futility: updater: Report key hash on TPM failure

When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.

In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.

BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None

Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh
index 6c2d2ee7..6d57f674 100755
--- a/tests/futility/test_update.sh
+++ b/tests/futility/test_update.sh
@@ -255,8 +255,8 @@ test_update "RW update (TPM Anti-rollback: kernel key)" \
 	-i "${TO_IMAGE}" -t --wp=1 --sys_props 1,0x10005,1
 
 test_update "RW update -> fallback to RO+RW Full update (TPM Anti-rollback)" \
-	"${TO_IMAGE}" "!Firmware version rollback detected (4->2)" \
-	-i "${FROM_IMAGE}" -t --wp=0 --sys_props 1,0x10004,1
+	"${FROM_IMAGE}" "!Firmware version rollback detected (6->4)" \
+	-i "${TO_IMAGE}" -t --wp=0 --sys_props 1,0x10006,1
 
 # Test Try-RW update (vboot1).
 test_update "RW update (vboot1, A->B)" \