Skip to content

Commit

Permalink
Remove set device as unlocked state in userdebug build
Browse files Browse the repository at this point in the history
how to lock/unlock device:
adb reboot bootloader
fastboot flashing lock
fastboot flahsing unlock

Test Done:
Boot

Tracked-On: OAM-126606
Signed-off-by: Gang G Chen <[email protected]>
  • Loading branch information
GangSecurity authored and sysopenci committed Oct 23, 2024
1 parent fc32d32 commit a2d5981
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
4 changes: 4 additions & 0 deletions kernelflinger.c
Original file line number Diff line number Diff line change
Expand Up @@ -1496,7 +1496,9 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table)
VOID *bootimage = NULL;
BOOLEAN oneshot = FALSE;
BOOLEAN lock_prompted = FALSE;
#ifndef USE_SBL
BOOLEAN need_lock;
#endif
enum boot_target boot_target = NORMAL_BOOT;
UINT8 boot_state = BOOT_STATE_GREEN;
VBDATA *vb_data = NULL;
Expand Down Expand Up @@ -1611,6 +1613,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table)
}
}

#ifndef USE_SBL
need_lock = device_need_locked();

#ifndef USER
Expand All @@ -1623,6 +1626,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table)
*/
if (need_lock)
set_current_state(LOCKED);
#endif
#endif

if (boot_target == POWER_OFF)
Expand Down
1 change: 1 addition & 0 deletions libkernelflinger/security.c
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ EFI_STATUS ivsh_send_rot_data(IN VOID *bootimage, IN UINT8 boot_state,
if (!g_ivshmem_rot_addr)
return EFI_NOT_READY;

debug(L"use tee ROT\n");
ret = update_rot_data(bootimage, boot_state, vb_data);
if (EFI_ERROR(ret)) {
efi_perror(ret, L"Unable to update the root of trust data");
Expand Down
7 changes: 6 additions & 1 deletion libkernelflinger/vars.c
Original file line number Diff line number Diff line change
Expand Up @@ -329,8 +329,13 @@ enum device_state get_current_state(void)

/* If we can't read the state, be safe and assume locked. */
if (EFI_ERROR(ret)) {
#ifdef USER
current_state = LOCKED;
efi_perror(ret, L"Read device state failed, assuming locked");
efi_perror(ret, L"Read device state failed, assuming locked in user build");
#else
current_state = UNLOCKED;
efi_perror(ret, L"Read device state failed, assuming unlocked in userdebug build");
#endif
goto exit;
}

Expand Down

0 comments on commit a2d5981

Please sign in to comment.