diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/vboot_logic.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 70c7d77073..c257d22b8e 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -212,15 +212,18 @@ static uint32_t extend_pcrs(struct vb2_context *ctx) vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); } -#define EC_EFS_BOOT_MODE_NORMAL 0x00 -#define EC_EFS_BOOT_MODE_NO_BOOT 0x01 +#define EC_EFS_BOOT_MODE_TRUSTED_RO 0x00 +#define EC_EFS_BOOT_MODE_UNTRUSTED_RO 0x01 +#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x02 static const char *get_boot_mode_string(uint8_t boot_mode) { - if (boot_mode == EC_EFS_BOOT_MODE_NORMAL) - return "NORMAL"; - else if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT) - return "NO_BOOT"; + if (boot_mode == EC_EFS_BOOT_MODE_TRUSTED_RO) + return "TRUSTED_RO"; + else if (boot_mode == EC_EFS_BOOT_MODE_UNTRUSTED_RO) + return "UNTRUSTED_RO"; + else if (boot_mode == EC_EFS_BOOT_MODE_VERIFIED_RW) + return "VERIFIED_RW"; else return "UNDEFINED"; } @@ -253,8 +256,10 @@ static void check_boot_mode(struct vb2_context *ctx) printk(BIOS_INFO, "Cr50 says boot_mode is %s(0x%02x).\n", get_boot_mode_string(boot_mode), boot_mode); - if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT) + if (boot_mode == EC_EFS_BOOT_MODE_UNTRUSTED_RO) ctx->flags |= VB2_CONTEXT_NO_BOOT; + else if (boot_mode == EC_EFS_BOOT_MODE_TRUSTED_RO) + ctx->flags |= VB2_CONTEXT_EC_TRUSTED; } /** |