cr50: fail chip manufacturing process if factory mode is not enabled

The new GUC factory image is supposed to enable CCD factory mode
during personalization phase. This patch adds a check verifying that
CCD factory mode is indeed enabled.

BRANCH=none
BUG=b:74100307
TEST=none yet.

Change-Id: I87a025a504925fc851c39a9d39586933afb8fde6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1845778
Reviewed-by: Andrey Pronin <apronin@chromium.org>

2 files changed, 7 insertions, 0 deletions

diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c
index a9751d43fb..f0e728cbe1 100644
--- a/board/cr50/tpm2/endorsement.c
+++ b/board/cr50/tpm2/endorsement.c
@@ -17,6 +17,7 @@
 #include "NV_Write_fp.h"
 #include "NV_DefineSpace_fp.h"
 
+#include "ccd_config.h"
 #include "console.h"
 #include "extension.h"
 #include "flash.h"
@@ -691,6 +692,11 @@ enum manufacturing_status tpm_endorse(void)
 		/* Mark as endorsed. */
 		endorsement_complete();
 
+		if (!ccd_get_factory_mode()) {
+			result = mnf_factory_mode_mising;
+			break;
+		}
+
 		/* Chip has been marked as manufactured. */
 		result = mnf_success;
 	} while (0);
diff --git a/include/tpm_manufacture.h b/include/tpm_manufacture.h
index 4d62bb0e3b..ddfad6e36d 100644
--- a/include/tpm_manufacture.h
+++ b/include/tpm_manufacture.h
@@ -29,6 +29,7 @@ enum manufacturing_status {
 	mnf_store = 10,
 	mnf_manufactured = 11,
 	mnf_unverified_cert = 12,
+	mnf_factory_mode_mising = 13,
 };
 
 enum manufacturing_status tpm_endorse(void);