trunks_send: do not update pre 0.0.19 versions unless forced

The way the CR50 handles updates changed in version RW 0.0.19. In
general trunks_send should not be updating earlier versions, because
this would cause a TPM restart on resumes after suspend, the user
should explicitly express the need to update earlier versions.

This patch implements the new policy. In case an older Cr50 is
encountered and the --force command line option is not used, the
utility returns exit code of 2.

TEST=verified that attempts to update cr50 running 0.0.18 get
      processed as expected:

  localhost ~ # trunks_send --update /opt/google/cr50/firmware/
  protocol version: 6
  offsets: backup RO at 0x40000, backup RW at 0x4000
  Not updating from RW 0.0.18, use --force if necessary
  localhost ~ # echo $?
  localhost ~ #

     also verified that upload with --force succeeds.

Original Change-Id: I69553382888ea77f8084399e5eb9cbb0173abff5
Original Signed-off-by: Vadim Bendebury <>
Original Reviewed-on:
Original Reviewed-by: Andrey Pronin <>

Change-Id: I14aa224124771ca5f3e90c1dcbea613f8f3eae17
1 file changed