Attention is currently required from: Michał Żygowski, Yu-Ping Wu.
Hello build bot (Jenkins), Julius Werner, Yu-Ping Wu,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/74343
to look at the new patch set (#3).
Change subject: security/vboot: Add function to clear recovery request ......................................................................
security/vboot: Add function to clear recovery request
For ChromeOS platform the recovery reason is cleared in vb2api_kernel_phase2 which is probably not called by any non-ChromeOS system. It results in the platform being stuck in recovery mode, e.g. when RW firmware verification fails. Even if the RW partition is flashed with correctly signed image, the persistent non-zero recovery reason will prevent vboot from attempting the RW partition check.
Use the newly exposed vb2api_clear_recovery to clear the recovery reason and save it immediately to the VBNV. The idea is to let non-ChromeOS coreboot platform to clear the recovery reason when needed.
TEST=Clear the recovery reason in mainboard_final function right before payload jump when RW partition is corrupted and RW partition is valid. In case it is corrupted, the platform stays in recovery mode, when valid the platform boots from RW partition. Tested on MSI PRO Z690-A DDR4.
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I7ffaf3e8f61a28a68c9802c184961b1b9bf9d617 --- M src/security/vboot/bootmode.c M src/security/vboot/vboot_common.h 2 files changed, 49 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/43/74343/3