Leave bGlobalLock unlocked in normal recovery mode.

firmware/lib/rollback_index.c

Index: firmware/lib/rollback_index.c
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index de1035bf5f2b3ab1114c5b8443ff97263d771339..8e9436bdd0741be455a7f6fca41190d795ac5f7b 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -380,17 +380,13 @@ uint32_t RollbackFirmwareLock(void) {
 
 uint32_t RollbackKernelRecovery(int developer_mode) {
   RollbackSpaceFirmware rsf;
-  uint32_t result = SetupTPM(1, developer_mode, &rsf);
-  /* In recovery mode we ignore TPM malfunctions or corruptions, and leave the
-   * TPM completely unlocked if and only if the dev mode switch is ON.  The
-   * recovery kernel will fix the TPM (if needed) and lock it ASAP.  We leave
+
+  /* In recovery mode we ignore TPM malfunctions or corruptions, and *
+   * leave the TPM complelely unlocked; we call neither
+   * TlclSetGlobalLock() nor TlclLockPhysicalPresence().  The recovery
+   * kernel will fix the TPM (if needed) and lock it ASAP.  We leave
    * Physical Presence on in either case. */
-  if (!developer_mode) {
-    RETURN_ON_FAILURE(TlclSetGlobalLock());
-  }
-  /* We still return the result of SetupTPM even though we expect the caller to
-   * ignore it.  It's useful in unit testing. */
-  return result;
+  return SetupTPM(1, developer_mode, &rsf);
 }
 
 uint32_t RollbackKernelRead(uint32_t* version) {