vboot2: Add sd->fw_version_secdata field to communicate to crossystem

This patchs adds a new vb2_shared_data field to store the current
rollback prevention version number stored in secdata (TPM). This
information needs to be retrieved from there by coreboot (current
hack) or vboot2 kernel verification (bright shiny future) so it can be
passed along to the operating system and user space.

BRANCH=veyron
BUG=chrome-os-partner:35941
TEST=make runtests. Booted Jerry in recovery mode (with corresponding
coreboot patch), ensured that crossystem tpm_fwver still shows the
correct value.

Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244601
Reviewed-by: Randall Spangler <rspangler@chromium.org>

2 files changed, 9 insertions, 0 deletions

diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c
index 2987e037..0c5a34e4 100644
--- a/firmware/2lib/2secdata.c
+++ b/firmware/2lib/2secdata.c
@@ -53,6 +53,12 @@ int vb2_secdata_init(struct vb2_context *ctx)
 	if (rv)
 		return rv;
 
+	/* Read this now to make sure crossystem has it even in rec mode. */
+	rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS,
+			     &sd->fw_version_secdata);
+	if (rv)
+		return rv;
+
 	/* Set status flag */
 	sd->status |= VB2_SD_STATUS_SECDATA_INIT;
 	// TODO: unit test for that
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 95cf73c7..3339a30d 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -88,6 +88,9 @@ struct vb2_shared_data {
 	 */
 	uint32_t fw_version;
 
+	/* Version stored in secdata (must be <= fw_version to boot). */
+	uint32_t fw_version_secdata;
+
 	/*
 	 * Status flags for this boot; see enum vb2_shared_data_status.  Status
 	 * is "what we've done"; flags above are "decisions we've made".