| # Copyright (c) 2017 Linaro Limited |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # |
| |
| mainmenu "MCUboot configuration" |
| |
| comment "MCUboot-specific configuration options" |
| |
| # Hidden option to mark a project as MCUboot |
| config MCUBOOT |
| default y |
| bool |
| select MPU_ALLOW_FLASH_WRITE if ARM_MPU |
| |
| if BOARD_HAS_NRF5_BOOTLOADER |
| |
| # When compiling MCUBoot, the image will be linked to the boot partition. |
| # Override .text offset to make sure it is set to zero. |
| # This is necessary when other bootloaders set a different default for |
| # application images which are not bootloaders. |
| |
| config TEXT_SECTION_OFFSET |
| default 0x00 |
| |
| endif # BOARD_HAS_NRF5_BOOTLOADER |
| |
| config BOOT_USE_MBEDTLS |
| bool |
| # Hidden option |
| default n |
| help |
| Use mbedTLS for crypto primitives. |
| |
| config BOOT_USE_TINYCRYPT |
| bool |
| # Hidden option |
| default n |
| # When building for ECDSA, we use our own copy of mbedTLS, so the |
| # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros |
| # will collide. |
| depends on ! MBEDTLS |
| help |
| Use TinyCrypt for crypto primitives. |
| |
| menu "MCUBoot settings" |
| |
| choice |
| prompt "Signature type" |
| default BOOT_SIGNATURE_TYPE_RSA |
| |
| config BOOT_SIGNATURE_TYPE_RSA |
| bool "RSA signatures" |
| select BOOT_USE_MBEDTLS |
| select MBEDTLS |
| |
| config BOOT_SIGNATURE_TYPE_ECDSA_P256 |
| bool "Elliptic curve digital signatures with curve P-256" |
| select BOOT_USE_TINYCRYPT |
| |
| endchoice |
| |
| config BOOT_SIGNATURE_KEY_FILE |
| string "PEM key file" |
| default "" |
| help |
| The key file will be parsed by imgtool's getpub command and a .c source |
| with the public key information will be written in a format expected by |
| MCUboot. |
| |
| config MBEDTLS_CFG_FILE |
| default "mcuboot-mbedtls-cfg.h" |
| |
| config BOOT_VALIDATE_SLOT0 |
| bool "Validate image slot 0 on every boot" |
| default y |
| help |
| If y, the bootloader attempts to validate the signature of |
| slot0 every boot. This adds the signature check time to |
| every boot, but can mitigate against some changes that are |
| able to modify the flash image itself. |
| |
| config BOOT_UPGRADE_ONLY |
| bool "Overwrite image updates instead of swapping" |
| default n |
| help |
| If y, overwrite slot0 with the upgrade image instead of |
| swapping them. This prevents the fallback recovery, but |
| uses a much simpler code path. |
| |
| config BOOT_BOOTSTRAP |
| bool "Boostrap erased slot0 from slot1" |
| default n |
| help |
| If y, enables bootstraping support. Bootstrapping allows an erased |
| slot0 to be initialized from a valid image in slot1. |
| If unsure, leave at the default value. |
| |
| config BOOT_ENCRYPT_RSA |
| bool "Support for encrypted upgrade images" |
| default n |
| help |
| If y, images in slot 1 can be encrypted and are decrypted |
| on the fly when upgrading to slot 0, as well as encrypted |
| back when swapping from slot 0 to slot 1. |
| |
| config BOOT_MAX_IMG_SECTORS |
| int "Maximum number of sectors per image slot" |
| default 128 |
| help |
| This option controls the maximum number of sectors that each of |
| the two image areas can contain. Smaller values reduce MCUboot's |
| memory usage; larger values allow it to support larger images. |
| If unsure, leave at the default value. |
| |
| config BOOT_ERASE_PROGRESSIVELY |
| bool "Erase flash progressively when receiving new firmware" |
| default y if SOC_NRF52840 |
| help |
