diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 5d2775f..1a616d5 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -118,5 +118,8 @@
 
 	sd->hash_remaining_size -= size;
 
-	return vb2_digest_extend(dc, buf, size);
+	if (dc->using_hwcrypto)
+		return vb2ex_hwcrypto_digest_extend(buf, size);
+	else
+		return vb2_digest_extend(dc, buf, size);
 }
diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c
index 47581ea..6f76b4e 100644
--- a/firmware/2lib/2sha_utility.c
+++ b/firmware/2lib/2sha_utility.c
@@ -84,6 +84,7 @@
 		    enum vb2_hash_algorithm hash_alg)
 {
 	dc->hash_alg = hash_alg;
+	dc->using_hwcrypto = 0;
 
 	switch (dc->hash_alg) {
 #if VB2_SUPPORT_SHA1
diff --git a/firmware/2lib/2stub.c b/firmware/2lib/2stub.c
index 7c9e5b1..375d4fa 100644
--- a/firmware/2lib/2stub.c
+++ b/firmware/2lib/2stub.c
@@ -8,11 +8,13 @@
 #include "2sysincludes.h"
 #include "2api.h"
 
+__attribute__((weak))
 int vb2ex_tpm_clear_owner(struct vb2_context *ctx)
 {
 	return VB2_ERROR_EX_TPM_CLEAR_OWNER_UNIMPLEMENTED;
 }
 
+__attribute__((weak))
 int vb2ex_read_resource(struct vb2_context *ctx,
 			enum vb2_resource_index index,
 			uint32_t offset,
@@ -21,3 +23,24 @@
 {
 	return VB2_ERROR_EX_READ_RESOURCE_UNIMPLEMENTED;
 }
+
+__attribute__((weak))
+int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
+			       uint32_t data_size)
+{
+	return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+}
+
+__attribute__((weak))
+int vb2ex_hwcrypto_digest_extend(const uint8_t *buf,
+				 uint32_t size)
+{
+	return VB2_ERROR_SHA_EXTEND_ALGORITHM;	/* Should not be called. */
+}
+
+__attribute__((weak))
+int vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
+				   uint32_t digest_size)
+{
+	return VB2_ERROR_SHA_FINALIZE_ALGORITHM; /* Should not be called. */
+}
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 1ce6a09..0c5792d 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -21,6 +21,7 @@
 #define VBOOT_2_API_H_
 #include <stdint.h>
 
+#include "2crypto.h"
 #include "2fw_hash_tags.h"
 #include "2guid.h"
 #include "2recovery_reasons.h"
@@ -364,4 +365,33 @@
 			uint32_t size);
 
 void vb2ex_printf(const char *func, const char *fmt, ...);
+
+/**
+ * Initialize the hardware crypto engine to calculate a block-style digest.
+ *
+ * @param hash_alg	Hash algorithm to use
+ * @param data_size	Expected total size of data to hash
+ * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal).
+ */
+int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
+			       uint32_t data_size);
+
+/**
+ * Extend the hash in the hardware crypto engine with another block of data.
+ *
+ * @param buf		Next data block to hash
+ * @param size		Length of data block in bytes
+ * @return VB2_SUCCESS, or non-zero error code.
+ */
+int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size);
+
+/**
+ * Finalize the digest in the hardware crypto engine and extract the result.
+ *
+ * @param digest	Destination buffer for resulting digest
+ * @param digest_size	Length of digest buffer in bytes
+ * @return VB2_SUCCESS, or non-zero error code.
+ */
+int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size);
+
 #endif  /* VBOOT_2_API_H_ */
diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h
index e930de8..559a8ed 100644
--- a/firmware/2lib/include/2crypto.h
+++ b/firmware/2lib/include/2crypto.h
@@ -28,4 +28,35 @@
 	VB2_ALG_COUNT
 };
 
