vboot: Call check_boot_mode before vb2api_fw_phase1
Currently, check_boot_mode is called after vb2api_fw_phase1, which
makes verstage_main exit before reaching check_boot_mode if recovery
mode is manually requested. Thus, recovery mode isn't able to test
whether VB2_CONTEXT_EC_TRUSTED is set or not.
This patch makes verstage_main call check_boot_mode before
vb2api_fw_phase1 to fix the issue.
BUG=b:180927027, b:187871195
BRANCH=none
TEST=build
Change-Id: If8524d1513b13fd79320a116a83f6729a820f61f
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57623
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 5ea4916..10993d3 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -244,12 +244,7 @@
default:
printk(BIOS_ERR,
"Communication error in getting Cr50 boot mode.\n");
- if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
- /* Continue to boot in recovery mode */
- return;
vb2api_fail(ctx, VB2_RECOVERY_CR50_BOOT_MODE, rv);
- vboot_save_data(ctx);
- vboot_reboot();
return;
}
@@ -321,6 +316,17 @@
if (!CONFIG(VBOOT_MUST_REQUEST_DISPLAY) || CONFIG(VBOOT_ALWAYS_ENABLE_DISPLAY))
ctx->flags |= VB2_CONTEXT_DISPLAY_INIT;
+ /*
+ * Get boot mode from GSC. This allows us to refuse to boot OS
+ * (with VB2_CONTEXT_NO_BOOT) or to switch to developer mode (with
+ * !VB2_CONTEXT_EC_TRUSTED).
+ *
+ * If there is an communication error, a recovery reason will be set and
+ * vb2api_fw_phase1 will route us to recovery mode.
+ */
+ if (CONFIG(TPM_CR50))
+ check_boot_mode(ctx);
+
/* Do early init (set up secdata and NVRAM, load GBB) */
printk(BIOS_INFO, "Phase 1\n");
rv = vb2api_fw_phase1(ctx);
@@ -391,9 +397,6 @@
timestamp_add_now(TS_END_TPMPCR);
}
- if (CONFIG(TPM_CR50))
- check_boot_mode(ctx);
-
/* Lock TPM */
timestamp_add_now(TS_START_TPMLOCK);