Found in b/68120953.

Currently we run most of the manufacturing process with GBB flags set to 0x39, which skips checking TPM rollback detection.

However, although very rare, if a device unfortunately get wrong TPM rollback values, then it'll have problem booting into release images in normal mode.

On Chromebooks this will be detected before shipping because we will boot into normal mode for battery cutoff.
On Chromeboxes this may be not discovered.

But no matter how, finding such failure in last minute after finalization is probably not a good idea.

We may improve the VerifyKeys step in gooftool, or split into VerifyTPMRollback and VerifyFirmwareKeys, to check tpm_fwver and tpm_kernver as well.

For how these values should be checked, please refer to src/platform/firmware/pack_dist/crosutil.sh#cros_check_tpm_key_version.