vboot: do not check for VB2_CONTEXT_FORCE_DEVELOPER_MODE
As part of chromium:942901, physical dev switch functionality
is being deprecated.
VB2_CONTEXT_FORCE_DEVELOPER_MODE is for the express purpose
of enabling developer mode when the physical dev switch is
on. (See: coreboot's src/security/vboot/vboot_logic.c)
Remove the check of this context flag for deciding whether
developer mode is enabled.
In order to retain a path to developer mode on devices
with physical dev switch, this CL depends on
VBSD_HONOR_VIRT_DEV_SWITCH check being removed first
(see CL:1526070). (Alternately, we can wait for CB:31943
to be merged and pulled downstream.)
This constant will be marked as deprecated in a subsequent
CL, once the coreboot CL has been pulled downstream.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1526070
BRANCH=none
Change-Id: I81b54b9e2b8d3c6f9c00b40dd0771cda0585037c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1524757
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 2f68639..5d82fc0 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -258,10 +258,6 @@
if (flags & VB2_SECDATA_FLAG_DEV_MODE)
is_dev = 1;
- /* Handle forcing dev mode via physical switch */
- if (ctx->flags & VB2_CONTEXT_FORCE_DEVELOPER_MODE)
- is_dev = 1;
-
/* Check if GBB is forcing dev mode */
if (sd->gbb_flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON)
is_dev = 1;
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 9bf6772..ac4b058 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -78,6 +78,8 @@
/*
* Force developer mode enabled. Caller may set this flag when
* initializing the context.
+ *
+ * Deprecated as part of chromium:942901.
*/
VB2_CONTEXT_FORCE_DEVELOPER_MODE = (1 << 5),
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index 1bb9686..f17ac1b 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -377,16 +377,6 @@
" doesn't set dev on in secdata but does set last boot dev");
TEST_EQ(mock_tpm_clear_called, 1, " tpm clear");
- /* Force enabled by ctx flag */
- reset_common_data();
- cc.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
- TEST_SUCC(vb2_check_dev_switch(&cc), "dev on via ctx flag");
- TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev");
- vb2_secdata_get(&cc, VB2_SECDATA_FLAGS, &v);
- TEST_EQ(v, VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER,
- " doesn't set dev on in secdata but does set last boot dev");
- TEST_EQ(mock_tpm_clear_called, 1, " tpm clear");
-
/* Request disable by ctx flag */
reset_common_data();
vb2_secdata_set(&cc, VB2_SECDATA_FLAGS,
@@ -453,16 +443,6 @@
TEST_NEQ(cc.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx in dev");
TEST_EQ(mock_tpm_clear_called, 1, " tpm clear");
- /* Can still override with context flag */
- reset_common_data();
- cc.flags |= VB2_CONTEXT_RECOVERY_MODE;
- cc.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
- sd->status &= ~VB2_SD_STATUS_SECDATA_INIT;
- TEST_SUCC(vb2_check_dev_switch(&cc), "secdata fail recovery ctx");
- TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev");
- TEST_NEQ(cc.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx in dev");
- TEST_EQ(mock_tpm_clear_called, 1, " tpm clear");
-
/* Force wipeout by ctx flag */
reset_common_data();
cc.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE;
