TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / fce873364e562b6977fbeab679a7839ee2dfb465^! / . / boot / zephyr / Kconfig
commitfce873364e562b6977fbeab679a7839ee2dfb465[log] [tgz]
authorTamas Ban <tamas.ban@arm.com>Fri Jul 10 12:40:11 2020 +0100
committerFabio Utzig <utzig@utzig.org>Fri Oct 02 07:31:11 2020 -0300
tree0cf7df4379468cdd76b71fbf374946f3164f1c47
parente8fe6cf2599a74e703438d400544fdd8b3e1174b [diff] [blame]
boot/zephyr: Add fault injection hardening profile to Zephyr config

Add fault injection hardening profile configuration to Zephyr config.
Default config is to not have any hardening in SW against hardware level
fault injection like clock or power glitching, EM pulse, laser beam, etc.

Change-Id: I67d22d257ead83e1e288de0ee7621aac32bf50eb
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 544224f..ec56dc2 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig

@@ -297,6 +297,42 @@
 	bool "Save application specific data in shared memory area"
 	default n
 
+choice
+	prompt "Fault injection hardening profile"
+	default BOOT_FIH_PROFILE_OFF
+
+config BOOT_FIH_PROFILE_OFF
+	bool "No hardening against hardware level fault injection"
+	help
+	  No hardening in SW against hardware level fault injection: power or
+	  clock glitching, etc.
+
+config BOOT_FIH_PROFILE_LOW
+	bool "Moderate level hardening against hardware level fault injection"
+	help
+	  Moderate level hardening: Long global fail loop to avoid break out,
+	  control flow integrity check to discover discrepancy in expected code
+	  flow.
+
+config BOOT_FIH_PROFILE_MEDIUM
+	bool "Medium level hardening against hardware level fault injection"
+	help
+	  Medium level hardening: Long global fail loop to avoid break out,
+	  control flow integrity check to discover discrepancy in expected code
+	  flow, double variables to discover register or memory corruption.
+
+config BOOT_FIH_PROFILE_HIGH
+	bool "Maximum level hardening against hardware level fault injection"
+	select MBEDTLS
+	help
+	  Maximum level hardening: Long global fail loop to avoid break out,
+	  control flow integrity check to discover discrepancy in expected code
+	  flow, double variables to discover register or memory corruption, random
+	  delays to make code execution less predictable. Random delays requires an
+	  entropy source.
+
+endchoice
+
 config BOOT_WAIT_FOR_USB_DFU
 	bool "Wait for a prescribed duration to see if USB DFU is invoked"
 	default n