update_engine: Update the TPM with max_rollforward on rollback
- Determines the value from max_rollforward_(kernel|firmware)
based on the list of the last N release values from stable.
- Sets the TPM values once it has been determined that the new
image will boot and be installed.
BUG=chromium:840432
TEST=cros_run_unit_tests --board=samus --packages update_engine
Change-Id: I9620fe01cfea49e798e1397dada55ec6bec93047
Reviewed-on: https://chromium-review.googlesource.com/1419006
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Bailey Berro <baileyberro@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
diff --git a/omaha_response.h b/omaha_response.h
index 0ac09df..ab253a1 100644
--- a/omaha_response.h
+++ b/omaha_response.h
@@ -102,6 +102,13 @@
// Key versions of the returned rollback image. Values are 0xffff if the
// image not a rollback, or the fields were not present.
RollbackKeyVersion rollback_key_version;
+
+ // Key versions of the N - rollback_allowed_milestones release. For example,
+ // if the current version is 70 and rollback_allowed_milestones is 4, this
+ // will contain the key versions of version 66. This is used to ensure that
+ // the kernel and firmware keys are at most those of v66 so that v66 can be
+ // rolled back to.
+ RollbackKeyVersion past_rollback_key_version;
};
static_assert(sizeof(off_t) == 8, "off_t not 64 bit");