factory_install: Clear block_devmode settings for RMA.
When resetting device, clear block_devmode settings from VPD and
crossystem.
This is required for RMA process. Only devices with write protection
disabled can reach factory_installer using RMA shim so this is fine for
security concern.
BUG=chrome-os-partner:61540
TEST=None
Change-Id: I51cc322ccc77658209d8fc9cca07a8d5ff7227fc
Reviewed-on: https://chromium-review.googlesource.com/431600
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Thiemo Nagel <tnagel@chromium.org>
diff --git a/factory_install.sh b/factory_install.sh
index 1be49a3..104afe7 100644
--- a/factory_install.sh
+++ b/factory_install.sh
@@ -232,6 +232,12 @@
return ${result}
}
+clear_block_devmode() {
+ # Try our best to clear block_devmode.
+ crossystem block_devmode=0 || true
+ vpd -i RW_VPD -d block_devmode -d check_enrollment || true
+}
+
reset_chromeos_device() {
log "Clearing NVData."
if ! mosys nvram clear; then
@@ -239,6 +245,8 @@
log "Warning: NVData not cleared."
fi
+ clear_block_devmode
+
if grep -q cros_netboot /proc/cmdline; then
log "Device is network booted."
return