commit 39392528f4988df03217f7b513e92ed62f5c3211
author Vadim Bendebury <vbendeb@chromium.org> Fri Mar 20 16:19:57 2015 -0700
committer ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> Mon Mar 23 19:23:28 2015 +0000
tree a9f69e82464e1c14042ea75a4d1c0168023009dd
parent f80ceeb432b880ad8af8bcd1f4fa07f03ee4a8e6

Disable dev mode on recovery, when configured.

If so desired by the firmware, disable developer mode each time the
recovery mode is entered.

BRANCH=storm
BUG=chrome-os-partner:36059
TEST=with the rest of the patches applied observed desired behavior on
     an SP5 (developer mode state wiped out on entering recovery)

Change-Id: If08dc517363bcc36fcc8b0b875a8700bbcefde4c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/261630
Reviewed-by: Randall Spangler <rspangler@chromium.org>

firmware/2lib/2misc.c

diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 53f713b..8d2cbf3 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -224,6 +224,14 @@
 		vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0);
 	}
 
+	if (ctx->flags & VB2_DISABLE_DEVELOPER_MODE) {
+		/*
+		 * Hardware switch and GBB flag will take precedence over
+		 * this.
+		 */
+		flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
+	}
+
 	/* Check virtual dev switch */
 	if (flags & VB2_SECDATA_FLAG_DEV_MODE)
 		is_dev = 1;

firmware/2lib/include/2api.h

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 92b815f..d8cc9b8 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -90,6 +90,9 @@
 
 	/* Wipeout by the app should be requested. */
 	VB2_CONTEXT_FORCE_WIPEOUT_MODE = (1 << 8),
+
+	/* Erase TPM developer mode state if it is enabled. */
+	VB2_DISABLE_DEVELOPER_MODE = (1 << 9),
 };
 
 /*