From 494a5dd7f509c4d77abf4ac9911eeb8db2c10ac0 Mon Sep 17 00:00:00 2001 From: Daisuke Nojiri Date: Wed, 12 May 2021 12:50:41 -0700 Subject: [PATCH] vboot: Assign 2 to EC_EFS_BOOT_MODE_TRUSTED_RO This patch assings 2 to EC_EFS_BOOT_MODE_TRUSTED_RO to make coreboot set VB2_CONTEXT_EC_TRUSTED when the GSC reports TRUSTED_RO. Old GSC doesn't use 2. So, the new BIOS won't mistakenly set VB2_CONTEXT_EC_TRUSTED. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Change-Id: I11a09d0035a4bd59f80018c647ca17e3318be81e Signed-off-by: Daisuke Nojiri Reviewed-on: https://review.coreboot.org/c/coreboot/+/55373 Reviewed-by: Julius Werner Tested-by: build bot (Jenkins) --- src/security/vboot/vboot_logic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index c257d22b8e..5ea49165f2 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -212,9 +212,9 @@ static uint32_t extend_pcrs(struct vb2_context *ctx) vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); } -#define EC_EFS_BOOT_MODE_TRUSTED_RO 0x00 +#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x00 #define EC_EFS_BOOT_MODE_UNTRUSTED_RO 0x01 -#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x02 +#define EC_EFS_BOOT_MODE_TRUSTED_RO 0x02 static const char *get_boot_mode_string(uint8_t boot_mode) {