1 files changed, 14 insertions, 1 deletions

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index fdb6a72f..f185ec4d 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -895,7 +895,11 @@ void vb2ex_printf(const char *func, const char *fmt, ...);
  * Initialize the hardware crypto engine to calculate a block-style digest.
  *
  * @param hash_alg	Hash algorithm to use
- * @param data_size	Expected total size of data to hash
+ * @param data_size	Expected total size of data to hash, or 0. If 0, the
+ *			total size is not known in advance. Implementations that
+ *			cannot handle unknown sizes should return UNSUPPORTED
+ *			in that case. If the value is non-zero, implementations
+ *			can trust it to be accurate.
  * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal).
  */
 vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
@@ -948,6 +952,15 @@ vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key,
 				  uint32_t *workbuf32, int exp);
 
 /*
+ * Report if hardware crypto is allowed in the current context. It may be
+ * disabled by TPM flag and is categorically disallowed in recovery mode.
+ *
+ * @param ctx		Vboot context
+ * @returns 1 if hardware crypto is allowed, 0 if it is forbidden.
+ */
+bool vb2api_hwcrypto_allowed(struct vb2_context *ctx);
+
+/*
  * Abort vboot flow due to a failed assertion or broken assumption.
  *
  * Likely due to caller misusing vboot (e.g. calling API functions