vboot: remove VBERROR_TPM_SET_BOOT_MODE_STATE error code

Since secdata and nvdata get/set functions no longer return error
codes, and instead use VB2_ASSERT and VB2_DIE to abort on failure,
vb2_enable_developer_mode no longer has any error code to return.
Change the function return type to void, and remove checks around
the function call.  As a result, VBERROR_TPM_SET_BOOT_MODE_STATE
becomes unused and we may remove it.  Finally, move the
USB_BOOT_ON_DEV logic (enable USB boot when on transition to dev
mode) into vb2_enable_developer_mode.  Also add unit tests.

BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none

Change-Id: I286d9343c4c751ff24bf4c149a26fbe5306e383a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2152212
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index de4b424..5411ad1 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -375,7 +375,7 @@
 	return VB2_SUCCESS;
 }
 
-vb2_error_t vb2_enable_developer_mode(struct vb2_context *ctx)
+void vb2_enable_developer_mode(struct vb2_context *ctx)
 {
 	uint32_t flags;
 
@@ -385,9 +385,10 @@
 	flags |= VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE;
 	vb2_secdata_firmware_set(ctx, VB2_SECDATA_FIRMWARE_FLAGS, flags);
 
-	VB2_DEBUG("Mode change will take effect on next reboot\n");
+	if (USB_BOOT_ON_DEV)
+		vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 1);
 
-	return VB2_SUCCESS;
+	VB2_DEBUG("Mode change will take effect on next reboot\n");
 }
 
 test_mockable
diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h
index 94a93d4..ccdd832 100644
--- a/firmware/2lib/include/2misc.h
+++ b/firmware/2lib/include/2misc.h
@@ -171,9 +171,8 @@
  * done on the next boot.
  *
  * @param ctx		Vboot context
- * @return VB2_SUCCESS, or error code on error.
  */
-vb2_error_t vb2_enable_developer_mode(struct vb2_context *ctx);
+void vb2_enable_developer_mode(struct vb2_context *ctx);
 
 /**
  * Check whether recovery is allowed or not.
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index c03ba7a..3a303be 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -40,8 +40,6 @@
 	 * vboot1-style errors
 	 * TODO: deprecate these once they have all moved over to vboot2 style
 	 */
-	/* Unable to set boot mode state in TPM */
-	VBERROR_TPM_SET_BOOT_MODE_STATE       = 0x10006,
 	/* Calling firmware needs to perform a reboot. */
 	VBERROR_REBOOT_REQUIRED               = 0x10007,
 	/* Calling firmware requested shutdown via VbExIsShutdownRequested() */
diff --git a/firmware/lib/vboot_ui_legacy_clamshell.c b/firmware/lib/vboot_ui_legacy_clamshell.c
index c510d58..a759b93 100644
--- a/firmware/lib/vboot_ui_legacy_clamshell.c
+++ b/firmware/lib/vboot_ui_legacy_clamshell.c
@@ -499,12 +499,7 @@
 					     VB_CONFIRM_MUST_TRUST_KEYBOARD;
 			switch (VbUserConfirms(ctx, vbc_flags)) {
 			case 1:
-				VB2_DEBUG("Enabling dev-mode...\n");
-				if (VB2_SUCCESS != vb2_enable_developer_mode(ctx))
-					return VBERROR_TPM_SET_BOOT_MODE_STATE;
-				VB2_DEBUG("Reboot so it will take effect\n");
-				if (USB_BOOT_ON_DEV)
-					vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 1);
+				vb2_enable_developer_mode(ctx);
 				return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
 			case -1:
 				VB2_DEBUG("Shutdown requested\n");
diff --git a/firmware/lib/vboot_ui_legacy_menu.c b/firmware/lib/vboot_ui_legacy_menu.c
index 48eaabe9..66e4c9c 100644
--- a/firmware/lib/vboot_ui_legacy_menu.c
+++ b/firmware/lib/vboot_ui_legacy_menu.c
@@ -358,15 +358,8 @@
 	    !vb2_allow_recovery(ctx))
 		return VBERROR_KEEP_LOOPING;
 
-	VB2_DEBUG("Enabling dev-mode...\n");
-	if (VB2_SUCCESS != vb2_enable_developer_mode(ctx))
-		return VBERROR_TPM_SET_BOOT_MODE_STATE;
+	vb2_enable_developer_mode(ctx);
 
