update_engine: Add functions for reading/writing TPM values for rollback.
- Adds function to read the minimum allowed kernel key version
ie. crossystem tpm_kernver
- Adds function to set the maximum kernel key version roll forward
value. ie. crossystem max_kernel_rollforward
- Future CL will set max_kernel_rollforward to tpm_kerver as a temporary
measure to preserve the rollback window until server side changes
are made.
BUG=chromium:814090
TEST=FEATURES=test emerge-samus update_engine
Change-Id: I8d0c7db438cbc892745917ad56ea013e87361898
Reviewed-on: https://chromium-review.googlesource.com/927827
Commit-Ready: Zentaro Kavanagh <zentaro@chromium.org>
Tested-by: Zentaro Kavanagh <zentaro@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Sen Jiang <senj@chromium.org>
diff --git a/common/hardware_interface.h b/common/hardware_interface.h
index 541a68a..9f3f618 100644
--- a/common/hardware_interface.h
+++ b/common/hardware_interface.h
@@ -68,6 +68,16 @@
// running a custom chrome os ec.
virtual std::string GetECVersion() const = 0;
+ // Returns the minimum kernel key version that verified boot on Chrome OS
+ // will allow to boot. This is the value of crossystem tpm_kernver. Returns
+ // -1 on error, or if not running on Chrome OS.
+ virtual int GetMinKernelKeyVersion() const = 0;
+
+ // Sets the maximum kernel key version that verified boot should roll
+ // forward to. This is the value of crossystem max_kernel_rollforward.
+ // Returns false if the value cannot be set, or if not running on Chrome OS.
+ virtual bool SetMaxKernelKeyRollforward(int max_kernel_rollforward) = 0;
+
// Returns the powerwash_count from the stateful. If the file is not found
// or is invalid, returns -1. Brand new machines out of the factory or after
// recovery don't have this value set.