Google Git
Sign in
chromium / chromiumos / platform / factory_installer / factory-3004.B^! / .
commit9a3fa3d5cc8bd36c510dd5420f910880d1d383c5[log] [tgz]
authorHung-Te Lin <hungte@chromium.org>Mon Nov 05 03:57:42 2012
committerJon Salz <jsalz@chromium.org>Mon Nov 05 06:44:23 2012
treea6896c4ff640d2d58cc4e22ef315ff3d2088aa46
parente14f3e0521b37e93536d261bf5213e9bee828754 [diff]
factory_install: Disable checking WP before clearing TPM.

More and more devices won't have physical WP switch that can be easily toggled.
After reviewed in http://crosbug.com/p/15795 , it seems like having physical
presence (i.e, developer switch and recovery button) is enough for clearing TPM.

BUG=chrome-os-partner:15795
TEST=build_image factory_install

Change-Id: Iec7fcbd4fe104833c11e3461a18741e9eb2ba14a
Reviewed-on: https://gerrit.chromium.org/gerrit/37337
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Jon Salz <jsalz@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
(cherry picked from commit 48e30ca1e7e507e6120b86e158559d3a10aa88fb)
Reviewed-on: https://gerrit.chromium.org/gerrit/37342
Tested-by: Jon Salz <jsalz@chromium.org>

diff --git a/factory_install.sh b/factory_install.sh
index f8fbbcf..72aa301 100644
--- a/factory_install.sh
+++ b/factory_install.sh

@@ -204,16 +204,13 @@
     clear_fwwp
   fi
 
-  log "Checking if TPM should be cleared"
-  # To clear TPM, we need both software firmware write protect to be off, and
-  # boot type as "recovery". Booting with USB in developer mode (Ctrl-U) does
-  # not work.
+  log "Checking if TPM should be cleared (for version and owner)"
+  # To clear TPM, we need it unlocked (only in recovery boot).
+  # Booting with USB in developer mode (Ctrl-U) does not work.
   local tpm_is_cleared=""
   if ! crossystem "mainfw_type?recovery"; then
     mainfw_type="$(crossystem mainfw_type)"
     log " - System was not booted in recovery mode (current: $mainfw_type)."
-  elif check_fwwp; then
-    log " - Firmware write protection is not disabled."
   else
     if ! clear_tpm; then
       die "Failed to clear TPM. Installation is stopped."
@@ -226,8 +223,10 @@
     colorize "yellow"
     log "
 
-    WARNING: TPM won't be cleared. To force clearing TPM, ensure firmware write
-    protection is disabled, hold recovery button and reboot the system again.
+    WARNING: TPM won't be cleared. To enforce clearing TPM, make sure you are
+    using correct image signed with same key (MP, Pre-MP, or DEV), turn on
+    developer switch if you haven't, then hold recovery button and reboot the
+    system again.  Ctrl-U won't clear TPM.
     "
 
     # Alert for a while