Reduce race conditions in TPM initialization.

With this change, the firmware creates and initializes the kernel space first,
then the firmware space.  Thus, if the initialization is interrupted (by
cutting power) in between the two spaces, at the next boot the initialization
path will be taken again, since it is triggered by a missing firmware space.
A space creation succeeds when the space already exists (the space is
removed and recreated), so this eliminates two races.  There is still
the possibility that the power is cut between creating the firmware
space and initializing it, but let's assume it's not a problem until
proven otherwise.  (It won't be a security problem anyhow.)

BUG=chromium-os:17049
TEST=none (too hard to reproduce the race)

Change-Id: Iae4c1cc2b9a5056cb5d858e71b680e27a442357e
Reviewed-on: http://gerrit.chromium.org/gerrit/3520
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>

firmware/lib/rollback_index.c

@@ -162,13 +162,13 @@ static uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware* rsf,
   Memcpy(rsk, &rsk_init, sizeof(RollbackSpaceKernel));
 
   /* Defines and sets firmware and kernel spaces */
+  RETURN_ON_FAILURE(SafeDefineSpace(KERNEL_NV_INDEX, TPM_NV_PER_PPWRITE,
+                                    sizeof(RollbackSpaceKernel)));
+  RETURN_ON_FAILURE(WriteSpaceKernel(rsk));
   RETURN_ON_FAILURE(SafeDefineSpace(FIRMWARE_NV_INDEX,
                                     TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE,
                                     sizeof(RollbackSpaceFirmware)));
   RETURN_ON_FAILURE(WriteSpaceFirmware(rsf));
-  RETURN_ON_FAILURE(SafeDefineSpace(KERNEL_NV_INDEX, TPM_NV_PER_PPWRITE,
-                                    sizeof(RollbackSpaceKernel)));
-  RETURN_ON_FAILURE(WriteSpaceKernel(rsk));
   return TPM_SUCCESS;
 }