diff options
Diffstat (limited to 'firmware/2lib/include/2api.h')
-rw-r--r-- | firmware/2lib/include/2api.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index fdb6a72f..f185ec4d 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -895,7 +895,11 @@ void vb2ex_printf(const char *func, const char *fmt, ...); * Initialize the hardware crypto engine to calculate a block-style digest. * * @param hash_alg Hash algorithm to use - * @param data_size Expected total size of data to hash + * @param data_size Expected total size of data to hash, or 0. If 0, the + * total size is not known in advance. Implementations that + * cannot handle unknown sizes should return UNSUPPORTED + * in that case. If the value is non-zero, implementations + * can trust it to be accurate. * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal). */ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, @@ -948,6 +952,15 @@ vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key, uint32_t *workbuf32, int exp); /* + * Report if hardware crypto is allowed in the current context. It may be + * disabled by TPM flag and is categorically disallowed in recovery mode. + * + * @param ctx Vboot context + * @returns 1 if hardware crypto is allowed, 0 if it is forbidden. + */ +bool vb2api_hwcrypto_allowed(struct vb2_context *ctx); + +/* * Abort vboot flow due to a failed assertion or broken assumption. * * Likely due to caller misusing vboot (e.g. calling API functions |