Add DISABLE_DEV_REQUEST flag to nvram.
This just creates the bit. It doesn't actually do anything yet.
BUG=chrome-os-partner:9980
TEST=manual
crossystem disable_dev_request=1
crossystem
crossystem disable_dev_request=0
crossystem
Change-Id: I0e92a6b5ef5074ee5eae2d6d469c1c9826faecb3
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23752
Reviewed-by: Randall Spangler <rspangler@chromium.org>
diff --git a/firmware/include/vboot_nvstorage.h b/firmware/include/vboot_nvstorage.h
index 0f6e1fc..7914176 100644
--- a/firmware/include/vboot_nvstorage.h
+++ b/firmware/include/vboot_nvstorage.h
@@ -56,6 +56,9 @@
VBNV_DEV_BOOT_USB,
/* Only boot Google-signed images in developer mode. 0=no, 1=yes. */
VBNV_DEV_BOOT_SIGNED_ONLY,
+ /* Set by userspace to request that RO firmware disable dev-mode on the next
+ * boot. This is likely only possible if the dev-switch is virtual. */
+ VBNV_DISABLE_DEV_REQUEST,
} VbNvParam;
diff --git a/firmware/lib/vboot_nvstorage.c b/firmware/lib/vboot_nvstorage.c
index 7361817..de4fa3b 100644
--- a/firmware/lib/vboot_nvstorage.c
+++ b/firmware/lib/vboot_nvstorage.c
@@ -22,6 +22,7 @@
#define BOOT_OFFSET 1
#define BOOT_DEBUG_RESET_MODE 0x80
+#define BOOT_DISABLE_DEV_REQUEST 0x40
#define BOOT_TRY_B_COUNT_MASK 0x0F
#define RECOVERY_OFFSET 2
@@ -128,6 +129,10 @@
*dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_SIGNED_ONLY_MASK ? 1 : 0);
return 0;
+ case VBNV_DISABLE_DEV_REQUEST:
+ *dest = (raw[BOOT_OFFSET] & BOOT_DISABLE_DEV_REQUEST ? 1 : 0);
+ return 0;
+
default:
return 1;
}
@@ -220,6 +225,13 @@
raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_SIGNED_ONLY_MASK;
break;
+ case VBNV_DISABLE_DEV_REQUEST:
+ if (value)
+ raw[BOOT_OFFSET] |= BOOT_DISABLE_DEV_REQUEST;
+ else
+ raw[BOOT_OFFSET] &= ~BOOT_DISABLE_DEV_REQUEST;
+ break;
+
default:
return 1;
}
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index 27d45c3..a834979 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -371,6 +371,8 @@
value = VbGetNvStorage(VBNV_RECOVERY_REQUEST);
} else if (!strcasecmp(name,"dbg_reset")) {
value = VbGetNvStorage(VBNV_DEBUG_RESET_MODE);
+ } else if (!strcasecmp(name,"disable_dev_request")) {
+ value = VbGetNvStorage(VBNV_DISABLE_DEV_REQUEST);
} else if (!strcasecmp(name,"fwb_tries")) {
value = VbGetNvStorage(VBNV_TRY_B_COUNT);
} else if (!strcasecmp(name,"fwupdate_tries")) {
@@ -449,6 +451,8 @@
return VbSetNvStorage(VBNV_RECOVERY_REQUEST, value);
} else if (!strcasecmp(name,"dbg_reset")) {
return VbSetNvStorage(VBNV_DEBUG_RESET_MODE, value);
+ } else if (!strcasecmp(name,"disable_dev_request")) {
+ return VbSetNvStorage(VBNV_DISABLE_DEV_REQUEST, value);
} else if (!strcasecmp(name,"fwb_tries")) {
return VbSetNvStorage(VBNV_TRY_B_COUNT, value);
} else if (!strcasecmp(name,"fwupdate_tries")) {
diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c
index 0a2e6de..2161583 100644
--- a/utility/crossystem_main.c
+++ b/utility/crossystem_main.c
@@ -37,6 +37,7 @@
{"arch", IS_STRING, "Platform architecture"},
{"cros_debug", 0, "OS should allow debug features"},
{"dbg_reset", CAN_WRITE, "Debug reset mode request (writable)"},
+ {"disable_dev_request", CAN_WRITE, "Disable virtual dev-mode on next boot"},
{"dev_boot_usb", CAN_WRITE,
"Enable developer mode boot from USB/SD (writable)"},
{"dev_boot_signed_only", CAN_WRITE,