[coreboot-gerrit] Change in coreboot[master]: security/vboot: Allow UDC regardless of vboot state

18 Jan 2020

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/38403 )
Change subject: security/vboot: Allow UDC regardless of vboot state
......................................................................
security/vboot: Allow UDC regardless of vboot state
When a VBOOT enabled system is used without ChromeOS it may be valid to
allow the UDC independent of the vboot state.
Provide the option to always allow UDC when CHROMEOS is not selected.
BUG=N/A
TEST=build
Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8
Signed-off-by: Wim Vervoorn wvervoorn@eltan.com
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Nico Huber nico.h@gmx.de
Reviewed-by: Frans Hendriks fhendriks@eltan.com
Reviewed-by: Furquan Shaikh furquan@google.com
---
M src/security/vboot/Kconfig
M src/security/vboot/vboot_common.c
2 files changed, 11 insertions(+), 0 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Nico Huber: Looks good to me, but someone else must approve
  Furquan Shaikh: Looks good to me, approved
  Frans Hendriks: Looks good to me, approved

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 787cdbe..7e86c7c 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -181,6 +181,13 @@
    help
      Set this option to indicate to vboot that display should always be enabled.
+config VBOOT_ALWAYS_ALLOW_UDC
+	bool "Always allow UDC"
+	default n
+	depends on !CHROMEOS
+	help
+	  This option allows UDC to be enabled regardless of the vboot state.
+
 config VBOOT_HAS_REC_HASH_SPACE
    bool
    default n
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index 458ed87..3342524 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -27,6 +27,10 @@
 /* Check if it is okay to enable USB Device Controller (UDC). */
 int vboot_can_enable_udc(void)
 {
+	/* Allow UDC in all vboot modes. */
+	if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC))
+		return 1;
+
    /* Always disable if not in developer mode */
    if (!vboot_developer_mode_enabled())
    	return 0;
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/38403
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8
Gerrit-Change-Number: 38403
Gerrit-PatchSet: 5
Gerrit-Owner: Wim Vervoorn wvervoorn@eltan.com
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com
Gerrit-Reviewer: Furquan Shaikh furquan@google.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Nico Huber nico.h@gmx.de
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Reviewer: Wim Vervoorn wvervoorn@eltan.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/vboot: Allow UDC regardless of vboot state