factory_install: Clear block_devmode settings for RMA. When resetting device, clear block_devmode settings from VPD and crossystem. This is required for RMA process. Only devices with write protection disabled can reach factory_installer using RMA shim so this is fine for security concern. BUG=chrome-os-partner:61540 TEST=None Change-Id: I51cc322ccc77658209d8fc9cca07a8d5ff7227fc Reviewed-on: https://chromium-review.googlesource.com/431600 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Thiemo Nagel <tnagel@chromium.org>

commit: 262f49ab9054bd5363569eb7e115d9e1d7e0b719 [log] [tgz]
author: Hung-Te Lin <hungte@chromium.org> Tue Jan 24 03:51:04 2017
committer: chrome-bot <chrome-bot@chromium.org> Tue Jan 24 21:22:10 2017
tree: c01d09c98403be0b9d5313f0806e99b6ae0834cd
parent: c2e2fbeef92eb2391dbda5d4fca3eaf7bbfa9b1d [diff]
diff --git a/factory_install.sh b/factory_install.sh
index 1be49a3..104afe7 100644
--- a/factory_install.sh
+++ b/factory_install.sh

@@ -232,6 +232,12 @@
   return ${result}
 }
 
+clear_block_devmode() {
+  # Try our best to clear block_devmode.
+  crossystem block_devmode=0 || true
+  vpd -i RW_VPD -d block_devmode -d check_enrollment || true
+}
+
 reset_chromeos_device() {
   log "Clearing NVData."
   if ! mosys nvram clear; then
@@ -239,6 +245,8 @@
     log "Warning: NVData not cleared."
   fi
 
+  clear_block_devmode
+
   if grep -q cros_netboot /proc/cmdline; then
     log "Device is network booted."
     return
commit	262f49ab9054bd5363569eb7e115d9e1d7e0b719	[log] [tgz]
author	Hung-Te Lin <hungte@chromium.org>	Tue Jan 24 03:51:04 2017
committer	chrome-bot <chrome-bot@chromium.org>	Tue Jan 24 21:22:10 2017
tree	c01d09c98403be0b9d5313f0806e99b6ae0834cd
parent	c2e2fbeef92eb2391dbda5d4fca3eaf7bbfa9b1d [diff]