vboot: Add support for recovery hash space in TPM

1. Add a new index for recovery hash space in TPM - 0x100b
2. Add helper functions to read/write/lock recovery hash space in TPM
3. Add Kconfig option that can be selected by mainboards that want to
define this space.
4. Lock this new space while jumping from RO to RW.

BUG=chrome-os-partner:59355
BRANCH=None
TEST=Verified use of recovery hash space on reef.

Change-Id: I1cacd54f0a896d0f2af32d4b7c9ae581a918f9bb
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://review.coreboot.org/17273
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>

src/vboot/vboot_logic.c

@@ -416,6 +416,19 @@ void verstage_main(void)
 		vboot_reboot();
 	}
 
+	/* Lock rec hash space if available. */
+	if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE)) {
+		rv = antirollback_lock_space_rec_hash();
+		if (rv) {
+			printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n",
+			       rv);
+			vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR,
+				    0);
+			save_if_needed(&ctx);
+			vboot_reboot();
+		}
+	}
+
 	printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B');
 	vb2_set_selected_region(region_device_region(&fw_main));
 	timestamp_add_now(TS_END_VBOOT);