+/* Algorithm types for signatures */
+enum vb2_signature_algorithm {
+	/* Invalid or unsupported signature type */
+	VB2_SIG_INVALID = 0,
+
+	/*
+	 * No signature algorithm.  The digest is unsigned.  See
+	 * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm.
+	 */
+	VB2_SIG_NONE = 1,
+
+	/* RSA algorithms of the given length in bits (1024-8192) */
+	VB2_SIG_RSA1024 = 2,  /* Warning!  This is likely to be deprecated! */
+	VB2_SIG_RSA2048 = 3,
+	VB2_SIG_RSA4096 = 4,
+	VB2_SIG_RSA8192 = 5,
+};
+
+/* Algorithm types for hash digests */
+enum vb2_hash_algorithm {
+	/* Invalid or unsupported digest type */
+	VB2_HASH_INVALID = 0,
+
+	/* SHA-1.  Warning: This is likely to be deprecated soon! */
+	VB2_HASH_SHA1 = 1,
+
+	/* SHA-256 and SHA-512 */
+	VB2_HASH_SHA256 = 2,
+	VB2_HASH_SHA512 = 3,
+};
+
 #endif /* VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ */
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 2cffc56..53e0102 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -446,6 +446,9 @@
 	/* TPM clear owner not implemented */
 	VB2_ERROR_EX_TPM_CLEAR_OWNER_UNIMPLEMENTED,
 
+	/* Hardware crypto engine doesn't support this algorithm (non-fatal) */
+	VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED,
+
 
         /**********************************************************************
 	 * Errors generated by host library (non-firmware) start here.
diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h
index 5879236..221d185 100644
--- a/firmware/2lib/include/2sha.h
+++ b/firmware/2lib/include/2sha.h
@@ -78,6 +78,9 @@
 
 	/* Current hash algorithm */
 	enum vb2_hash_algorithm hash_alg;
+
+	/* 1 if digest is computed with vb2ex_hwcrypto routines, else 0 */
+	int using_hwcrypto;
 };
 
 /**
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index c0cd907..5e2757b 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -9,37 +9,7 @@
 #ifndef VBOOT_REFERENCE_VBOOT_2STRUCT_H_
 #define VBOOT_REFERENCE_VBOOT_2STRUCT_H_
 #include <stdint.h>
-
-/* Algorithm types for signatures */
-enum vb2_signature_algorithm {
-	/* Invalid or unsupported signature type */
-	VB2_SIG_INVALID = 0,
-
-	/*
-	 * No signature algorithm.  The digest is unsigned.  See
-	 * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm.
-	 */
-	VB2_SIG_NONE = 1,
-
-	/* RSA algorithms of the given length in bits (1024-8192) */
-	VB2_SIG_RSA1024 = 2,  /* Warning!  This is likely to be deprecated! */
-	VB2_SIG_RSA2048 = 3,
-	VB2_SIG_RSA4096 = 4,
-	VB2_SIG_RSA8192 = 5,
-};
-
-/* Algorithm types for hash digests */
-enum vb2_hash_algorithm {
-	/* Invalid or unsupported digest type */
-	VB2_HASH_INVALID = 0,
-
-	/* SHA-1.  Warning: This is likely to be deprecated soon! */
-	VB2_HASH_SHA1 = 1,
-
-	/* SHA-256 and SHA-512 */
-	VB2_HASH_SHA256 = 2,
-	VB2_HASH_SHA512 = 3,
-};
+#include "2crypto.h"
 
 /*
  * Key block flags.
diff --git a/firmware/lib20/api.c b/firmware/lib20/api.c
index 16ad6dc..3fa492e 100644
--- a/firmware/lib20/api.c
+++ b/firmware/lib20/api.c
@@ -100,6 +100,24 @@
 	if (size)
 		*size = pre->body_signature.data_size;
 
