Qinghong Zeng has uploaded this change for review.

View Change

mb/google/brya: Correct EC-is-trusted logic

With Cr50, the GPIO EC_IN_RW is used to determine whether EC is
trusted. However, with Ti50 where brya has been switched to, it is
determined by Ti50's boot mode. If the boot mode is TRUSTED_RO, the
VB2_CONTEXT_EC_TRUSTED flag will be set in check_boot_mode(). Therefore
in the Ti50 case get_ec_is_trusted() can just return 0.

The current code of get_ec_is_trusted() only checks the GPIO, which
causes the EC to be always considered "trusted". Therefore, correct the
return value to 0 for TPM_GOOGLE_TI50.

BUG=b:321172119
TEST=emerge-nissa coreboot chromeos-bootimage
TEST=firmware-DevMode passed in FAFT test

Change-Id: I308f8b36411030911c4421d80827fc49ff325a1b
Signed-off-by: zengqinghong <zengqinghong@huaqin.corp-partner.google.com>
---
M src/mainboard/google/brya/chromeos.c
1 file changed, 4 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/58/80158/1
diff --git a/src/mainboard/google/brya/chromeos.c b/src/mainboard/google/brya/chromeos.c
index 5c99371..73b7237 100644
--- a/src/mainboard/google/brya/chromeos.c
+++ b/src/mainboard/google/brya/chromeos.c
@@ -24,6 +24,10 @@
 
 int get_ec_is_trusted(void)
 {
+	/* With Ti50, VB2_CONTEXT_EC_TRUSTED should be set according to the boot mode. */
+	if (CONFIG(TPM_GOOGLE_TI50))
+		return 0;
+
 	/* EC is trusted if not in RW. */
 	return !gpio_get(GPIO_EC_IN_RW);
 }

To view, visit change 80158. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: I308f8b36411030911c4421d80827fc49ff325a1b
Gerrit-Change-Number: 80158
Gerrit-PatchSet: 1
Gerrit-Owner: Qinghong Zeng <zengqinghong@huaqin.corp-partner.google.com>
Gerrit-MessageType: newchange