security/vboot: Allow UDC regardless of vboot state

When a VBOOT enabled system is used without ChromeOS it may be valid to allow the UDC independent of the vboot state. Provide the option to always allow UDC when CHROMEOS is not selected. BUG=N/A TEST=build Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-01-14 16:18:27 +01:00 · 2020-01-14 16:18:27 +01:00 · 50337f164c
parent 97e1e3e264
commit 50337f164c
2 changed files with 11 additions and 0 deletions
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@ -181,6 +181,13 @@ config VBOOT_ALWAYS_ENABLE_DISPLAY
 	help
 	  Set this option to indicate to vboot that display should always be enabled.

+config VBOOT_ALWAYS_ALLOW_UDC
+	bool "Always allow UDC"
+	default n
+	depends on !CHROMEOS
+	help
+	  This option allows UDC to be enabled regardless of the vboot state.
+
 config VBOOT_HAS_REC_HASH_SPACE
 	bool
 	default n
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@ -27,6 +27,10 @@
 /* Check if it is okay to enable USB Device Controller (UDC). */
 int vboot_can_enable_udc(void)
 {
+	/* Allow UDC in all vboot modes. */
+	if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC))
+		return 1;
+
 	/* Always disable if not in developer mode */
 	if (!vboot_developer_mode_enabled())
 		return 0;