fastboot: Add routines for unlock and lock device

Add support for functions to request unlock and lock of devices in response to fastboot oem unlock/lock commands. Unlock operation is equivalent to enabling dev mode and lock operation is equivalent to leaving dev mode. It is the responsibility of the caller to ensure that user confirmation is obtained before unlock/lock operations. BUG=chrome-os-partner:40196 BRANCH=None TEST=Compiles successfully and fastboot lock/unlock operations work as expected on smaug. Added tests to ensure lock/unlock operations are covered. Verified using make -j runtests. Change-Id: Ibafe75abdd1202473009208a414f3996d537db4f Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/273182 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
2025-11-24 10:14:55 +00:00 · 2015-05-25 21:49:11 -07:00
parent d08a3435f8
commit 773b5ac3a6
4 changed files with 124 additions and 0 deletions
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -1330,3 +1330,34 @@ fail:
 		VbExFree(kernel_subkey);
 	return retval;
 }
+
+VbError_t VbUnlockDevice(void)
+{
+	VBDEBUG(("%s() Enabling dev-mode...\n", __func__));
+	if (TPM_SUCCESS != SetVirtualDevMode(1))
+		return VBERROR_TPM_SET_BOOT_MODE_STATE;
+
+	VBDEBUG(("%s() Mode change will take effect on next reboot.\n",
+		 __func__));
+	return VBERROR_SUCCESS;
+}
+
+VbError_t VbLockDevice(void)
+{
+	VbExNvStorageRead(vnc.raw);
+	VbNvSetup(&vnc);
+
+	VBDEBUG(("%s() - Storing request to leave dev-mode.\n",
+		 __func__));
+	VbNvSet(&vnc, VBNV_DISABLE_DEV_REQUEST,
+		1);
+
+	VbNvTeardown(&vnc);
+	if (vnc.raw_changed)
+		VbExNvStorageWrite(vnc.raw);
+
+	VBDEBUG(("%s() Mode change will take effect on next reboot.\n",
+		 __func__));
+
+	return VBERROR_SUCCESS;
+}