summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/vboot_logic.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 70c7d77073..c257d22b8e 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -212,15 +212,18 @@ static uint32_t extend_pcrs(struct vb2_context *ctx)
vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
}
-#define EC_EFS_BOOT_MODE_NORMAL 0x00
-#define EC_EFS_BOOT_MODE_NO_BOOT 0x01
+#define EC_EFS_BOOT_MODE_TRUSTED_RO 0x00
+#define EC_EFS_BOOT_MODE_UNTRUSTED_RO 0x01
+#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x02
static const char *get_boot_mode_string(uint8_t boot_mode)
{
- if (boot_mode == EC_EFS_BOOT_MODE_NORMAL)
- return "NORMAL";
- else if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT)
- return "NO_BOOT";
+ if (boot_mode == EC_EFS_BOOT_MODE_TRUSTED_RO)
+ return "TRUSTED_RO";
+ else if (boot_mode == EC_EFS_BOOT_MODE_UNTRUSTED_RO)
+ return "UNTRUSTED_RO";
+ else if (boot_mode == EC_EFS_BOOT_MODE_VERIFIED_RW)
+ return "VERIFIED_RW";
else
return "UNDEFINED";
}
@@ -253,8 +256,10 @@ static void check_boot_mode(struct vb2_context *ctx)
printk(BIOS_INFO, "Cr50 says boot_mode is %s(0x%02x).\n",
get_boot_mode_string(boot_mode), boot_mode);
- if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT)
+ if (boot_mode == EC_EFS_BOOT_MODE_UNTRUSTED_RO)
ctx->flags |= VB2_CONTEXT_NO_BOOT;
+ else if (boot_mode == EC_EFS_BOOT_MODE_TRUSTED_RO)
+ ctx->flags |= VB2_CONTEXT_EC_TRUSTED;
}
/**