From 30f0b8a2ac60a5d6be8c6375bb0570c9efba1e74 Mon Sep 17 00:00:00 2001
From: Guillaume La Roque <glaroque@baylibre.com>
Date: Tue, 15 Oct 2019 10:57:40 +0200
Subject: [PATCH] cmd: avb: use unlocked state return by
 avb_ops->read_is_device_unlocked

use unlocked state to know if device is lock.
with android10 and new dunamic partition android have a userspace
implementation to flash parition, userspace fastboot[1] use
"androidboot.verifiedbootstate"[2] to know if device is lock or not.

[1] https://android.googlesource.com/platform/system/core/+/refs/heads/master/fastboot/device/utility.cpp#202
[2] https://source.android.com/security/verifiedboot/boot-flow#communicating-verified-boot-state-to-users

Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
---
 cmd/avb.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/cmd/avb.c b/cmd/avb.c
index 783f51b8169..ded7386c6e5 100644
--- a/cmd/avb.c
+++ b/cmd/avb.c
@@ -271,16 +271,14 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag,
 
 	switch (slot_result) {
 	case AVB_SLOT_VERIFY_RESULT_OK:
-		/* Until we don't have support of changing unlock states, we
-		 * assume that we are by default in locked state.
-		 * So in this case we can boot only when verification is
-		 * successful; we also supply in cmdline GREEN boot state
-		 */
 		printf("Verification passed successfully\n");
 
 		/* export additional bootargs to AVB_BOOTARGS env var */
+		if (unlocked)
+			extra_args = avb_set_state(avb_ops, AVB_ORANGE);
+		else
+			extra_args = avb_set_state(avb_ops, AVB_GREEN);
 
-		extra_args = avb_set_state(avb_ops, AVB_GREEN);
 		if (extra_args)
 			cmdline = append_cmd_line(out_data->cmdline,
 						  extra_args);
-- 
GitLab