firmware/2lib: Expose vb2_clear_recovery as vb2api

For ChromeOS platform the recovery reason is cleared in
vb2api_kernel_phase2 which is probably not called by any non-ChromeOS
system. It results in the platform being stuck in recovery mode, e.g.
when RW firmware verification fails. Even if the RW partition is
flashed with correctly signed image, the persistent non-zero recovery
reason will prevent vboot from attempting the RW partition check.

Expose vb2_clear_recovery as vb2api to let non-ChromeOS coreboot
platform to clear the recovery reason when needed.

TEST=Clear the recovery reason in mainboard_final function right
before payload jump when RW partition is corrupted and RW partition is
valid. In case it is corrupted, the platform stays in recovery mode,
when valid the platform boots from RW partition. Tested on MSI PRO
Z690-A DDR4.

Change-Id: Ic2946150c404fc8e2d50d07d0746b2e42f7cbcde
Signed-off-by: Michał Żygowski <miczyg94@gmail.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4414956
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>

5 files changed, 26 insertions, 26 deletions

diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c
index 1a6a3289..00aafce9 100644
--- a/firmware/2lib/2kernel.c
+++ b/firmware/2lib/2kernel.c
@@ -160,7 +160,7 @@ vb2_error_t vb2api_kernel_phase2(struct vb2_context *ctx)
 	 * If in the broken screen, save the recovery reason as subcode.
 	 * Otherwise, clear any leftover recovery requests or subcodes.
 	 */
-	vb2_clear_recovery(ctx);
+	vb2api_clear_recovery(ctx);
 
 	/*
 	 * Clear the diagnostic request flag and commit nvdata to prevent
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 92a3452e..ba196461 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -456,7 +456,7 @@ void vb2api_request_diagnostics(struct vb2_context *ctx) {
 	VB2_DEBUG("Diagnostics requested\n");
 }
 
-void vb2_clear_recovery(struct vb2_context *ctx)
+void vb2api_clear_recovery(struct vb2_context *ctx)
 {
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 	uint32_t reason = vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST);
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index dd8af7b3..8ed96821 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -1395,4 +1395,26 @@ union vb2_fw_boot_info {
  */
 union vb2_fw_boot_info vb2api_get_fw_boot_info(struct vb2_context *ctx);
 
+/**
+ * Clear recovery request appropriately.
+ *
+ * To avoid the recovery request "sticking" and the user being in a permanent
+ * recovery loop, the recovery request must be cleared and committed to nvdata.
+ * Note that this should be done at some point after we are certain the system
+ * does not require any reboots for non-vboot-related reasons (e.g. FSP
+ * initialization), and before triggering a reboot to exit a transient recovery
+ * mode (e.g. memory retraining request).
+ *
+ * In BROKEN cases, the recovery reason will be stowed away as subcode, to be
+ * retrieved after the user reboots in manual recovery.  In manual recovery,
+ * subcode will be left alone to keep available for subsequent manual recovery
+ * requests, or for accessing from userspace on the next boot.
+ *
+ * This function modifies nvdata in vb2_context, but the caller is still
+ * expected to call vb2_commit_data.
+ *
+ * @param ctx		Vboot context
+ */
+void vb2api_clear_recovery(struct vb2_context *ctx);
+
 #endif  /* VBOOT_REFERENCE_2API_H_ */
diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h
index b3ebcdd3..5a743f37 100644
--- a/firmware/2lib/include/2misc.h
+++ b/firmware/2lib/include/2misc.h
@@ -162,28 +162,6 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx);
 vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx);
 
 /**
- * Clear recovery request appropriately.
- *
- * To avoid the recovery request "sticking" and the user being in a permanent
- * recovery loop, the recovery request must be cleared and committed to nvdata.
- * Note that this should be done at some point after we are certain the system
- * does not require any reboots for non-vboot-related reasons (e.g. FSP
- * initialization), and before triggering a reboot to exit a transient recovery
- * mode (e.g. memory retraining request).
- *
- * In BROKEN cases, the recovery reason will be stowed away as subcode, to be
- * retrieved after the user reboots in manual recovery.  In manual recovery,
- * subcode will be left alone to keep available for subsequent manual recovery
- * requests, or for accessing from userspace on the next boot.
- *
- * This function modifies nvdata in vb2_context, but the caller is still
- * expected to call vb2_commit_data.
- *
- * @param ctx		Vboot context
- */
-void vb2_clear_recovery(struct vb2_context *ctx);
-
-/**
  * Fill VB2_CONTEXT_DEV_BOOT_ALLOWED, VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED and
  * VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED flags in ctx->flags.
  *
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index b73c0478..3e383e0f 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -872,7 +872,7 @@ static void clear_recovery_tests(void)
 	SET_BOOT_MODE(ctx, VB2_BOOT_MODE_MANUAL_RECOVERY, 4);
 	vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, 5);
 	vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, 13);
-	vb2_clear_recovery(ctx);
+	vb2api_clear_recovery(ctx);
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST),
 		0, "  request cleared");
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE),
@@ -883,7 +883,7 @@ static void clear_recovery_tests(void)
 	SET_BOOT_MODE(ctx, VB2_BOOT_MODE_BROKEN_SCREEN, 4);
 	vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, 5);
 	vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, 13);
-	vb2_clear_recovery(ctx);
+	vb2api_clear_recovery(ctx);
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST),
 		0, "  request cleared");
 	TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE),