Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31260 )
Change subject: coreboot: check TPM mode on normal boot ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... File src/vendorcode/google/chromeos/cr50_enable_update.c:
https://review.coreboot.org/#/c/31260/1/src/vendorcode/google/chromeos/cr50_... PS1, Line 84: if (vboot_recovery_mode_enabled())
This is a good point, and that would happen when we reboot due to TPM_MODE as well.
I think when we boot into manual recovery mode we know that H1 just cleanly rebooted (that's what it does when you press the magic key combo,
H1 does not reboot. EC_RST_L is asserted which takes down the AP side as well. H1 sees the AP reset signal and resets the TPM state, but the H1 itself does not reboot.
right?), so in that case it should be guaranteed that we don't need to reboot again. When we boot into non-manual recovery mode, all we do is display a "Chrome OS is missing or damaged" screen, we don't really need the TPM for that. So I think it should be fine to just skip both reboot checks here when we're in recovery mode. (It would be nice to update the comment to detail that reasoning better.)