commit a115e1ad81f9f93b9c36779f645305b06056661e
author Joel Kitching <kitching@google.com> Wed Mar 03 17:34:43 2021 +0800
committer Commit Bot <commit-bot@chromium.org> Wed Mar 10 06:39:05 2021 +0000
tree 012741dc0e38cfd2cf05fff24fa84e47b7bbd094
parent ce7171190f1975d1ea3e65a1d46d640ebc243d9e

vboot: do not change screens when dev boot disallowed

In CL:2716747, VB2_SCREEN_DEVELOPER_TO_NORM is pulled up to act
as the root screen in the case of dev boot being disallowed.

As such, the screen changes can be removed from
VB2_SCREEN_DEVELOPER_MODE init() and reinit() functions.
If the user does manage to get into the developer mode screen
while developer mode is disabled, rely on the individual checks
in these functions to prevent booting:

- vb2_ui_developer_mode_boot_internal_action
- vb2_ui_developer_mode_boot_external_action
- vb2_ui_developer_mode_boot_altfw_action

BUG=b:159579189, b:181087237
TEST=make clean && make runtests
BRANCH=none

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic72d30709baeac2fc7e681d973413e2e9c8b0483
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2730669
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>

firmware/2lib/2ui_screens.c

diff --git a/firmware/2lib/2ui_screens.c b/firmware/2lib/2ui_screens.c
index cda9400..218c34f 100644
--- a/firmware/2lib/2ui_screens.c
+++ b/firmware/2lib/2ui_screens.c
@@ -688,10 +688,6 @@
 	enum vb2_dev_default_boot_target default_boot =
 		vb2api_get_dev_default_boot_target(ui->ctx);
 
-	/* TODO(b/159579189): Split this case into a separate root screen */
-	if (!vb2_dev_boot_allowed(ui->ctx))
-		return vb2_ui_screen_change(ui, VB2_SCREEN_DEVELOPER_TO_NORM);
-
 	/* Don't show "Return to secure mode" button if GBB forces dev mode. */
 	if (vb2_get_gbb(ui->ctx)->flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON)
 		VB2_SET_BIT(ui->state->hidden_item_mask,
@@ -781,10 +777,6 @@
 	const int use_short = vb2api_use_short_dev_screen_delay(ui->ctx);
 	uint64_t elapsed_ms;
 
-	/* TODO(b/159579189): Split this case into a separate root screen */
-	if (!vb2_dev_boot_allowed(ui->ctx))
-		return vb2_ui_screen_change(ui, VB2_SCREEN_DEVELOPER_TO_NORM);
-
 	/* Once any user interaction occurs, stop the timer. */
 	if (ui->key)
 		ui->disable_timer = 1;

tests/vb2_ui_tests.c

diff --git a/tests/vb2_ui_tests.c b/tests/vb2_ui_tests.c
index 39acd2d..607087e 100644
--- a/tests/vb2_ui_tests.c
+++ b/tests/vb2_ui_tests.c
@@ -598,6 +598,14 @@
 	TEST_EQ(mock_beep_count, 2, "  beeped twice");
 	TEST_TRUE(mock_iters >= mock_vbtlk_total, "  used up mock_vbtlk");
 
+	/* Don't proceed to internal disk after timeout (dev mode disallowed) */
+	reset_common_data(FOR_DEVELOPER);
+	mock_dev_boot_allowed = 0;
+	TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL),
+		VB2_REQUEST_SHUTDOWN,
+		"do not proceed to internal disk after timeout "
+		"(dev mode disallowed)");
+
 	/* Use short delay */
 	reset_common_data(FOR_DEVELOPER);
 	gbb.flags |= VB2_GBB_FLAG_DEV_SCREEN_SHORT_DELAY;
@@ -687,6 +695,15 @@
 	TEST_EQ(vb2_developer_menu(ctx), VB2_REQUEST_SHUTDOWN,
 		"default boot from external disk not allowed, don't boot");
 
+	/* Don't proceed to external disk after timeout (dev mode disallowed) */
+	reset_common_data(FOR_DEVELOPER);
+	mock_dev_boot_allowed = 0;
+	mock_default_boot = VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL;
+	TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL),
+		VB2_REQUEST_SHUTDOWN,
+		"do not proceed to external disk after timeout "
+		"(dev mode disallowed)");
+
 	/* If no external disk, don't boot */
 	reset_common_data(FOR_DEVELOPER);
 	add_mock_vbtlk(VB2_ERROR_LK_NO_DISK_FOUND, VB_DISK_FLAG_REMOVABLE);
@@ -727,15 +744,6 @@
 			"VB_BUTTON_VOL_UP_LONG_PRESS = boot external");
 	}
 
-	/* If dev mode is disabled, directly goes to to_norm screen */
-	reset_common_data(FOR_DEVELOPER);
-	mock_dev_boot_allowed = 0;
-	TEST_EQ(vb2_developer_menu(ctx), VB2_REQUEST_SHUTDOWN,
-		"if dev mode is disabled, directly goes to to_norm screen");
-	DISPLAYED_EQ("to_norm", VB2_SCREEN_DEVELOPER_TO_NORM, MOCK_IGNORE,
-		     MOCK_IGNORE, MOCK_IGNORE, MOCK_IGNORE, MOCK_IGNORE);
-	DISPLAYED_NO_EXTRA();
-
 	/* Select to_norm in dev menu and confirm */
 	reset_common_data(FOR_DEVELOPER);
 	add_mock_keypress(VB_KEY_UP);
@@ -746,6 +754,18 @@
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST), 1,
 		"  disable dev request");
 
+	/* Select to_norm in dev menu and confirm (dev mode disallowed) */
+	reset_common_data(FOR_DEVELOPER);
+	mock_dev_boot_allowed = 0;
+	add_mock_keypress(VB_KEY_UP);
+	add_mock_keypress(VB_KEY_ENTER);
+	add_mock_keypress(VB_KEY_ENTER);
+	TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL),
+		VB2_REQUEST_REBOOT,
+		"select to_norm in dev menu and confirm (dev mode disallowed)");
+	TEST_EQ(vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST), 1,
+		"  disable dev request");
+
 	/* Select to_norm in dev menu and cancel */
 	reset_common_data(FOR_DEVELOPER);
 	add_mock_keypress(VB_KEY_UP);