+	if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) {
+		rv = vb2ex_hwcrypto_digest_init(key.hash_alg,
+						pre->body_signature.data_size);
+		if (!rv) {
+			VB2_DEBUG("Using HW crypto engine for hash_alg %d\n",
+				  key.hash_alg);
+			dc->hash_alg = key.hash_alg;
+			dc->using_hwcrypto = 1;
+			return VB2_SUCCESS;
+		}
+		if (rv != VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED)
+			return rv;
+		VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
+			  key.hash_alg);
+	} else {
+		VB2_DEBUG("HW crypto forbidden by preamble, using SW\n");
+	}
+
 	return vb2_digest_init(dc, key.hash_alg);
 }
 
@@ -139,7 +157,10 @@
 		return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
 
 	/* Finalize the digest */
-	rv = vb2_digest_finalize(dc, digest, digest_size);
+	if (dc->using_hwcrypto)
+		rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size);
+	else
+		rv = vb2_digest_finalize(dc, digest, digest_size);
 	if (rv)
 		return rv;
 
diff --git a/firmware/lib20/include/vb2_struct.h b/firmware/lib20/include/vb2_struct.h
index 136ce91..ec28e71 100644
--- a/firmware/lib20/include/vb2_struct.h
+++ b/firmware/lib20/include/vb2_struct.h
@@ -124,6 +124,8 @@
 /* Flags for VbFirmwarePreambleHeader.flags */
 /* Reserved; do not use */
 #define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001
+/* Do not allow use of any hardware crypto accelerators. */
+#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
 
 /* Premable block for rewritable firmware, vboot1 version 2.1.
  *
diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c
index beed98b..7c1aa01 100644
--- a/firmware/lib21/api.c
+++ b/firmware/lib21/api.c
@@ -47,7 +47,7 @@
 	struct vb2_digest_context *dc;
 	struct vb2_workbuf wb;
 	uint32_t hash_offset;
-	int i;
+	int i, rv;
 
 	vb2_workbuf_from_ctx(ctx, &wb);
 
@@ -93,6 +93,23 @@
 	if (size)
 		*size = sig->data_size;
 
+	if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) {
+		rv = vb2ex_hwcrypto_digest_init(sig->hash_alg, sig->data_size);
+		if (!rv) {
+			VB2_DEBUG("Using HW crypto engine for hash_alg %d\n",
+				  sig->hash_alg);
+			dc->hash_alg = sig->hash_alg;
+			dc->using_hwcrypto = 1;
+			return VB2_SUCCESS;
+		}
+		if (rv != VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED)
+			return rv;
+		VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
+			  sig->hash_alg);
+	} else {
+		VB2_DEBUG("HW crypto forbidden by preamble, using SW\n");
+	}
+
 	return vb2_digest_init(dc, sig->hash_alg);
 }
 
@@ -131,7 +148,10 @@
 		return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
 
 	/* Finalize the digest */
-	rv = vb2_digest_finalize(dc, digest, digest_size);
+	if (dc->using_hwcrypto)
+		rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size);
+	else
+		rv = vb2_digest_finalize(dc, digest, digest_size);
 	if (rv)
 		return rv;
 
diff --git a/firmware/lib21/include/vb2_struct.h b/firmware/lib21/include/vb2_struct.h
index d9921d9..62e1a08 100644
--- a/firmware/lib21/include/vb2_struct.h
+++ b/firmware/lib21/include/vb2_struct.h
@@ -291,6 +291,12 @@
 #define VB2_FW_PREAMBLE_VERSION_MAJOR 3
 #define VB2_FW_PREAMBLE_VERSION_MINOR 0
 
+/* Flags for vb2_fw_preamble.flags */
+/* Reserved; do not use */
+#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001
+/* Do not allow use of any hardware crypto accelerators. */
+#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
+
 /*
  * Firmware preamble
  *
diff --git a/tests/vb20_api_tests.c b/tests/vb20_api_tests.c
index a7be957..fbde39d 100644
--- a/tests/vb20_api_tests.c
+++ b/tests/vb20_api_tests.c
@@ -30,6 +30,12 @@
 
