vboot2: Add sd->fw_version_secdata field to communicate to crossystem

This patchs adds a new vb2_shared_data field to store the current rollback prevention version number stored in secdata (TPM). This information needs to be retrieved from there by coreboot (current hack) or vboot2 kernel verification (bright shiny future) so it can be passed along to the operating system and user space. BRANCH=veyron BUG=chrome-os-partner:35941 TEST=make runtests. Booted Jerry in recovery mode (with corresponding coreboot patch), ensured that crossystem tpm_fwver still shows the correct value. Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/244601 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-11-24 02:05:01 +00:00 · 2015-01-29 14:49:17 -08:00
parent 62d482ecdd
commit 21aedee1ce
6 changed files with 21 additions and 32 deletions
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -88,6 +88,9 @@ struct vb2_shared_data {
 	 */
 	uint32_t fw_version;

+	/* Version stored in secdata (must be <= fw_version to boot). */
+	uint32_t fw_version_secdata;
+
 	/*
 	 * Status flags for this boot; see enum vb2_shared_data_status.  Status
 	 * is "what we've done"; flags above are "decisions we've made".