Add support for dev_boot_usb flag

BUG=chromium-os:17433
TEST=make && make runtests.  Additional manual tests:

0. Insert a valid dev-signed USB key.

1. Boot with dev switch off.
`crossystem dev_boot_usb` should print 0.

2. Flip dev switch on.
`crossystem dev_boot_usb` should print 0.
Ctrl+U at dev screen should beep, but not boot USB.

3. Type `crossystem dev_boot_usb=1`.  Should succeed.
`crossystem dev_boot_usb` should print 1.

4. Reboot system.
At the dev mode warning, press Ctrl+U
System should boot from USB key
`crossystem dev_boot_usb` should print 0.

5. Flip dev switch off.
`crossystem dev_boot_usb` should print 0.

6. Flip dev switch on.
`crossystem dev_boot_usb` should print 0.

Note that this does not apply to Cr-48, Alex, or ZGB.

Change-Id: Idf85fdd642f38f531c89e5fa5b1679e84936d4da
Reviewed-on: http://gerrit.chromium.org/gerrit/3875
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>

firmware/include/vboot_nvstorage.h

@@ -52,6 +52,8 @@ typedef enum VbNvParam {
   VBNV_TEST_ERROR_FUNC,
   /* Verified boot API error to generate for the function, if non-zero. */
   VBNV_TEST_ERROR_NUM,
+  /* Allow booting from USB in developer mode.  0=no, 1=yes. */
+  VBNV_DEV_BOOT_USB,
 } VbNvParam;
 
 

firmware/lib/vboot_api_kernel.c

@@ -393,8 +393,15 @@ uint32_t VbTryLoadKernel(VbCommonParams* cparams, LoadKernelParams* p,
 }
 
 
-/* Handle a normal boot from fixed drive only. */
+/* Handle a normal boot. */
 VbError_t VbBootNormal(VbCommonParams* cparams, LoadKernelParams* p) {
+
+  /* Force dev_boot_usb flag disabled.  This ensures the flag will be
+   * initially disabled if the user later transitions back into
+   * developer mode. */
+  VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 0);
+
+  /* Boot from fixed disk only */
   return VbTryLoadKernel(cparams, p, VB_DISK_FLAG_FIXED);
 }
 
@@ -409,6 +416,10 @@ VbError_t VbBootNormal(VbCommonParams* cparams, LoadKernelParams* p) {
 /* Handle a developer-mode boot */
 VbError_t VbBootDeveloper(VbCommonParams* cparams, LoadKernelParams* p) {
   uint32_t delay_time = 0;
+  uint32_t allow_usb = 0;
+
+  /* Check if USB booting is allowed */
+  VbNvGet(&vnc, VBNV_DEV_BOOT_USB, &allow_usb);
 
   /* Show the dev mode warning screen */
   VbDisplayScreen(cparams, VB_SCREEN_DEVELOPER_WARNING, 0);
@@ -444,8 +455,11 @@ VbError_t VbBootDeveloper(VbCommonParams* cparams, LoadKernelParams* p) {
       case 0x15:
         /* Ctrl+U = try USB boot, or beep if failure */
         VBDEBUG(("VbBootDeveloper() - user pressed Ctrl+U; try USB\n"));
-        if (VBERROR_SUCCESS == VbTryLoadKernel(cparams, p,
+        if (!allow_usb) {
-                                               VB_DISK_FLAG_REMOVABLE)) {
+          VBDEBUG(("VbBootDeveloper() - USB booting is disabled\n"));
+          VbExBeep(DEV_DELAY_INCREMENT, 400);
+        } else if (VBERROR_SUCCESS ==
+                   VbTryLoadKernel(cparams, p, VB_DISK_FLAG_REMOVABLE)) {
           VBDEBUG(("VbBootDeveloper() - booting USB\n"));
           return VBERROR_SUCCESS;
         } else {

firmware/lib/vboot_nvstorage.c

@@ -26,6 +26,9 @@
 #define RECOVERY_OFFSET              2
 #define LOCALIZATION_OFFSET          3
 
+#define DEV_FLAGS_OFFSET             4
+#define DEV_BOOT_USB_MASK               0x01
+
 #define FIRMWARE_FLAGS_OFFSET        5
 #define FIRMWARE_TEST_ERR_FUNC_MASK     0x38
 #define FIRMWARE_TEST_ERR_FUNC_SHIFT    3
@@ -135,6 +138,10 @@ int VbNvGet(VbNvContext* context, VbNvParam param, uint32_t* dest) {
       *dest = raw[FIRMWARE_FLAGS_OFFSET] & FIRMWARE_TEST_ERR_NUM_MASK;
       return 0;
 
+    case VBNV_DEV_BOOT_USB:
+      *dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_USB_MASK ? 1 : 0);
+      return 0;
+
     default:
       return 1;
   }
@@ -213,6 +220,13 @@ int VbNvSet(VbNvContext* context, VbNvParam param, uint32_t value) {
       raw[FIRMWARE_FLAGS_OFFSET] |= (value & FIRMWARE_TEST_ERR_NUM_MASK);
       break;
 
+    case VBNV_DEV_BOOT_USB:
+      if (value)
+        raw[DEV_FLAGS_OFFSET] |= DEV_BOOT_USB_MASK;
+      else
+        raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_USB_MASK;
+      break;
+
     default:
       return 1;
   }

host/lib/crossystem.c

@@ -367,6 +367,8 @@ int VbGetSystemPropertyInt(const char* name) {
       value &= KERN_NV_FWUPDATE_TRIES_MASK;
   } else if (!strcasecmp(name,"loc_idx")) {
     value = VbGetNvStorage(VBNV_LOCALIZATION_INDEX);
+  } else if (!strcasecmp(name,"dev_boot_usb")) {
+    value = VbGetNvStorage(VBNV_DEV_BOOT_USB);
   }
   /* Other parameters */
   else if (!strcasecmp(name,"cros_debug")) {
@@ -444,6 +446,8 @@ int VbSetSystemPropertyInt(const char* name, int value) {
     return VbSetNvStorage(VBNV_KERNEL_FIELD, kern_nv);
   } else if (!strcasecmp(name,"loc_idx")) {
     return VbSetNvStorage(VBNV_LOCALIZATION_INDEX, value);
+  } else if (!strcasecmp(name,"dev_boot_usb")) {
+    return VbSetNvStorage(VBNV_DEV_BOOT_USB, value);
   }
 
   return -1;

tests/vboot_nvstorage_test.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -31,6 +31,7 @@ static VbNvField nvfields[] = {
   {VBNV_KERNEL_FIELD, 0, 0x12345678, 0xFEDCBA98, "kernel field"},
   {VBNV_TEST_ERROR_FUNC, 0, 1, 7, "verified boot test error func"},
   {VBNV_TEST_ERROR_NUM, 0, 3, 6, "verified boot test error number"},
+  {VBNV_DEV_BOOT_USB, 0, 1, 0, "dev boot usb"},
   {0, 0, 0, 0, NULL}
 };
 

utility/crossystem_main.c

@@ -37,6 +37,8 @@ const Param sys_param_list[] = {
   {"arch", IS_STRING, "Platform architecture"},
   {"cros_debug", 0, "OS should allow debug features"},
   {"dbg_reset", CAN_WRITE, "Debug reset mode request (writable)"},
+  {"dev_boot_usb", CAN_WRITE,
+   "Enable developer mode boot from USB (writable)"},
   {"devsw_boot", 0, "Developer switch position at boot"},
   {"devsw_cur",  0, "Developer switch current position"},
   {"ecfw_act", IS_STRING, "Active EC firmware"},