From 50337f164cb6cd944669a9f002dc80a19f6f6a22 Mon Sep 17 00:00:00 2001 From: Wim Vervoorn Date: Tue, 14 Jan 2020 16:18:27 +0100 Subject: [PATCH] security/vboot: Allow UDC regardless of vboot state When a VBOOT enabled system is used without ChromeOS it may be valid to allow the UDC independent of the vboot state. Provide the option to always allow UDC when CHROMEOS is not selected. BUG=N/A TEST=build Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8 Signed-off-by: Wim Vervoorn Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber Reviewed-by: Frans Hendriks Reviewed-by: Furquan Shaikh --- src/security/vboot/Kconfig | 7 +++++++ src/security/vboot/vboot_common.c | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 787cdbefb1..7e86c7c1e4 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -181,6 +181,13 @@ config VBOOT_ALWAYS_ENABLE_DISPLAY help Set this option to indicate to vboot that display should always be enabled. +config VBOOT_ALWAYS_ALLOW_UDC + bool "Always allow UDC" + default n + depends on !CHROMEOS + help + This option allows UDC to be enabled regardless of the vboot state. + config VBOOT_HAS_REC_HASH_SPACE bool default n diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index 458ed87982..3342524ad0 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -27,6 +27,10 @@ /* Check if it is okay to enable USB Device Controller (UDC). */ int vboot_can_enable_udc(void) { + /* Allow UDC in all vboot modes. */ + if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC)) + return 1; + /* Always disable if not in developer mode */ if (!vboot_developer_mode_enabled()) return 0;