vboot2: use hwcrypto for RSA when allowedfirmware-zork-13421.B

Add vb2ex_hwcrypto_rsa_verify support for RSA verification.
If firmware implements the function it will used instead of SW
implementation in vboot.

Also separate hwcrypto stubs to 2stub_hwcrypto.c for depthcharge and coreboot.
Depthcharge needs stubs but fails to compile 2stub.c

BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests
TEST=check hwcrypto is allowed/disallowed depending on nvmem flag

Change-Id: I85573e7cff31f32043db4b0a6b24b642856024e3
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353775
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2377545
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>

1 files changed, 4 insertions, 0 deletions

diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c
index 4e1250c0..a2d5b230 100644
--- a/firmware/lib20/misc.c
+++ b/firmware/lib20/misc.c
@@ -43,6 +43,8 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx)
 	/* Unpack the root key */
 	VB2_TRY(vb2_unpack_key_buffer(&root_key, key_data, key_size));
 
+	root_key.allow_hwcrypto = vb2_hwcrypto_rsa_allowed(ctx);
+
 	/* Load the firmware keyblock header after the root key */
 	kb = vb2_workbuf_alloc(&wb, sizeof(*kb));
 	if (!kb)
@@ -147,6 +149,8 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx)
 
 	VB2_TRY(vb2_unpack_key_buffer(&data_key, key_data, key_size));
 
+	data_key.allow_hwcrypto = vb2_hwcrypto_rsa_allowed(ctx);
+
 	/* Load the firmware preamble header */
 	pre = vb2_workbuf_alloc(&wb, sizeof(*pre));
 	if (!pre)