Use virtual dev-mode switch when told to.

If VbInit() is instructed to look at a virtual dev-mode switch, then it will use value contained in the TPM's firmware space instead of a hardware GPIO to determine if developer mode is enabled. This change just makes it look. It doesn't provide a way to actually set the value in the TPM. VbInit() isn't being told to look yet, either. Those changes are coming. BUG=chrome-os-partner:9706 TEST=none The usual sanity-check applies: make make runtests But to actually test that this stuff is working IRL requires special tweaks to other components and monitoring the serial debug output from both EC and CPU. We'll save the hands-on tests for when it's all done. Change-Id: Ie485ad2180224e192238bf2a5dbf95bbcb9130f9 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/23067 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-11-24 02:05:01 +00:00 · 2012-05-17 13:26:05 -07:00
parent e97760cec3
commit b75d8adcc0
10 changed files with 206 additions and 142 deletions
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -363,6 +363,12 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode,
  VBDEBUG(("TPM: Firmware space sv%d f%x v%x\n",
           rsf->struct_version, rsf->flags, rsf->fw_versions));

+  /* The developer_mode value that's passed in is only set by a hardware
+   * dev-switch. We should OR it with any enabled virtual switch, since it
+   * can only be set by doing the keyboard-based dev-mode dance. */
+  if (rsf->flags & FLAG_VIRTUAL_DEV_MODE_ON)
+    developer_mode = 1;
+
  /* Clears ownership if developer flag has toggled */
  if ((developer_mode ? FLAG_LAST_BOOT_DEVELOPER : 0) !=
      (rsf->flags & FLAG_LAST_BOOT_DEVELOPER)) {
@@ -406,8 +412,8 @@ uint32_t RollbackS3Resume(void) {
  return TPM_SUCCESS;
 }

-uint32_t RollbackFirmwareSetup(int recovery_mode, int developer_mode,
-                               uint32_t* version) {
+uint32_t RollbackFirmwareSetup(int recovery_mode, int hw_dev_sw,
+                               int* developer_mode, uint32_t* version) {
 #ifndef CHROMEOS_ENVIRONMENT
  /* Initialize the TPM, but ignores return codes.  In ChromeOS
   * environment, don't even talk to the TPM. */
@@ -459,15 +465,17 @@ uint32_t RollbackS3Resume(void) {
  return result;
 }

-uint32_t RollbackFirmwareSetup(int recovery_mode, int developer_mode,
-                               uint32_t* version) {
+uint32_t RollbackFirmwareSetup(int recovery_mode, int hw_dev_sw,
+                               int* dev_mode_ptr, uint32_t* version) {
  RollbackSpaceFirmware rsf;

  /* Set version to 0 in case we fail */
  *version = 0;

-  RETURN_ON_FAILURE(SetupTPM(recovery_mode, developer_mode, &rsf));
+  RETURN_ON_FAILURE(SetupTPM(recovery_mode, *dev_mode_ptr, &rsf));
  *version = rsf.fw_versions;
+  if (!hw_dev_sw)
+    *dev_mode_ptr = rsf.flags & FLAG_VIRTUAL_DEV_MODE_ON ? 1 : 0;
  VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions));
  return TPM_SUCCESS;
 }