vboot2: Add sd->fw_version_secdata field to communicate to crossystem

This patchs adds a new vb2_shared_data field to store the current rollback prevention version number stored in secdata (TPM). This information needs to be retrieved from there by coreboot (current hack) or vboot2 kernel verification (bright shiny future) so it can be passed along to the operating system and user space. BRANCH=veyron BUG=chrome-os-partner:35941 TEST=make runtests. Booted Jerry in recovery mode (with corresponding coreboot patch), ensured that crossystem tpm_fwver still shows the correct value. Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/244601 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-12-24 16:57:21 +00:00 · 2015-01-29 14:49:17 -08:00
parent 62d482ecdd
commit 21aedee1ce
6 changed files with 21 additions and 32 deletions
--- a/firmware/2lib/2secdata.c
+++ b/firmware/2lib/2secdata.c
@@ -53,6 +53,12 @@ int vb2_secdata_init(struct vb2_context *ctx)
 	if (rv)
 		return rv;

+	/* Read this now to make sure crossystem has it even in rec mode. */
+	rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS,
+			     &sd->fw_version_secdata);
+	if (rv)
+		return rv;
+
 	/* Set status flag */
 	sd->status |= VB2_SD_STATUS_SECDATA_INIT;
 	// TODO: unit test for that