| If enabled, flash is erased as necessary when receiving new firmware, |
| instead of erasing the whole image slot at once. This is necessary |
| on some hardware that has long erase times, to prevent long wait |
| times at the beginning of the DFU process. |
| |
| config ZEPHYR_TRY_MASS_ERASE |
| bool "Try to mass erase flash when flashing MCUboot image" |
| default y |
| help |
| If y, attempt to configure the Zephyr build system's "flash" |
| target to mass-erase the flash device before flashing the |
| MCUboot image. This ensures the scratch and other partitions |
| are in a consistent state. |
| |
| This is not available for all targets. |
| |
| config BOOT_HAVE_LOGGING |
| bool "MCUboot have logging enabled" |
| default y |
| select LOG |
| select LOG_IMMEDIATE |
| help |
| If y, enables logging on the serial port. The log level can |
| be defined by setting `CONFIG_MCUBOOT_LOG_LEVEL_*`. |
| If unsure, leave at the default value. |
| |
| if BOOT_HAVE_LOGGING |
| module = MCUBOOT |
| module-dep = LOG |
| module-str = Log level for MCUBOOT application |
| source "subsys/logging/Kconfig.template.log_config" |
| endif |
| |
| menuconfig MCUBOOT_SERIAL |
| bool "MCUboot serial recovery" |
| default n |
| select REBOOT |
| select GPIO |
| select SERIAL |
| select UART_INTERRUPT_DRIVEN |
| select BASE64 |
| select TINYCBOR |
| help |
| If y, enables a serial-port based update mode. This allows |
| MCUboot itself to load update images into flash over a UART. |
| If unsure, leave at the default value. |
| |
| if MCUBOOT_SERIAL |
| |
| choice |
| prompt "Serial device" |
| default BOOT_SERIAL_UART if !BOARD_NRF52840_PCA10059 |
| default BOOT_SERIAL_CDC_ACM if BOARD_NRF52840_PCA10059 |
| |
| config BOOT_SERIAL_UART |
| bool "UART" |
| # SERIAL and UART_INTERRUPT_DRIVEN already selected |
| |
| config BOOT_SERIAL_CDC_ACM |
| bool "CDC ACM" |
| select USB |
| select USB_DEVICE_STACK |
| select USB_CDC_ACM |
| |
| endchoice |
| |
| config BOOT_MAX_LINE_INPUT_LEN |
| int "Maximum command line length" |
| default 512 |
| help |
| Maximum length of commands transported over the serial port. |
| |
| config BOOT_SERIAL_DETECT_PORT |
| string "GPIO device to trigger serial recovery mode" |
| default GPIO_0 if SOC_FAMILY_NRF |
| help |
| Zephyr GPIO device which contains the pin used to trigger |
| serial recovery mode. |
| |
| config BOOT_SERIAL_DETECT_PIN |
| int "Pin to trigger serial recovery mode" |
| default 11 if BOARD_NRF52840_PCA10056 |
| default 13 if BOARD_NRF52_PCA10040 |
| help |
| Pin on the serial detect port which triggers serial recovery mode. |
| |
| config BOOT_SERIAL_DETECT_PIN_VAL |
| int "Serial detect pin trigger value" |
| default 0 |
| range 0 1 |
| help |
| Logic value of the detect pin which triggers serial recovery |
| mode. |
| |
| endif # MCUBOOT_SERIAL |
| |
| endmenu |
| |
| config MCUBOOT_DEVICE_SETTINGS |
| # Hidden selector for device-specific settings |
| bool |
| default y |
| # CPU options |
| select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 |
| # Enable flash page layout if available |
| select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT |
| # Enable flash_map module as flash I/O back-end |
| select FLASH_MAP |
| |
| config MCUBOOT_DEVICE_CPU_CORTEX_M0 |
| # Hidden selector for Cortex-M0 settings |
| bool |
| default n |
| select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP |
| |
| comment "Zephyr configuration options" |
| |
| config ZEPHYR_BASE |
| string |
| option env="ZEPHYR_BASE" |
| |
| source "$ZEPHYR_BASE/Kconfig.zephyr" |