Infineon: Switch to 1.9.0 code base, add xmc7000 family support, refactor memory layer
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 5d71cd2..3478234 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -65,7 +65,7 @@
uploading a new application overwrites the one that previously
occupied the area.
-choice
+choice BOOT_SIGNATURE_TYPE
prompt "Signature type"
default BOOT_SIGNATURE_TYPE_RSA
@@ -89,7 +89,7 @@
bool "Elliptic curve digital signatures with curve P-256"
if BOOT_SIGNATURE_TYPE_ECDSA_P256
-choice
+choice BOOT_ECDSA_IMPLEMENTATION
prompt "Ecdsa implementation"
default BOOT_ECDSA_TINYCRYPT
@@ -111,7 +111,7 @@
bool "Edwards curve digital signatures using ed25519"
if BOOT_SIGNATURE_TYPE_ED25519
-choice
+choice BOOT_ED25519_IMPLEMENTATION
prompt "Ecdsa implementation"
default BOOT_ED25519_TINYCRYPT
config BOOT_ED25519_TINYCRYPT
@@ -182,8 +182,20 @@
every boot, but can mitigate against some changes that are
able to modify the flash image itself.
+config BOOT_VALIDATE_SLOT0_ONCE
+ bool "Validate image in the primary slot just once after after upgrade"
+ depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT
+ default n
+ help
+ If y, the bootloader attempts to validate the signature of the
+ primary slot only once after an upgrade of the main slot.
+ It caches the result in the magic area, which makes it an unsecure
+ method. This option is usefull for lowering the boot up time for
+ low end devices with as a compromise lowering the security level.
+ If unsure, leave at the default value.
+
if !SINGLE_APPLICATION_SLOT
-choice
+choice BOOT_IMAGE_UPGRADE_MODE
prompt "Image upgrade modes"
default BOOT_SWAP_USING_MOVE if SOC_FAMILY_NRF
default BOOT_SWAP_USING_SCRATCH
@@ -257,9 +269,14 @@
JTAG/SWD or primary slot in external flash).
If unsure, leave at the default value.
+config BOOT_ENCRYPT_IMAGE
+ bool
+ help
+ Hidden option used to check if any image encryption is enabled.
+
config BOOT_ENCRYPT_RSA
bool "Support for encrypted upgrade images using RSA"
- default n
+ select BOOT_ENCRYPT_IMAGE
help
If y, images in the secondary slot can be encrypted and are decrypted
on the fly when upgrading to the primary slot, as well as encrypted
@@ -268,7 +285,7 @@
config BOOT_ENCRYPT_EC256
bool "Support for encrypted upgrade images using ECIES-P256"
- default n
+ select BOOT_ENCRYPT_IMAGE
help
If y, images in the secondary slot can be encrypted and are decrypted
on the fly when upgrading to the primary slot, as well as encrypted
@@ -278,7 +295,7 @@
config BOOT_ENCRYPT_X25519
bool "Support for encrypted upgrade images using ECIES-X25519"
- default n
+ select BOOT_ENCRYPT_IMAGE
help
If y, images in the secondary slot can be encrypted and are decrypted
on the fly when upgrading to the primary slot, as well as encrypted
@@ -287,6 +304,21 @@
described under "ECIES-X25519 encryption" in docs/encrypted_images.md.
endif # !SINGLE_APPLICATION_SLOT
+config BOOT_ENCRYPTION_KEY_FILE
+ string "encryption key file"
+ depends on BOOT_ENCRYPT_EC256 || BOOT_SERIAL_ENCRYPT_EC256
+ default "enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
+ default ""
+ help
+ You can use either absolute or relative path.
+ In case relative path is used, the build system assumes that it starts
+ from the directory where the MCUBoot KConfig configuration file is
+ located. If the key file is not there, the build system uses relative
+ path that starts from the MCUBoot repository root directory.
+ The key file will be parsed by imgtool's getpriv command and a .c source
+ with the public key information will be written in a format expected by
+ MCUboot.
+
config BOOT_MAX_IMG_SECTORS
int "Maximum number of sectors per image slot"
default 128
@@ -308,7 +340,7 @@
bool "Save application specific data in shared memory area"
default n
-choice
+choice BOOT_FAULT_INJECTION_HARDENING_PROFILE
prompt "Fault injection hardening profile"
default BOOT_FIH_PROFILE_OFF
@@ -465,7 +497,7 @@
if MCUBOOT_SERIAL
-choice
+choice BOOT_SERIAL_DEVICE
prompt "Serial device"
default BOOT_SERIAL_UART if !BOARD_NRF52840DONGLE_NRF52840
default BOOT_SERIAL_CDC_ACM if BOARD_NRF52840DONGLE_NRF52840
@@ -551,6 +583,11 @@
on some hardware that has long erase times, to prevent long wait
times at the beginning of the DFU process.
+config BOOT_MGMT_ECHO
+ bool "Enable echo command"
+ help
+ if enabled, support for the mcumgr echo command is being added.
+
menuconfig ENABLE_MGMT_PERUSER
bool "Enable system specific mcumgr commands"
help
@@ -576,6 +613,31 @@
statuses (custom property) for all images.
endif # ENABLE_MGMT_PERUSER
+
+config BOOT_SERIAL_ENCRYPT_EC256
+ bool "Support for encrypted upgrade images using ECIES-P256 in serial recovery upload"
+ default n
+ help
+ If y, uploaded images via serial recovery can be decrypted
+ on the fly when upgrading to the primary slot. The
+ encryption mechanism used in this case is ECIES using primitives
+ described under "ECIES-P256 encryption" in docs/encrypted_images.md.
+
+config BOOT_SERIAL_WAIT_FOR_DFU
+ bool "Wait for a prescribed duration to see if DFU is invoked by receiving a mcumgr comand"
+ depends on BOOT_SERIAL_UART
+ help
+ If y, MCUboot waits for a prescribed duration of time to allow
+ for DFU to be invoked. The serial recovery can be entered by receiving any
+ mcumgr command.
+
+config BOOT_SERIAL_WAIT_FOR_DFU_TIMEOUT
+ int "Duration to wait for the serial DFU timeout in ms"
+ default 500
+ depends on BOOT_SERIAL_WAIT_FOR_DFU
+ help
+ timeout in ms for MCUboot to wait to allow for DFU to be invoked.
+
endif # MCUBOOT_SERIAL
config BOOT_INTR_VEC_RELOC
@@ -594,7 +656,7 @@
help
Enables support of multi image update.
-choice
+choice BOOT_DOWNGRADE_PREVENTION_CHOICE
prompt "Downgrade prevention"
optional
@@ -692,4 +754,22 @@
bool
default n
+config MCUBOOT_VERIFY_IMG_ADDRESS
+ bool "Verify reset address of image in secondary slot"
+ depends on UPDATEABLE_IMAGE_NUMBER > 1
+ depends on !BOOT_ENCRYPT_IMAGE
+ depends on ARM
+ default y if BOOT_UPGRADE_ONLY
+ help
+ Verify that the reset address in the image located in the secondary slot
+ is contained within the corresponding primary slot. This is recommended
+ if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user
+ incorrectly uploads an update for image 1 to image 0's secondary slot
+ MCUboot will overwrite image 0's primary slot with this image even
+ though it will not boot. If swapping is enabled this will be handled
+ since the image will not confirm itself. If, however, swapping is not
+ enabled then the only mitigation is serial recovery. This feature can
+ also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image
+ linked at the correct address is loaded.
+
source "Kconfig.zephyr"