We can use the TPM counters to implement rollback protection.
Requirements:
- check version being booted is not less than TPM counter version
- make sure version checked is the version being booted so it can't be switched out after the check
- if version being booted has booted successfully bump tpm version counter to current version.
We can use the TPM counters to implement rollback protection.
Requirements: