diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig index 20d2f1fc85..7ea53fda29 100644 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ b/src/vendorcode/google/chromeos/vboot2/Kconfig @@ -41,3 +41,12 @@ config VBOOT_ROMSTAGE_INDEX help This is the index of the romstage component in the verified firmware block. + +config VBOOT_DISABLE_DEV_ON_RECOVERY + bool "Disable dev mode on recovery requests" + default n + depends on VBOOT2_VERIFY_FIRMWARE + help + When this option is enabled, the Chrome OS device leaves the + developer mode as soon as recovery request is detected. This is + handy on embedded devices with limited input capabilities. diff --git a/src/vendorcode/google/chromeos/vboot2/verstage.c b/src/vendorcode/google/chromeos/vboot2/verstage.c index ee574751a0..c62c102c45 100644 --- a/src/vendorcode/google/chromeos/vboot2/verstage.c +++ b/src/vendorcode/google/chromeos/vboot2/verstage.c @@ -247,6 +247,8 @@ void verstage_main(void) if (get_recovery_mode_switch()) { clear_recovery_mode_switch(); ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE; + if (IS_ENABLED(CONFIG_VBOOT_DISABLE_DEV_ON_RECOVERY)) + ctx.flags |= VB2_DISABLE_DEVELOPER_MODE; } if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch())