security/vboot: Allow UDC regardless of vboot state

When a VBOOT enabled system is used without ChromeOS it may be valid to
allow the UDC independent of the vboot state.

Provide the option to always allow UDC when CHROMEOS is not selected.

BUG=N/A
TEST=build

Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>

2 files changed, 11 insertions, 0 deletions

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 787cdbefb1..7e86c7c1e4 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -181,6 +181,13 @@ config VBOOT_ALWAYS_ENABLE_DISPLAY
 	help
 	  Set this option to indicate to vboot that display should always be enabled.
 
+config VBOOT_ALWAYS_ALLOW_UDC
+	bool "Always allow UDC"
+	default n
+	depends on !CHROMEOS
+	help
+	  This option allows UDC to be enabled regardless of the vboot state.
+
 config VBOOT_HAS_REC_HASH_SPACE
 	bool
 	default n
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index 458ed87982..3342524ad0 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -27,6 +27,10 @@
 /* Check if it is okay to enable USB Device Controller (UDC). */
 int vboot_can_enable_udc(void)
 {
+	/* Allow UDC in all vboot modes. */
+	if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC))
+		return 1;
+
 	/* Always disable if not in developer mode */
 	if (!vboot_developer_mode_enabled())
 		return 0;