vboot2: Support VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK

Looks like the DISABLE_FW_ROLLBACK_CHECK GBB flag (0x200) was forgotten
in the vboot2 implementation. It's too late for Veyron now, but let's at
least fix it for future devices.

BRANCH=none
BUG=None
TEST=make runtests

Change-Id: I867f7aada28be3897efda73a6bdc3b0848c23dca
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/271419
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

1 files changed, 12 insertions, 4 deletions

diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c
index 92322a9c..c0143c04 100644
--- a/firmware/lib21/misc.c
+++ b/firmware/lib21/misc.c
@@ -117,8 +117,12 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx)
 	/* Key version is the upper 16 bits of the composite firmware version */
 	if (packed_key->key_version > 0xffff)
 		rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE;
-	if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16))
-		rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
+	if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16)) {
+		if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
+			VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n");
+		else
+			rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
+	}
 	if (rv) {
 		vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
 		return rv;
@@ -205,8 +209,12 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
 		rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE;
 	/* Combine with the key version from vb2_load_fw_keyblock() */
 	sd->fw_version |= pre->fw_version;
-	if (!rv && sd->fw_version < sd->fw_version_secdata)
-		rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
+	if (!rv && sd->fw_version < sd->fw_version_secdata) {
+		if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
+			VB2_DEBUG("Ignoring FW rollback due to GBB flag\n");
+		else
+			rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
+	}
 	if (rv) {
 		vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
 		return rv;