Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/30831 )
Change subject: vendorcode/eltan/security/lib: Add hashing library used for measured and verified boot. ......................................................................
Patch Set 4:
Patch Set 4: Code-Review-1
Would it make sence to adapt this patch for now? In later stage this lib can be merged/move from vendorcode?
This should not be moved out of vendorcode the way it is done here. We should not be duplicating this code. Our goal with vboot is to integrate it as a generic security library that can offer both high-level verification services as well as individual low-level crypto primitives. We should *not* be duplicating the same functionality between vboot and coreboot.
FWIW I don't think this should be committed even here, because it's going down the wrong path and the alternative is honestly not that hard to achieve (you just need a handful of changes to src/security/vboot/Makefile.inc to make it build and link the library even when CONFIG_VBOOT is false, and then you can literally just call vb2api_digest_buffer() wherever you want). I don't care that much about what you're doing in vendorcode, but if you ever plan to move this out it would save you effort later to just do it correctly right away.
I also don't understand any of the mboot stuff. We have measured boot support in the tree now, you should be using that or suggesting ways to adapt it to what you need rather than rolling your own.
Some background about this vendorcode: This 'vendorcode' measured (and) library were created before this all of this was available in the coreboot. From reviewers was the request to place this code in 'vendorcode'. At that stage someone pointed to gerrit patches with mboot support. This patches results into gerrit build issues at that moment.