From 95673afc78c9bdc3c78734c8e23a67f37dc8c8cd Mon Sep 17 00:00:00 2001
From: Furquan Shaikh <furquan@google.com>
Date: Wed, 25 Apr 2018 18:15:44 -0700
Subject: security/vboot: Add function to check if UDC can be enabled

Add a function that will check the various requirements to
enable USB Device Controller (UDC):

- developer mode enabled
- GBB flag set or VBNV flag set

If VBOOT is not enabled, then default is to allow UDC enabling.

BUG=b:78577893
BRANCH=poppy

Change-Id: Id146ac1065f209865372aeb423f66ae734702954
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/25847
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/security/vboot/vboot_common.c | 19 +++++++++++++++++++
 src/security/vboot/vboot_common.h |  3 +++
 2 files changed, 22 insertions(+)

diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index 11320d218e..ae5bdb634a 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -20,11 +20,14 @@
 #include <console/cbmem_console.h>
 #include <console/console.h>
 #include <fmap.h>
+#include <gbb_header.h>
 #include <reset.h>
 #include <rules.h>
 #include <stddef.h>
 #include <string.h>
+#include <security/vboot/gbb.h>
 #include <security/vboot/vboot_common.h>
+#include <security/vboot/vbnv.h>
 
 int vboot_named_region_device(const char *name, struct region_device *rdev)
 {
@@ -36,6 +39,22 @@ int vboot_named_region_device_rw(const char *name, struct region_device *rdev)
 	return fmap_locate_area_as_rdev_rw(name, rdev);
 }
 
+/* Check if it is okay to enable USB Device Controller (UDC). */
+int vboot_can_enable_udc(void)
+{
+	/* Always disable if not in developer mode */
+	if (!vboot_developer_mode_enabled())
+		return 0;
+	/* Enable if GBB flag is set */
+	if (gbb_is_flag_set(GBB_FLAG_ENABLE_UDC))
+		return 1;
+	/* Enable if VBNV flag is set */
+	if (vbnv_udc_enable_flag())
+		return 1;
+	/* Otherwise disable */
+	return 0;
+}
+
 /* ========================== VBOOT HANDOFF APIs =========================== */
 int vboot_get_handoff_info(void **addr, uint32_t *size)
 {
diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h
index 8c92f7f131..8f03788cb6 100644
--- a/src/security/vboot/vboot_common.h
+++ b/src/security/vboot/vboot_common.h
@@ -109,10 +109,13 @@ void verstage_mainboard_init(void);
 int vboot_developer_mode_enabled(void);
 int vboot_recovery_mode_enabled(void);
 int vboot_recovery_mode_memory_retrain(void);
+int vboot_can_enable_udc(void);
 #else /* !CONFIG_VBOOT */
 static inline int vboot_developer_mode_enabled(void) { return 0; }
 static inline int vboot_recovery_mode_enabled(void) { return 0; }
 static inline int vboot_recovery_mode_memory_retrain(void) { return 0; }
+/* If VBOOT is not enabled, we are okay enabling USB device controller (UDC). */
+static inline int vboot_can_enable_udc(void) { return 1; }
 #endif
 
 #endif /* __VBOOT_VBOOT_COMMON_H__ */
-- 
cgit v1.2.3