 /* Mocked function data */
 
+static enum {
+	HWCRYPTO_DISABLED,
+	HWCRYPTO_ENABLED,
+	HWCRYPTO_FORBIDDEN,
+} hwcrypto_state;
+
 static int retval_vb2_load_fw_keyblock;
 static int retval_vb2_load_fw_preamble;
 static int retval_vb2_digest_finalize;
@@ -74,6 +80,10 @@
 		(cc.workbuf + sd->workbuf_preamble_offset);
 	pre->body_signature.data_size = mock_body_size;
 	pre->body_signature.sig_size = mock_sig_size;
+	if (hwcrypto_state == HWCRYPTO_FORBIDDEN)
+		pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
+	else
+		pre->flags = 0;
 
 	sd->workbuf_data_key_offset = cc.workbuf_used;
 	sd->workbuf_data_key_size = sizeof(*k) + 8;
@@ -117,13 +127,51 @@
 	return VB2_SUCCESS;
 }
 
+int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
+			       uint32_t data_size)
+{
+	switch (hwcrypto_state) {
+	case HWCRYPTO_DISABLED:
+		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+	case HWCRYPTO_ENABLED:
+		if (hash_alg != mock_hash_alg)
+			return VB2_ERROR_SHA_INIT_ALGORITHM;
+		else
+			return VB2_SUCCESS;
+	case HWCRYPTO_FORBIDDEN:
+	default:
+		return VB2_ERROR_UNKNOWN;
+	}
+}
+
+int vb2ex_hwcrypto_digest_extend(const uint8_t *buf,
+				 uint32_t size)
+{
+	if (hwcrypto_state != HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
+
+	return VB2_SUCCESS;
+}
+
+int vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
+				   uint32_t digest_size)
+{
+	if (hwcrypto_state != HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
+
+	return retval_vb2_digest_finalize;
+}
+
 int vb2_digest_init(struct vb2_digest_context *dc,
 		    enum vb2_hash_algorithm hash_alg)
 {
+	if (hwcrypto_state == HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
 	if (hash_alg != mock_hash_alg)
 		return VB2_ERROR_SHA_INIT_ALGORITHM;
 
 	dc->hash_alg = hash_alg;
+	dc->using_hwcrypto = 0;
 
 	return VB2_SUCCESS;
 }
@@ -132,6 +180,8 @@
 		      const uint8_t *buf,
 		      uint32_t size)
 {
+	if (hwcrypto_state == HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
 	if (dc->hash_alg != mock_hash_alg)
 		return VB2_ERROR_SHA_EXTEND_ALGORITHM;
 
@@ -142,6 +192,8 @@
 			uint8_t *digest,
 			uint32_t digest_size)
 {
+	if (hwcrypto_state == HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
 	return retval_vb2_digest_finalize;
 }
 
@@ -268,12 +320,14 @@
 	TEST_EQ(vb2api_extend_hash(&cc, mock_body, 0),
 		VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend empty");
 
-	reset_common_data(FOR_EXTEND_HASH);
-	dc = (struct vb2_digest_context *)
-		(cc.workbuf + sd->workbuf_hash_offset);
-	dc->hash_alg = mock_hash_alg + 1;
-	TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size),
-		VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail");
+	if (hwcrypto_state != HWCRYPTO_ENABLED) {
+		reset_common_data(FOR_EXTEND_HASH);
+		dc = (struct vb2_digest_context *)
+			(cc.workbuf + sd->workbuf_hash_offset);
+		dc->hash_alg = mock_hash_alg + 1;
+		TEST_EQ(vb2api_extend_hash(&cc, mock_body, mock_body_size),
+			VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail");
+	}
 }
 
