diff options
-rw-r--r-- | futility/updater.c | 4 | ||||
-rwxr-xr-x | tests/futility/test_update.sh | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/futility/updater.c b/futility/updater.c index a4e8a996..c737f16f 100644 --- a/futility/updater.c +++ b/futility/updater.c @@ -1615,8 +1615,6 @@ static enum updater_error_codes update_whole_firmware( DEBUG("Failed to preserve some sections - ignore."); INFO("Checking compatibility..."); - if (check_compatible_tpm_keys(cfg, image_to)) - return UPDATE_ERR_TPM_ROLLBACK; if (!cfg->force_update) { /* Check if the image_to itself is broken */ enum rootkey_compat_result r = check_compatible_root_key( @@ -1644,6 +1642,8 @@ static enum updater_error_codes update_whole_firmware( return UPDATE_ERR_ROOT_KEY; } } + if (check_compatible_tpm_keys(cfg, image_to)) + return UPDATE_ERR_TPM_ROLLBACK; /* FMAP may be different so we should just update all. */ if (write_firmware(cfg, image_to, NULL) || diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh index 6c2d2ee7..6d57f674 100755 --- a/tests/futility/test_update.sh +++ b/tests/futility/test_update.sh @@ -255,8 +255,8 @@ test_update "RW update (TPM Anti-rollback: kernel key)" \ -i "${TO_IMAGE}" -t --wp=1 --sys_props 1,0x10005,1 test_update "RW update -> fallback to RO+RW Full update (TPM Anti-rollback)" \ - "${TO_IMAGE}" "!Firmware version rollback detected (4->2)" \ - -i "${FROM_IMAGE}" -t --wp=0 --sys_props 1,0x10004,1 + "${FROM_IMAGE}" "!Firmware version rollback detected (6->4)" \ + -i "${TO_IMAGE}" -t --wp=0 --sys_props 1,0x10006,1 # Test Try-RW update (vboot1). test_update "RW update (vboot1, A->B)" \ |