-	/* This was meant for headless devices, shouldn't really matter here. */
-	if (USB_BOOT_ON_DEV)
-		vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 1);
-
-	VB2_DEBUG("Reboot so it will take effect\n");
 	return VBERROR_REBOOT_REQUIRED;
 }
 
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index 493aab4..4c56c8f 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -637,6 +637,29 @@
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_REQ_WIPEOUT), 1, "  nv wipeout");
 }
 
+static void enable_dev_tests(void)
+{
+	reset_common_data();
+	vb2_enable_developer_mode(ctx);
+	TEST_NEQ(vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_FLAGS) &
+	         VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE, 0,
+		 "dev mode flag set");
+	TEST_EQ(vb2_nv_get(ctx, VB2_NV_DEV_BOOT_USB), USB_BOOT_ON_DEV,
+		"NV_DEV_BOOT_USB set according to compile-time flag");
+
+	/* secdata_firmware not initialized, aborts */
+	reset_common_data();
+	sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT;
+	TEST_ABORT(vb2_enable_developer_mode(ctx),
+		   "secdata_firmware no init, enable dev mode aborted");
+	sd->status |= VB2_SD_STATUS_SECDATA_FIRMWARE_INIT;
+	TEST_EQ(vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_FLAGS) &
+	        VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE, 0,
+		"dev mode flag not set");
+	TEST_EQ(vb2_nv_get(ctx, VB2_NV_DEV_BOOT_USB), 0,
+		"NV_DEV_BOOT_USB not set");
+}
+
 static void tpm_clear_tests(void)
 {
 	/* No clear request */
@@ -929,6 +952,7 @@
 	fail_tests();
 	recovery_tests();
 	dev_switch_tests();
+	enable_dev_tests();
 	tpm_clear_tests();
 	select_slot_tests();
 	need_reboot_for_display_tests();
diff --git a/tests/vboot_legacy_clamshell_tests.c b/tests/vboot_legacy_clamshell_tests.c
index 48ae6ad..054a223 100644
--- a/tests/vboot_legacy_clamshell_tests.c
+++ b/tests/vboot_legacy_clamshell_tests.c
@@ -39,7 +39,7 @@
 static uint64_t current_ticks;
 static int trust_ec;
 static int virtdev_set;
-static uint32_t virtdev_retval;
+static uint32_t virtdev_fail;
 static uint32_t mock_keypress[16];
 static uint32_t mock_keyflags[8];
 static uint32_t mock_keypress_count;
@@ -108,7 +108,7 @@
 	current_ticks = 0;
 	trust_ec = 0;
 	virtdev_set = 0;
-	virtdev_retval = 0;
+	virtdev_fail = 0;
 	set_vendor_data_called = 0;
 
 	memset(screens_displayed, 0, sizeof(screens_displayed));
@@ -267,10 +267,10 @@
 	return VB2_SUCCESS;
 }
 
-vb2_error_t vb2_enable_developer_mode(struct vb2_context *c)
+void vb2_enable_developer_mode(struct vb2_context *c)
 {
+	VB2_ASSERT(!virtdev_fail);
 	virtdev_set = 1;
-	return virtdev_retval;
 }
 
 vb2_error_t VbExSetVendorData(const char *vendor_data_value)
@@ -1438,7 +1438,7 @@
 	VbBootRecTestGpio(GPIO_PRESENCE | GPIO_SHUTDOWN, GPIO_PRESENCE, 0, 0,
 			  "Ctrl+D todev confirm via both then presence");
 
-	/* Handle TPM error in enabling dev mode */
+	/* Don't handle TPM error in enabling dev mode */
 	ResetMocks();
 	sd->flags = VB2_SD_FLAG_MANUAL_RECOVERY;
 	MockGpioAfter(10, GPIO_SHUTDOWN);
@@ -1447,11 +1447,11 @@
 	mock_keypress[0] = VB_KEY_CTRL('D');
 	mock_keypress[1] = VB_KEY_ENTER;
 	mock_keyflags[1] = VB_KEY_FLAG_TRUSTED_KEYBOARD;
-	virtdev_retval = VB2_ERROR_MOCK;
+	virtdev_fail = 1;
 	vbtlk_expect_removable = 1;
-	TEST_EQ(VbBootRecoveryLegacyClamshell(ctx),
-		VBERROR_TPM_SET_BOOT_MODE_STATE,
-		"Ctrl+D todev failure");
+	TEST_ABORT(VbBootRecoveryLegacyClamshell(ctx),
+		   "Ctrl+D todev failure");
+	TEST_EQ(virtdev_set, 0, "  virtual dev mode still off");
 
