Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/30831 )
Change subject: vendorcode/eltan Add hashing library used for measured and verified boot. ......................................................................
Patch Set 2:
As I mentioned on CL:1386444, you shouldn't be doing this. vboot is meant to be a library, not a collection of files to be pulled in individually. You can't just pull in files from a different code base and expect your CFLAGS and other environment factors to "just work" for them.
The correct solution for this is to build vboot_fw20.a separately and link to it like we're already doing in src/security/vboot/Makefile.inc. If you don't want to use CONFIG_VBOOT (i.e. don't actually want to use vboot for verification), you should refactor that Makefile so that the vboot library is always built and linked unconditionally, and CONFIG_VBOOT just determines whether coreboot's verification support code and code paths get built. This way code that doesn't want to use vboot for verification can still pull in crypto code from it.
I already discussed and agreed on this approach with Philipp once in CB:22872. I don't know if he had time to work on this since, but that's the general plan of action for how to get general crypto code into coreboot.