlocking the Cr50 console on reboot the system reinitializes itself in normal mode. This is by design (Chromebooks should fail into a more-secure state when possible), but it can be unexpected. This adds some extra caution to the unlock warning message, so that owners who are fiddling with it for the first time aren't unpleasantly surprised by losing all their work. BUG=chrome-os-partner:57407 BRANCH=none TEST=make buildall; test on Reef From the Cr50 console, run lock on lock off Observe the new, scarier warning. Change-Id: I6fd1248a5a4c131fa107a902a4539fa73f2308f6 Signed-off-by: Bill Richardson Reviewed-on: https://chromium-review.googlesource.com/414387 Reviewed-by: Vadim Bendebury --- board/cr50/wp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/board/cr50/wp.c b/board/cr50/wp.c index 69b88c4a71..28268f4cca 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -228,8 +228,11 @@ DECLARE_VENDOR_COMMAND(VENDOR_CC_SET_LOCK, vc_lock); /****************************************************************************/ static const char warning[] = "\n\t!!! WARNING !!!\n\n" "\tThe AP will be impolitely shut down and the TPM persistent memory\n" - "\tERASED before the console is unlocked. If this is not what you\n" - "\twant, simply do nothing and the unlock process will fail.\n\n"; + "\tERASED before the console is unlocked. The system will reboot in\n" + "\tnormal mode and ALL encrypted content will be LOST.\n\n" + "\tIf this is not what you want, simply do nothing and the unlock\n" + "\tprocess will fail.\n\n" + "\n\t!!! WARNING !!!\n\n"; static int command_lock(int argc, char **argv) {