commit daa807c51ef6d5bf6599e649d1777432bea8a3e5
author Randall Spangler <rspangler@chromium.org> Mon Jul 11 10:55:18 2011 -0700
committer Randall Spangler <rspangler@chromium.org> Mon Jul 11 18:16:03 2011 -0700
tree 48d0e5b60822d906a2c88011a5ebdd74b295f316
parent 9619112a574b975476667545e3a326052fa0c50b

Add support for dev_boot_usb flag

BUG=chromium-os:17433
TEST=make && make runtests.  Additional manual tests:

0. Insert a valid dev-signed USB key.

1. Boot with dev switch off.
`crossystem dev_boot_usb` should print 0.

2. Flip dev switch on.
`crossystem dev_boot_usb` should print 0.
Ctrl+U at dev screen should beep, but not boot USB.

3. Type `crossystem dev_boot_usb=1`.  Should succeed.
`crossystem dev_boot_usb` should print 1.

4. Reboot system.
At the dev mode warning, press Ctrl+U
System should boot from USB key
`crossystem dev_boot_usb` should print 0.

5. Flip dev switch off.
`crossystem dev_boot_usb` should print 0.

6. Flip dev switch on.
`crossystem dev_boot_usb` should print 0.

Note that this does not apply to Cr-48, Alex, or ZGB.

Change-Id: Idf85fdd642f38f531c89e5fa5b1679e84936d4da
Reviewed-on: http://gerrit.chromium.org/gerrit/3875
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>

firmware/lib/vboot_api_kernel.c

diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 738c476..c5e97dd 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -393,8 +393,15 @@
 }
 
 
-/* Handle a normal boot from fixed drive only. */
+/* Handle a normal boot. */
 VbError_t VbBootNormal(VbCommonParams* cparams, LoadKernelParams* p) {
+
+  /* Force dev_boot_usb flag disabled.  This ensures the flag will be
+   * initially disabled if the user later transitions back into
+   * developer mode. */
+  VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 0);
+
+  /* Boot from fixed disk only */
   return VbTryLoadKernel(cparams, p, VB_DISK_FLAG_FIXED);
 }
 
@@ -409,6 +416,10 @@
 /* Handle a developer-mode boot */
 VbError_t VbBootDeveloper(VbCommonParams* cparams, LoadKernelParams* p) {
   uint32_t delay_time = 0;
+  uint32_t allow_usb = 0;
+
+  /* Check if USB booting is allowed */
+  VbNvGet(&vnc, VBNV_DEV_BOOT_USB, &allow_usb);
 
   /* Show the dev mode warning screen */
   VbDisplayScreen(cparams, VB_SCREEN_DEVELOPER_WARNING, 0);
@@ -444,8 +455,11 @@
       case 0x15:
         /* Ctrl+U = try USB boot, or beep if failure */
         VBDEBUG(("VbBootDeveloper() - user pressed Ctrl+U; try USB\n"));
-        if (VBERROR_SUCCESS == VbTryLoadKernel(cparams, p,
-                                               VB_DISK_FLAG_REMOVABLE)) {
+        if (!allow_usb) {
+          VBDEBUG(("VbBootDeveloper() - USB booting is disabled\n"));
+          VbExBeep(DEV_DELAY_INCREMENT, 400);
+        } else if (VBERROR_SUCCESS ==
+                   VbTryLoadKernel(cparams, p, VB_DISK_FLAG_REMOVABLE)) {
           VBDEBUG(("VbBootDeveloper() - booting USB\n"));
           return VBERROR_SUCCESS;
         } else {