56e2f130a6
With CL:1940398, this option is no longer needed. Recovery requests are not cleared until kernel verification stage is reached. If the FSP triggers any reboots, recovery requests will be preserved. In particular: - Manual requests will be preserved via recovery switch state, whose behaviour is modified in CB:38779. - Other recovery requests will remain in nvdata across reboot. These functions now only work after verstage has run: int vboot_check_recovery_request(void) int vboot_recovery_mode_enabled(void) int vboot_developer_mode_enabled(void) BUG=b:124141368, b:35576380 TEST=make clean && make test-abuild BRANCH=none Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
98 lines
2.6 KiB
C
98 lines
2.6 KiB
C
/*
|
|
* This file is part of the coreboot project.
|
|
*
|
|
* Copyright 2016 Google Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; version 2 of the License.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*/
|
|
|
|
#define NEED_VB20_INTERNALS /* Peeking into vb2_shared_data */
|
|
|
|
#include <assert.h>
|
|
#include <bootmode.h>
|
|
#include <bootstate.h>
|
|
#include <cbmem.h>
|
|
#include <vb2_api.h>
|
|
#include <security/vboot/misc.h>
|
|
#include <security/vboot/vbnv.h>
|
|
#include <security/vboot/vboot_common.h>
|
|
|
|
/*
|
|
* Functions which check vboot information should only be called after verstage
|
|
* has run. Otherwise, they will hit the assertion in vboot_get_context().
|
|
*/
|
|
|
|
int vboot_check_recovery_request(void)
|
|
{
|
|
/* TODO: Expose vb2api_recovery_reason() and vb2api_need_train_and_reboot(). */
|
|
return vb2_get_sd(vboot_get_context())->recovery_reason;
|
|
}
|
|
|
|
int vboot_recovery_mode_enabled(void)
|
|
{
|
|
return vboot_get_context()->flags & VB2_CONTEXT_RECOVERY_MODE;
|
|
}
|
|
|
|
int vboot_developer_mode_enabled(void)
|
|
{
|
|
return vboot_get_context()->flags & VB2_CONTEXT_DEVELOPER_MODE;
|
|
}
|
|
|
|
int __weak clear_recovery_mode_switch(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static void do_clear_recovery_mode_switch(void *unused)
|
|
{
|
|
if (vboot_get_context()->flags & VB2_CONTEXT_FORCE_RECOVERY_MODE)
|
|
clear_recovery_mode_switch();
|
|
}
|
|
/*
|
|
* The recovery mode switch (typically backed by EC) is not cleared until
|
|
* BS_WRITE_TABLES for two reasons:
|
|
*
|
|
* (1) On some platforms, FSP initialization may cause a reboot. Push clearing
|
|
* the recovery mode switch until after FSP code runs, so that a manual recovery
|
|
* request (three-finger salute) will function correctly under this condition.
|
|
*
|
|
* (2) To give the implementation of clear_recovery_mode_switch a chance to
|
|
* add an event to elog. See the function in chromeec/switches.c.
|
|
*/
|
|
BOOT_STATE_INIT_ENTRY(BS_WRITE_TABLES, BS_ON_ENTRY,
|
|
do_clear_recovery_mode_switch, NULL);
|
|
|
|
int __weak get_recovery_mode_retrain_switch(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
int vboot_recovery_mode_memory_retrain(void)
|
|
{
|
|
return get_recovery_mode_retrain_switch();
|
|
}
|
|
|
|
#if CONFIG(VBOOT_NO_BOARD_SUPPORT)
|
|
/**
|
|
* TODO: Create flash protection interface which implements get_write_protect_state.
|
|
* get_recovery_mode_switch should be implemented as default function.
|
|
*/
|
|
int __weak get_write_protect_state(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
int __weak get_recovery_mode_switch(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
#endif
|