 	/* Test Diagnostic Mode via Ctrl-C - display available */
 	ResetMocks();
diff --git a/tests/vboot_legacy_menu_tests.c b/tests/vboot_legacy_menu_tests.c
index 5e010a1..39eb018 100644
--- a/tests/vboot_legacy_menu_tests.c
+++ b/tests/vboot_legacy_menu_tests.c
@@ -42,7 +42,7 @@
 static int debug_info_displayed;
 static int trust_ec;
 static int virtdev_set;
-static uint32_t virtdev_retval;
+static uint32_t virtdev_fail;
 static uint32_t mock_keypress[64];
 static uint32_t mock_keyflags[64];
 static uint32_t mock_keypress_count;
@@ -78,7 +78,7 @@
 	debug_info_displayed = 0;
 	trust_ec = 0;
 	virtdev_set = 0;
-	virtdev_retval = 0;
+	virtdev_fail = 0;
 
 	vbtlk_last_retval = vbtlk_retval_fixed - VB_DISK_FLAG_FIXED;
 	memset(vbtlk_retval, 0, sizeof(vbtlk_retval));
@@ -226,10 +226,10 @@
 	return VB2_SUCCESS;
 }
 
-vb2_error_t vb2_enable_developer_mode(struct vb2_context *c)
+void vb2_enable_developer_mode(struct vb2_context *c)
 {
+	VB2_ASSERT(!virtdev_fail);
 	virtdev_set = 1;
-	return virtdev_retval;
 }
 
 /* Tests */
@@ -1705,7 +1705,7 @@
 	TEST_EQ(beeps_played[0], 400, "    first beep");
 	TEST_EQ(beeps_played[1], 400, "    second beep");
 
-	/* Handle TPM error in enabling dev mode */
+	/* Don't handle TPM error in enabling dev mode */
 	ResetMocksForManualRecovery();
 	i = 0;
 	mock_keyflags[i] = VB_KEY_FLAG_TRUSTED_KEYBOARD;
@@ -1713,13 +1713,12 @@
 	mock_keyflags[i] = VB_KEY_FLAG_TRUSTED_KEYBOARD;
 	mock_keypress[i++] = VB_BUTTON_VOL_UP_SHORT_PRESS; // confirm enabling
 	mock_keypress[i++] = VB_BUTTON_POWER_SHORT_PRESS;
-	virtdev_retval = VB2_ERROR_MOCK;
-	TEST_EQ(VbBootRecoveryLegacyMenu(ctx), VBERROR_TPM_SET_BOOT_MODE_STATE,
-		"todev TPM failure");
+	virtdev_fail = 1;
+	TEST_ABORT(VbBootRecoveryLegacyMenu(ctx), "todev TPM failure");
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), 0, "  no recovery");
 	TEST_EQ(debug_info_displayed, 0, "  no debug info");
 	TEST_NEQ(shutdown_request_calls_left, 0, "  aborted explicitly");
-	TEST_EQ(virtdev_set, 1, "  virtual dev mode on");
+	TEST_EQ(virtdev_set, 0, "  virtual dev mode still off");
 	i = 0;
 	TEST_EQ(screens_displayed[i++], VB_SCREEN_RECOVERY_NO_GOOD,
 		"  nogood screen");
@@ -1727,7 +1726,6 @@
 		"  recovery to_dev menu: cancel");
 	TEST_EQ(screens_displayed[i++], VB_SCREEN_RECOVERY_TO_DEV_MENU,
 		"  recovery to_dev menu: confirm disabling os verification");
-	TEST_EQ(screens_displayed[i++], VB_SCREEN_BLANK,"  final blank screen");
 	TEST_EQ(screens_count, i, "  no extra screens");
 	TEST_EQ(beeps_count, 0, "  no beeps");