key_rotation: Support image_family restriction
Check the IMAGE_FAMILY from BIOS key against the image family of the BIOS image.
Tested:
- Failure Example:
```
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: libcr51sign_validate: potential image descriptor found @10000
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: check cr51hash: b15fef5a03633bc69e1b1fea284e199272a331b66234b6da4304766a53306133
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: Hoth RoT config defined 0 KEY_ROTATION_CHUNK_TYPE_CODE_BASH
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: Not match any trusted bios allowed hash
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: Calculating fingerprint of key in CR51 signature structure with scheme(SIGNATURE_RSA3072_PKCS15), size(780)
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: fingerprint of key in CR51 signature: ba6681661fb19e5f5fa59453257f8a5edc020787caf7d60668ab8dfc40de7b8d
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: Hoth RoT config defined 1 KEY_ROTATION_CHUNK_TYPE_CODE_BKEY
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: trusted bios key finger print in KEY_ROTATION_CHUNK_TYPE_CODE_BKEY_0: ba6681661fb19e5f5fa59453257f8a5edc020787caf7d60668ab8dfc40de7b8d
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: Match trusted bios key finger print in KEY_ROTATION_CHUNK_TYPE_CODE_BKEY_0, but mismatch IMAGE_FAMILY 117 vs. 162
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: Not match any trusted bios key
Dec 15 23:12:49 ladai15-nfd11.prod.google.com msvfud[4718]: validate_signature_with_key_in_signature_struct: key in signature struct is not trusted
```
Google-Bug-Id: 466454964
Google-Bug-Id: 468135652
Change-Id: Iaba285d29681529a1b21610ae3434162f4c1471d
Signed-off-by: Willy Tu <wltu@google.com>
2 files changed
