New anti-rollback strategy (no TPM NVRAM write cycles for locking).

src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c

Index: src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
diff --git a/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c b/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
index 5a6afcfa82a37b9f73bb59894cbf28747262b932..6cfb1970f5eabb35bb5e3d754dd7ff9345766b9f 100644
--- a/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
+++ b/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
@@ -447,13 +447,12 @@ int VerifyKernelDriver_f(uint8_t* firmware_key_blob,
     try_kernel[i]->boot_priority = 0;
     }  /* for loop. */
 
-  /* Lock Kernel TPM rollback indices from further writes.
-   * TODO(gauravsh): Figure out if these can be combined into one
-   * 32-bit location since we seem to always use them together. This can help
-   * us minimize the number of NVRAM writes/locks (which are limited over flash
-   * memory lifetimes.
+  /* Lock Kernel TPM rollback indices from further writes.  In this design,
+   * this is tied to locking physical presence---so (software) physical
+   * presence cannot be asserted after this point.  This is a big side effect,
+   * so we want to make it clear in the function name.
+   * TODO(gauravsh): figure out better abstractions.
    */
-  LockStoredVersion(KERNEL_KEY_VERSION);
-  LockStoredVersion(KERNEL_VERSION);
+  LockKernelVersionsByLockingPP();
   return kernel_to_boot;
 }