 static void check_hash_tests(void)
@@ -338,6 +392,21 @@
 int main(int argc, char* argv[])
 {
 	phase3_tests();
+
+	fprintf(stderr, "Running hash API tests without hwcrypto support...\n");
+	hwcrypto_state = HWCRYPTO_DISABLED;
+	init_hash_tests();
+	extend_hash_tests();
+	check_hash_tests();
+
+	fprintf(stderr, "Running hash API tests with hwcrypto support...\n");
+	hwcrypto_state = HWCRYPTO_ENABLED;
+	init_hash_tests();
+	extend_hash_tests();
+	check_hash_tests();
+
+	fprintf(stderr, "Running hash API tests with forbidden hwcrypto...\n");
+	hwcrypto_state = HWCRYPTO_FORBIDDEN;
 	init_hash_tests();
 	extend_hash_tests();
 	check_hash_tests();
diff --git a/tests/vb21_api_tests.c b/tests/vb21_api_tests.c
index 6c4e48d..c825bdb 100644
--- a/tests/vb21_api_tests.c
+++ b/tests/vb21_api_tests.c
@@ -41,6 +41,16 @@
 };
 
 /* Mocked function data */
+
+static enum {
+	HWCRYPTO_DISABLED,
+	HWCRYPTO_ENABLED,
+	HWCRYPTO_FORBIDDEN,
+} hwcrypto_state;
+
+static struct vb2_digest_context hwcrypto_emulation_dc;
+
+static int retval_hwcrypto;
 static int retval_vb2_load_fw_keyblock;
 static int retval_vb2_load_fw_preamble;
 
@@ -74,6 +84,8 @@
 	vb2_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
+	memset(&hwcrypto_emulation_dc, 0, sizeof(hwcrypto_emulation_dc));
+	retval_hwcrypto = VB2_SUCCESS;
 	retval_vb2_load_fw_keyblock = VB2_SUCCESS;
 	retval_vb2_load_fw_preamble = VB2_SUCCESS;
 
@@ -84,6 +96,10 @@
 		(ctx.workbuf + sd->workbuf_preamble_offset);
 	pre->hash_count = 3;
 	pre->hash_offset = sig_offset = sizeof(*pre);
+	if (hwcrypto_state == HWCRYPTO_FORBIDDEN)
+		pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
+	else
+		pre->flags = 0;
 
 	for (i = 0; i < 3; i++) {
 		vb2_sign_data(&sig, mock_body, mock_body_size - 16 * i,
@@ -118,6 +134,47 @@
 	return retval_vb2_load_fw_preamble;
 }
 
+int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
+			       uint32_t data_size)
+{
+	vb2_digest_init(&hwcrypto_emulation_dc, hash_alg);
+
+	switch (hwcrypto_state) {
+	case HWCRYPTO_DISABLED:
+		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+	case HWCRYPTO_ENABLED:
+		if (hash_alg != mock_hash_alg)
+			return VB2_ERROR_SHA_INIT_ALGORITHM;
+		else
+			return retval_hwcrypto;
+	case HWCRYPTO_FORBIDDEN:
+	default:
+		return VB2_ERROR_UNKNOWN;
+	}
+}
+
+int vb2ex_hwcrypto_digest_extend(const uint8_t *buf,
+				 uint32_t size)
+{
+	vb2_digest_extend(&hwcrypto_emulation_dc, buf, size);
+
+	if (hwcrypto_state != HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
+
+	return retval_hwcrypto;
+}
+
+int vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
+				   uint32_t digest_size)
+{
+	vb2_digest_finalize(&hwcrypto_emulation_dc, digest, digest_size);
+
+	if (hwcrypto_state != HWCRYPTO_ENABLED)
+		return VB2_ERROR_UNKNOWN;
+
+	return retval_hwcrypto;
+}
+
 /* Tests */
 
 static void phase3_tests(void)
@@ -195,6 +252,13 @@
 	sig->hash_alg = VB2_HASH_INVALID;
 	TEST_EQ(vb2api_init_hash2(&ctx, test_guid, &size),
 		VB2_ERROR_SHA_INIT_ALGORITHM, "init hash algorithm");
+
+	if (hwcrypto_state == HWCRYPTO_ENABLED) {
+		reset_common_data(FOR_MISC);
+		retval_hwcrypto = VB2_ERROR_MOCK;
+		TEST_EQ(vb2api_init_hash2(&ctx, test_guid, &size),
+			VB2_ERROR_MOCK, "init hash use hwcrypto");
+	}
 }
 
 static void extend_hash_tests(void)
@@ -223,12 +287,19 @@
 	TEST_EQ(vb2api_extend_hash(&ctx, mock_body, 0),
 		VB2_ERROR_API_EXTEND_HASH_SIZE, "hash extend empty");
 
