Disable dev mode on recovery, when configured.

If so desired by the firmware, disable developer mode each time the recovery mode is entered. BRANCH=storm BUG=chrome-os-partner:36059 TEST=with the rest of the patches applied observed desired behavior on an SP5 (developer mode state wiped out on entering recovery) Change-Id: If08dc517363bcc36fcc8b0b875a8700bbcefde4c Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/261630 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-11-26 19:25:02 +00:00 · 2015-03-20 16:19:57 -07:00
parent f80ceeb432
commit 39392528f4
2 changed files with 11 additions and 0 deletions
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -224,6 +224,14 @@ int vb2_check_dev_switch(struct vb2_context *ctx)
 		vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0);
 	}

+	if (ctx->flags & VB2_DISABLE_DEVELOPER_MODE) {
+		/*
+		 * Hardware switch and GBB flag will take precedence over
+		 * this.
+		 */
+		flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
+	}
+
 	/* Check virtual dev switch */
 	if (flags & VB2_SECDATA_FLAG_DEV_MODE)
 		is_dev = 1;
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -90,6 +90,9 @@ enum vb2_context_flags {

 	/* Wipeout by the app should be requested. */
 	VB2_CONTEXT_FORCE_WIPEOUT_MODE = (1 << 8),
+
+	/* Erase TPM developer mode state if it is enabled. */
+	VB2_DISABLE_DEVELOPER_MODE = (1 << 9),
 };

 /*