zephyr: Revamp Makefile configuration
Instead of requiring edits to the Zephyr Makefile to change the
configuration, base the configuration on a few variables that can be set
when make is invoked. This will make automated testing easier.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/Makefile b/Makefile
index def6b51..88328d9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,27 +1,57 @@
# Makefile for building mcuboot as a Zephyr project.
+########################
# Configuration choices.
+########################
-#####################
-# Signature algorithm
-#####################
-# Choose one of RSA or ECDSA P-256 blocks, and uncomment the config
-# lines there, and comment out any other blocks.
+# Set this variable to determine the signature type used. Currently,
+# it should be set to either RSA, or ECDSA_P256. This value can be
+# overridden by the make invocation, e.g.:
+#
+# make SIGNATURE_TYPE=ECDSA_P256
+#
+CONF_SIGNATURE_TYPE ?= RSA
+# Should the bootloader attempt to validate the signature of slot0
+# when just booting. This adds the signature check time to every
+# boot, but can mitigate against some changes that are able to modify
+# the flash image itself. Set to "YES" for the validation, or any
+# other value to not.
+#
+CONF_VALIDATE_SLOT0 ?= YES
+
+# If this is set to YES, overwrite slot0 with the upgrade image
+# instead of swapping them. This prevents the fallback recovery, but
+# uses a much simpler code path.
+#
+CONF_UPGRADE_ONLY ?= NO
+
+##############################
+# End of configuration blocks.
+##############################
+
+ifeq ($(CONF_SIGNATURE_TYPE),RSA)
# RSA
CONF_FILE = boot/zephyr/prj.conf
CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
+else ifeq ($(CONF_SIGNATURE_TYPE),ECDSA_P256)
# ECDSA P-256
-#CONF_FILE = boot/zephyr/prj-p256.conf
-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
-#NEED_TINYCRYPT = y
-#export NEED_TINYCRYPT
+CONF_FILE = boot/zephyr/prj-p256.conf
+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
+NEED_TINYCRYPT = y
+export NEED_TINYCRYPT
+
+else
+$(error Invalid CONF_SIGNATURE_TYPE specified)
+endif
# Enable this option to have the bootloader verify the signature of
# the primary image upon every boot. Without it, signature
# verification only happens on upgrade.
+ifeq ($(CONF_VALIDATE_SLOT0),YES)
CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
+endif
# Enabling this option uses newer flash map APIs. This saves RAM and
# avoids deprecated API usage.
@@ -32,11 +62,9 @@
# Enable this option to not use the swapping code and just overwrite
# the image on upgrade.
-#CFLAGS += -DMCUBOOT_OVERWRITE_ONLY
-
-##############################
-# End of configuration blocks.
-##############################
+ifeq ($(CONF_UPGRADE_ONLY),YES)
+CFLAGS += -DMCUBOOT_OVERWRITE_ONLY
+endif
# The board should be set to one of the targets supported by
# mcuboot/Zephyr. These can be found in ``boot/zephyr/targets``