futility: updater: Abort if the unlock_csme_* is used on a locked device
If --quirk unlock_csme_* (or the legacy param --unlock_me) is enabled,
the expected new image will have an unlocked SI_DESC, and that would
cause AP RO verification check to fail if the device is already locked.
Previously, this will cause the updater to switch to RW-only mode.
However, if the factory is always applying the unlock_csme_* quirk then
the RO may be not properly updated in the whole process.
As a result, we should abort if the device is locked and quirk
unlock_csme_* was enabled.
BUG=b:284913015
TEST=FEATURES=test emerge vboot_reference
BRANCH=None
Change-Id: I929b180b3c6b13dd96a4708c1be52bc876c845e6
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4951472
Reviewed-by: Reka Norman <rekanorman@chromium.org>
Reviewed-by: Phoebe Wang <phoebewang@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
(cherry picked from commit 2850244ed1d98e92056bf3e3a739291c266d19c5)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4976475
Tested-by: Phoebe Wang <phoebewang@chromium.org>
Reviewed-by: Cheng Yueh <cyueh@chromium.org>
Commit-Queue: Cheng Yueh <cyueh@chromium.org>
Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
2 files changed
