1 files changed, 10 insertions, 6 deletions

diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index c3355f8c..5e419340 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -109,14 +109,18 @@ enum vb2_secdata_kernel_flags {
 	VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2),
 
 	/*
-	 * Allow HW acceleration for RSA.
+	 * Allow HW acceleration for crypto
 	 *
-	 * RW firmware currently set this flag to enable RSA acceleration.
-	 * Verstage will use HW implementation for RSA only when
-	 * this flag is set.
+	 * RW firmware currently set this flag to enable HW acceleration
+	 * for crypto. Verstage will use HW implementation for RSA/SHA
+	 * only when this flag is set.
 	 *
-	 * Note: this will only allow/disallow HWCRYPTO for RSA.
-	 * Using HW for hash digest is controlled by flag in the FW preamble.
+	 * Note: We used a flag in the FW preamble for this before.
+	 * FW preamble was checked by verstage so the effect was immediate.
+	 * However with TPM flag we have to modify this in RW stage which is
+	 * after verstage, so even if we clear this flag the first boot
+	 * WILL use hwcrypto, RW stage will run and clear this flag and then
+	 * hwcrypto will be disabled from next boot.
 	 */
 	VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3),
 };