gsctool: add support for AP RO Verification V2 status

Implement AP RO Verification V2 status that ti50 will send via the same
TPM Vendor command: VENDOR_CC_GET_AP_RO_STATUS

See ti50 impl in  chrome-internal:5070449

BUG=b:256892104
TEST=manually verified all V2 return values from ti50

Change-Id: I95c071046054075c045d8e698946dc81e55c64dd
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3999806
Tested-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>

2 files changed, 56 insertions, 0 deletions

diff --git a/extra/usb_updater/gsctool.c b/extra/usb_updater/gsctool.c
index ff4857de1d..a000182e19 100644
--- a/extra/usb_updater/gsctool.c
+++ b/extra/usb_updater/gsctool.c
@@ -2568,12 +2568,14 @@ static int process_get_apro_boot_status(struct transfer_descriptor *td)
 		printf("not run\n");
 		break;
 	case AP_RO_PASS:
+	case AP_RO_V2_SUCCESS:
 		printf("pass\n");
 		break;
 	case AP_RO_PASS_UNVERIFIED_GBB:
 		printf("pass - unverified gbb!\n");
 		break;
 	case AP_RO_FAIL:
+	case AP_RO_V2_FAILED_VERIFICATION:
 		printf("FAIL\n");
 		break;
 	case AP_RO_UNSUPPORTED_TRIGGERED:
@@ -2588,7 +2590,44 @@ static int process_get_apro_boot_status(struct transfer_descriptor *td)
 	case AP_RO_IN_PROGRESS:
 		printf("in progress.");
 		break;
+	case AP_RO_V2_INCONSISTENT_GSCVD:
+		printf("inconsistent gscvd\n");
+		break;
+	case AP_RO_V2_INCONSISTENT_KEYBLOCK:
+		printf("inconsistent keyblock\n");
+		break;
+	case AP_RO_V2_INCONSISTENT_KEY:
+		printf("inconsistent key\n");
+		break;
+	case AP_RO_V2_SPI_READ:
+		printf("spi read failure\n");
+		break;
+	case AP_RO_V2_UNSUPPORTED_CRYPTO_ALGORITHM:
+		printf("unsupported crypto algo\n");
+		break;
+	case AP_RO_V2_VERSION_MISMATCH:
+		printf("header version mismatch\n");
+		break;
+	case AP_RO_V2_OUT_OF_MEMORY:
+		printf("out of memory\n");
+		break;
+	case AP_RO_V2_INTERNAL:
+		printf("internal\n");
+		break;
+	case AP_RO_V2_TOO_BIG:
+		printf("too many areas\n");
+		break;
+	case AP_RO_V2_MISSING_GSCVD:
+		printf("missing gscvd\n");
+		break;
+	case AP_RO_V2_BOARD_ID_MISMATCH:
+		printf("board id mismatch\n");
+		break;
+	case AP_RO_V2_SETTING_NOT_PROVISIONED:
+		printf("setting not provisioned\n");
+		break;
 	default:
+		printf("unknown\n");
 		fprintf(stderr, "unknown status\n");
 		return update_error;
 	}
diff --git a/include/ap_ro_integrity_check.h b/include/ap_ro_integrity_check.h
index 5803828f8b..0591742cc8 100644
--- a/include/ap_ro_integrity_check.h
+++ b/include/ap_ro_integrity_check.h
@@ -9,6 +9,7 @@
 #include "flash_log.h"
 
 enum ap_ro_status {
+	/* All AP RO Verification V1 statuses are less than 20 */
 	AP_RO_NOT_RUN = 0,
 	AP_RO_PASS_UNVERIFIED_GBB = 1,
 	AP_RO_FAIL = 2,
@@ -17,6 +18,22 @@ enum ap_ro_status {
 	AP_RO_UNSUPPORTED_TRIGGERED = 5,
 	AP_RO_PASS = 6,
 	AP_RO_IN_PROGRESS = 7,
+	/* All AP RO Verification V2 status are 20 or greater */
+	AP_RO_V2_SUCCESS = 20,
+	AP_RO_V2_FAILED_VERIFICATION = 21,
+	AP_RO_V2_INCONSISTENT_GSCVD = 22,
+	AP_RO_V2_INCONSISTENT_KEYBLOCK = 23,
+	AP_RO_V2_INCONSISTENT_KEY = 24,
+	AP_RO_V2_SPI_READ = 25,
+	AP_RO_V2_UNSUPPORTED_CRYPTO_ALGORITHM = 26,
+	AP_RO_V2_VERSION_MISMATCH = 27,
+	AP_RO_V2_OUT_OF_MEMORY = 28,
+	AP_RO_V2_INTERNAL = 29,
+	AP_RO_V2_TOO_BIG = 30,
+	AP_RO_V2_MISSING_GSCVD = 31,
+	AP_RO_V2_BOARD_ID_MISMATCH = 32,
+	AP_RO_V2_SETTING_NOT_PROVISIONED = 33,
+	AP_RO_V2_UNKNOWN = 34,
 };
 /*
  * validate_ap_ro: based on information saved in an H1 RO flash page verify