-	reset_common_data(FOR_EXTEND_HASH);
-	dc = (struct vb2_digest_context *)
-		(ctx.workbuf + sd->workbuf_hash_offset);
-	dc->hash_alg = VB2_HASH_INVALID;
-	TEST_EQ(vb2api_extend_hash(&ctx, mock_body, mock_body_size),
-		VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail");
+	if (hwcrypto_state == HWCRYPTO_ENABLED) {
+		reset_common_data(FOR_EXTEND_HASH);
+		retval_hwcrypto = VB2_ERROR_MOCK;
+		TEST_EQ(vb2api_extend_hash(&ctx, mock_body, mock_body_size),
+			VB2_ERROR_MOCK, "hash extend use hwcrypto");
+	} else {
+		reset_common_data(FOR_EXTEND_HASH);
+		dc = (struct vb2_digest_context *)
+			(ctx.workbuf + sd->workbuf_hash_offset);
+		dc->hash_alg = VB2_HASH_INVALID;
+		TEST_EQ(vb2api_extend_hash(&ctx, mock_body, mock_body_size),
+			VB2_ERROR_SHA_EXTEND_ALGORITHM, "hash extend fail");
+	}
 }
 
 static void check_hash_tests(void)
@@ -267,20 +338,42 @@
 		VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST, "check hash workbuf");
 
 	reset_common_data(FOR_CHECK_HASH);
-	dc->hash_alg = VB2_HASH_INVALID;
-	*((uint8_t *)sig + sig->sig_offset) ^= 0x55;
-	TEST_EQ(vb2api_check_hash(&ctx),
-		VB2_ERROR_SHA_FINALIZE_ALGORITHM, "check hash finalize");
-
-	reset_common_data(FOR_CHECK_HASH);
 	*((uint8_t *)sig + sig->sig_offset) ^= 0x55;
 	TEST_EQ(vb2api_check_hash(&ctx),
 		VB2_ERROR_API_CHECK_HASH_SIG, "check hash sig");
+
+	if (hwcrypto_state == HWCRYPTO_ENABLED) {
+		reset_common_data(FOR_CHECK_HASH);
+		retval_hwcrypto = VB2_ERROR_MOCK;
+		TEST_EQ(vb2api_check_hash(&ctx),
+			VB2_ERROR_MOCK, "check hash use hwcrypto");
+	} else {
+		reset_common_data(FOR_CHECK_HASH);
+		dc->hash_alg = VB2_HASH_INVALID;
+		*((uint8_t *)sig + sig->sig_offset) ^= 0x55;
+		TEST_EQ(vb2api_check_hash(&ctx),
+			VB2_ERROR_SHA_FINALIZE_ALGORITHM, "check hash finaliz");
+	}
 }
 
 int main(int argc, char* argv[])
 {
 	phase3_tests();
+
+	fprintf(stderr, "Running hash API tests without hwcrypto support...\n");
+	hwcrypto_state = HWCRYPTO_DISABLED;
+	init_hash_tests();
+	extend_hash_tests();
+	check_hash_tests();
+
+	fprintf(stderr, "Running hash API tests with hwcrypto support...\n");
+	hwcrypto_state = HWCRYPTO_ENABLED;
+	init_hash_tests();
+	extend_hash_tests();
+	check_hash_tests();
+
+	fprintf(stderr, "Running hash API tests with forbidden hwcrypto...\n");
+	hwcrypto_state = HWCRYPTO_FORBIDDEN;
 	init_hash_tests();
 	extend_hash_tests();
 	check_hash_tests();