vboot: Add VB2_CONTEXT_EC_TRUSTED

This patch makes coreboot set VB2_CONTEXT_EC_TRUSTED based on the EC"s
boot mode. Vboot will check VB2_CONTEXT_EC_TRUSTED to determine
whether it can enter recovery mode or not.

BUG=b:180927027, b:187871195
BRANCH=none
TEST=build

Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I9fa09dd7ae5baa1efb4e1ed4f0fe9a6803167c93
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54099
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>

src/security/vboot/vboot_logic.c

@@ -212,15 +212,18 @@ static uint32_t extend_pcrs(struct vb2_context *ctx)
 		   vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
 }
 
-#define EC_EFS_BOOT_MODE_NORMAL		0x00
+#define EC_EFS_BOOT_MODE_TRUSTED_RO	0x00
-#define EC_EFS_BOOT_MODE_NO_BOOT	0x01
+#define EC_EFS_BOOT_MODE_UNTRUSTED_RO	0x01
+#define EC_EFS_BOOT_MODE_VERIFIED_RW	0x02
 
 static const char *get_boot_mode_string(uint8_t boot_mode)
 {
-	if (boot_mode == EC_EFS_BOOT_MODE_NORMAL)
+	if (boot_mode == EC_EFS_BOOT_MODE_TRUSTED_RO)
-		return "NORMAL";
+		return "TRUSTED_RO";
-	else if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT)
+	else if (boot_mode == EC_EFS_BOOT_MODE_UNTRUSTED_RO)
-		return "NO_BOOT";
+		return "UNTRUSTED_RO";
+	else if (boot_mode == EC_EFS_BOOT_MODE_VERIFIED_RW)
+		return "VERIFIED_RW";
 	else
 		return "UNDEFINED";
 }
@@ -253,8 +256,10 @@ static void check_boot_mode(struct vb2_context *ctx)
 	printk(BIOS_INFO, "Cr50 says boot_mode is %s(0x%02x).\n",
 	       get_boot_mode_string(boot_mode), boot_mode);
 
-	if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT)
+	if (boot_mode == EC_EFS_BOOT_MODE_UNTRUSTED_RO)
 		ctx->flags |= VB2_CONTEXT_NO_BOOT;
+	else if (boot_mode == EC_EFS_BOOT_MODE_TRUSTED_RO)
+		ctx->flags |= VB2_CONTEXT_EC_TRUSTED;
 }
 
 /**