security/vboot: Allow UDC regardless of vboot state
When a VBOOT enabled system is used without ChromeOS it may be valid to
allow the UDC independent of the vboot state.
Provide the option to always allow UDC when CHROMEOS is not selected.
BUG=N/A
TEST=build
Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 787cdbef..7e86c7c 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -181,6 +181,13 @@
help
Set this option to indicate to vboot that display should always be enabled.
+config VBOOT_ALWAYS_ALLOW_UDC
+ bool "Always allow UDC"
+ default n
+ depends on !CHROMEOS
+ help
+ This option allows UDC to be enabled regardless of the vboot state.
+
config VBOOT_HAS_REC_HASH_SPACE
bool
default n
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index 458ed87..3342524 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -27,6 +27,10 @@
/* Check if it is okay to enable USB Device Controller (UDC). */
int vboot_can_enable_udc(void)
{
+ /* Allow UDC in all vboot modes. */
+ if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC))
+ return 1;
+
/* Always disable if not in developer mode */
if (!vboot_developer_mode_enabled())
return 0;