vboot: Make vboot_logic_executed() a bit more precise

This patch adds another check to vboot_logic_executed() to make sure we
only do a runtime check for verstage_should_load() if
CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where
the stage that's loading the verstage can execute after verification has
run (because the verstage will return to it when it's done). In the
other case, the stage that loads verstage really just loads it and will
never do anything again after hand-off, so it's guaranteed to always
execute before verification.

This change may allow extra dead-code elimination in some cases.

Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c
index 0640ebd..3bbb3da 100644
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@@ -64,9 +64,11 @@
 int vboot_logic_executed(void)
-	/* If we are in a stage that would load the verstage or execute the
-	   vboot logic directly, we store the answer in a global. */
-	if (verstage_should_load() || verification_should_run())
+	/* If we are in the stage that runs verification, or in the stage that
+	   both loads the verstage and is returned to from it afterwards, we
+	   need to check a global to see if verfication has run. */
+	if (verification_should_run() ||
+	    (verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))
 		return car_get_var(vboot_executed);