factory_install: Check block_devmode before allowing to write bootable images.
The new "block_devmode" crossystem flag allows device OWNER to prohibit
entering developer mode by others. Since it's currently checked and implemented
in OS image rootfs instead of firmware, to prevent attacks like "using signed
factory install shim to write non-authorized OS image" we have to check and
abort installation if block_devmode is enabled. To support RMA (with broken
NVDATA), the check is skipped if write protection is disabled.
Note a special case is "Factory reset", which doesn't write bootable images.
It will reset NVData (which includes block_devmode), so we have to restore
block_devmode after clearing NVData.
BUG=chrome-os-partner:28380
TEST=Boots a system with block_devmode=0 and install correctly.
Boots a system with block_devmode=1 without WP and install correctly.
Boots a system with block_devmode=1 with WP and see the error messages.
Change-Id: I8315211fd158339b7812bac5ad12cc8c2416176b
Reviewed-on: https://chromium-review.googlesource.com/198138
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Jon Salz <jsalz@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
1 file changed
