vboot: Add support for recovery hash space in TPM

1. Add a new index for recovery hash space in TPM - 0x100b
2. Add helper functions to read/write/lock recovery hash space in TPM
3. Add Kconfig option that can be selected by mainboards that want to
define this space.
4. Lock this new space while jumping from RO to RW.

BUG=chrome-os-partner:59355
BRANCH=None
TEST=Verified use of recovery hash space on reef.

Change-Id: I1cacd54f0a896d0f2af32d4b7c9ae581a918f9bb
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17273
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/src/include/antirollback.h b/src/include/antirollback.h
index b8ba909385..a48aa20002 100644
--- a/src/include/antirollback.h
+++ b/src/include/antirollback.h
@@ -21,6 +21,8 @@ enum vb2_pcr_digest;
  * want to use 0x1009 for something else. */
 #define BACKUP_NV_INDEX                 0x1009
 #define FWMP_NV_INDEX                   0x100a
+#define REC_HASH_NV_INDEX               0x100b
+#define REC_HASH_NV_SIZE                VB2_SHA256_DIGEST_SIZE
 
 /* Structure definitions for TPM spaces */
 
@@ -46,6 +48,13 @@ uint32_t antirollback_write_space_firmware(struct vb2_context *ctx);
  */
 uint32_t antirollback_lock_space_firmware(void);
 
+/* Read recovery hash data from TPM. */
+uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size);
+/* Write new hash data to recovery space in TPM. */
+uint32_t antirollback_write_space_rec_hash(const uint8_t *data, uint32_t size);
+/* Lock down recovery hash space in TPM. */
+uint32_t antirollback_lock_space_rec_hash(void);
+
 /****************************************************************************/
 
 /*