Index: firmware/lib/rollback_index.c |
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c |
index de1035bf5f2b3ab1114c5b8443ff97263d771339..8e9436bdd0741be455a7f6fca41190d795ac5f7b 100644 |
--- a/firmware/lib/rollback_index.c |
+++ b/firmware/lib/rollback_index.c |
@@ -380,17 +380,13 @@ uint32_t RollbackFirmwareLock(void) { |
uint32_t RollbackKernelRecovery(int developer_mode) { |
RollbackSpaceFirmware rsf; |
- uint32_t result = SetupTPM(1, developer_mode, &rsf); |
- /* In recovery mode we ignore TPM malfunctions or corruptions, and leave the |
- * TPM completely unlocked if and only if the dev mode switch is ON. The |
- * recovery kernel will fix the TPM (if needed) and lock it ASAP. We leave |
+ |
+ /* In recovery mode we ignore TPM malfunctions or corruptions, and * |
+ * leave the TPM complelely unlocked; we call neither |
+ * TlclSetGlobalLock() nor TlclLockPhysicalPresence(). The recovery |
+ * kernel will fix the TPM (if needed) and lock it ASAP. We leave |
* Physical Presence on in either case. */ |
- if (!developer_mode) { |
- RETURN_ON_FAILURE(TlclSetGlobalLock()); |
- } |
- /* We still return the result of SetupTPM even though we expect the caller to |
- * ignore it. It's useful in unit testing. */ |
- return result; |
+ return SetupTPM(1, developer_mode, &rsf); |
} |
uint32_t RollbackKernelRead(uint32_t* version) { |