add option for rollback protection
Depends on 'MCUBOOT_OVERWRITE_ONLY' option since swap info is not protected
by signature
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 0a8f359..c40a8cd 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -346,4 +346,14 @@
help
Enables support of multi image update.
+config MCUBOOT_DOWNGRADE_PREVENTION
+ bool "Downgrade prevention"
+ depends on BOOT_UPGRADE_ONLY
+ help
+ Prevent downgrades by enforcing incrementing version numbers.
+ When this option is set, any upgrade must have greater major version
+ or greater minor version with equal major version. This mechanism
+ only protects against some attacks against version downgrades (for
+ example, a JTAG could be used to write an older version).
+
source "$ZEPHYR_BASE/Kconfig.zephyr"