zephyr/Kconfig: Add downgrade prevention to swaps
Downgrade prevention for swap upgrades that was added to
mcuboot is now configurable in zephyr.
It may be using software version number from image in slot 0,
or security counter from the image in slot 0 (for limited downgrade
availability).
Hardware base security counter check remains unchanged.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index f6868b1..7492585 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -548,7 +548,7 @@
config MCUBOOT_DOWNGRADE_PREVENTION
bool "SW based downgrade prevention"
- depends on BOOT_UPGRADE_ONLY
+ depends on !BOOT_DIRECT_XIP
help
Prevent downgrades by enforcing incrementing version numbers.
When this option is set, any upgrade must have greater major version
@@ -556,6 +556,17 @@
only protects against some attacks against version downgrades (for
example, a JTAG could be used to write an older version).
+config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
+ bool "Use image security counter instead of version number"
+ depends on MCUBOOT_DOWNGRADE_PREVENTION
+ depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH)
+ help
+ Security counter is used for version eligibility check instead of pure
+ version. When this option is set, any upgrade must have greater or
+ equal security counter value.
+ Because of the acceptance of equal values it allows for software
+ downgrades to some extent.
+
config MCUBOOT_HW_DOWNGRADE_PREVENTION
bool "HW based downgrade prevention"
help