[XS] Change in coreboot[main]: mb/google/brya: Correct Ti50 EC-is-trusted logic - coreboot-gerrit

31 Jan 2024

Subrata Banik has submitted this change. ( https://review.coreboot.org/c/coreboot/+/80158?usp=email )
Change subject: mb/google/brya: Correct Ti50 EC-is-trusted logic
......................................................................
mb/google/brya: Correct Ti50 EC-is-trusted logic
With Cr50, the GPIO EC_IN_RW is used to determine whether EC is trusted. However, With the switch to Ti50, it is determined by Ti50's boot mode. If the boot mode is TRUSTED_RO, the VB2_CONTEXT_EC_TRUSTED flag will be set in check_boot_mode(). Therefore in the Ti50 case get_ec_is_trusted() can just return 0.
The current code of get_ec_is_trusted() only checks the GPIO, which
causes the EC to be always considered "trusted". Therefore, correct the return value to 0 for TPM_GOOGLE_TI50.
BUG=b:321172119
TEST=emerge-nissa coreboot chromeos-bootimage
TEST=firmware_DevMode passed in FAFT test
Change-Id: I308f8b36411030911c4421d80827fc49ff325a1b
Signed-off-by: Qinghong Zeng <zengqinghong@huaqin.corp- partner.google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80158
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Subrata Banik subratabanik@google.com
Reviewed-by: Yu-Ping Wu yupingso@google.com
Reviewed-by: Tyler Wang tyler.wang@quanta.corp-partner.google.com
Reviewed-by: Ian Feng ian_feng@compal.corp-partner.google.com
Reviewed-by: Weimin Wu wuweimin@huaqin.corp-partner.google.com
Reviewed-by: Eric Lai ericllai@google.com
---
M src/mainboard/google/brya/chromeos.c
1 file changed, 4 insertions(+), 0 deletions(-)
Approvals:
  Weimin Wu: Looks good to me, but someone else must approve
  Yu-Ping Wu: Looks good to me, approved
  Eric Lai: Looks good to me, approved
  Subrata Banik: Looks good to me, approved
  Ian Feng: Looks good to me, but someone else must approve
  Tyler Wang: Looks good to me, but someone else must approve
  build bot (Jenkins): Verified

diff --git a/src/mainboard/google/brya/chromeos.c b/src/mainboard/google/brya/chromeos.c
index 5c99371..73b7237 100644
--- a/src/mainboard/google/brya/chromeos.c
+++ b/src/mainboard/google/brya/chromeos.c
@@ -24,6 +24,10 @@
int get_ec_is_trusted(void)
 {
+	/* With Ti50, VB2_CONTEXT_EC_TRUSTED should be set according to the boot mode. */
+	if (CONFIG(TPM_GOOGLE_TI50))
+		return 0;
+
    /* EC is trusted if not in RW. */
    return !gpio_get(GPIO_EC_IN_RW);
 }
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/80158?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: I308f8b36411030911c4421d80827fc49ff325a1b
Gerrit-Change-Number: 80158
Gerrit-PatchSet: 6
Gerrit-Owner: Qinghong Zeng zengqinghong@huaqin.corp-partner.google.com
Gerrit-Reviewer: David Wu david_wu@quanta.corp-partner.google.com
Gerrit-Reviewer: Eric Lai ericllai@google.com
Gerrit-Reviewer: Ian Feng ian_feng@compal.corp-partner.google.com
Gerrit-Reviewer: Kapil Porwal kapilporwal@google.com
Gerrit-Reviewer: Nick Vaccaro nvaccaro@chromium.org
Gerrit-Reviewer: Reka Norman rekanorman@chromium.org
Gerrit-Reviewer: Subrata Banik subratabanik@google.com
Gerrit-Reviewer: Tyler Wang tyler.wang@quanta.corp-partner.google.com
Gerrit-Reviewer: Weimin Wu wuweimin@huaqin.corp-partner.google.com
Gerrit-Reviewer: Yu-Ping Wu yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@mailbox.org
Gerrit-MessageType: merged



    