Qinghong Zeng has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/80158?usp=email )
Change subject: mb/google/brya: Correct EC-is-trusted logic ......................................................................
mb/google/brya: Correct EC-is-trusted logic
With Cr50, the GPIO EC_IN_RW is used to determine whether EC is trusted. However, with Ti50 where brya has been switched to, it is determined by Ti50's boot mode. If the boot mode is TRUSTED_RO, the VB2_CONTEXT_EC_TRUSTED flag will be set in check_boot_mode(). Therefore in the Ti50 case get_ec_is_trusted() can just return 0.
The current code of get_ec_is_trusted() only checks the GPIO, which causes the EC to be always considered "trusted". Therefore, correct the return value to 0 for TPM_GOOGLE_TI50.
BUG=b:321172119 TEST=emerge-nissa coreboot chromeos-bootimage TEST=firmware-DevMode passed in FAFT test
Change-Id: I308f8b36411030911c4421d80827fc49ff325a1b Signed-off-by: zengqinghong zengqinghong@huaqin.corp-partner.google.com --- M src/mainboard/google/brya/chromeos.c 1 file changed, 4 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/58/80158/1
diff --git a/src/mainboard/google/brya/chromeos.c b/src/mainboard/google/brya/chromeos.c index 5c99371..73b7237 100644 --- a/src/mainboard/google/brya/chromeos.c +++ b/src/mainboard/google/brya/chromeos.c @@ -24,6 +24,10 @@
int get_ec_is_trusted(void) { + /* With Ti50, VB2_CONTEXT_EC_TRUSTED should be set according to the boot mode. */ + if (CONFIG(TPM_GOOGLE_TI50)) + return 0; + /* EC is trusted if not in RW. */ return !gpio_get(GPIO_EC_IN_RW); }