Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 1 | # Copyright (c) 2017 Linaro Limited |
| 2 | # |
| 3 | # SPDX-License-Identifier: Apache-2.0 |
| 4 | # |
| 5 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 6 | mainmenu "MCUboot configuration" |
Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 7 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 8 | comment "MCUboot-specific configuration options" |
Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 9 | |
Emanuele Di Santo | 865777d | 2018-11-08 11:28:15 +0100 | [diff] [blame] | 10 | # Hidden option to mark a project as MCUboot |
| 11 | config MCUBOOT |
| 12 | default y |
| 13 | bool |
Rajavardhan Gundi | 07ba28f | 2018-12-10 15:44:48 +0530 | [diff] [blame] | 14 | select MPU_ALLOW_FLASH_WRITE if ARM_MPU |
Andrzej Puzdrowski | 23d3c66 | 2019-03-18 14:12:22 +0100 | [diff] [blame] | 15 | select USE_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET |
Emanuele Di Santo | 865777d | 2018-11-08 11:28:15 +0100 | [diff] [blame] | 16 | |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 17 | config BOOT_USE_MBEDTLS |
| 18 | bool |
| 19 | # Hidden option |
| 20 | default n |
| 21 | help |
| 22 | Use mbedTLS for crypto primitives. |
| 23 | |
| 24 | config BOOT_USE_TINYCRYPT |
| 25 | bool |
| 26 | # Hidden option |
| 27 | default n |
Sebastian Bøe | 913a385 | 2019-01-22 13:53:12 +0100 | [diff] [blame] | 28 | # When building for ECDSA, we use our own copy of mbedTLS, so the |
| 29 | # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros |
| 30 | # will collide. |
| 31 | depends on ! MBEDTLS |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 32 | help |
| 33 | Use TinyCrypt for crypto primitives. |
| 34 | |
Sigvart Hovland | ebd0503 | 2019-03-21 10:47:32 +0100 | [diff] [blame] | 35 | config BOOT_USE_CC310 |
| 36 | bool |
| 37 | # Hidden option |
| 38 | default n |
| 39 | # When building for ECDSA, we use our own copy of mbedTLS, so the |
| 40 | # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros |
| 41 | # will collide. |
| 42 | depends on ! MBEDTLS |
| 43 | help |
| 44 | Use cc310 for crypto primitives. |
| 45 | |
| 46 | config BOOT_USE_NRF_CC310_BL |
| 47 | bool |
| 48 | default n |
| 49 | |
| 50 | config NRFXLIB_CRYPTO |
| 51 | bool |
| 52 | default n |
| 53 | |
| 54 | config NRF_CC310_BL |
| 55 | bool |
| 56 | default n |
| 57 | |
Andrzej Puzdrowski | 9754328 | 2018-04-12 15:16:56 +0200 | [diff] [blame] | 58 | menu "MCUBoot settings" |
| 59 | |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 60 | choice |
| 61 | prompt "Signature type" |
| 62 | default BOOT_SIGNATURE_TYPE_RSA |
| 63 | |
| 64 | config BOOT_SIGNATURE_TYPE_RSA |
| 65 | bool "RSA signatures" |
| 66 | select BOOT_USE_MBEDTLS |
Marti Bolivar | a4818a5 | 2018-04-12 13:02:38 -0400 | [diff] [blame] | 67 | select MBEDTLS |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 68 | |
| 69 | config BOOT_SIGNATURE_TYPE_ECDSA_P256 |
| 70 | bool "Elliptic curve digital signatures with curve P-256" |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 71 | |
Sigvart Hovland | ebd0503 | 2019-03-21 10:47:32 +0100 | [diff] [blame] | 72 | if BOOT_SIGNATURE_TYPE_ECDSA_P256 |
| 73 | choice |
| 74 | prompt "Ecdsa implementation" |
| 75 | default BOOT_TINYCRYPT |
| 76 | config BOOT_TINYCRYPT |
| 77 | bool "Use tinycrypt" |
| 78 | select BOOT_USE_TINYCRYPT |
| 79 | config BOOT_CC310 |
| 80 | bool "Use CC310" |
| 81 | select BOOT_USE_NRF_CC310_BL if HAS_HW_NRF_CC310 |
| 82 | select NRF_CC310_BL if HAS_HW_NRF_CC310 |
| 83 | select NRFXLIB_CRYPTO if SOC_FAMILY_NRF |
| 84 | select BOOT_USE_CC310 |
| 85 | endchoice |
| 86 | endif |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 87 | endchoice |
| 88 | |
Fabio Utzig | c690c76 | 2018-04-26 10:51:09 -0300 | [diff] [blame] | 89 | config BOOT_SIGNATURE_KEY_FILE |
| 90 | string "PEM key file" |
| 91 | default "" |
| 92 | help |
| 93 | The key file will be parsed by imgtool's getpub command and a .c source |
| 94 | with the public key information will be written in a format expected by |
| 95 | MCUboot. |
| 96 | |
Marti Bolivar | a4818a5 | 2018-04-12 13:02:38 -0400 | [diff] [blame] | 97 | config MBEDTLS_CFG_FILE |
| 98 | default "mcuboot-mbedtls-cfg.h" |
| 99 | |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 100 | config BOOT_VALIDATE_SLOT0 |
David Vincze | 2d736ad | 2019-02-18 11:50:22 +0100 | [diff] [blame] | 101 | bool "Validate image in the primary slot on every boot" |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 102 | default y |
| 103 | help |
David Vincze | 2d736ad | 2019-02-18 11:50:22 +0100 | [diff] [blame] | 104 | If y, the bootloader attempts to validate the signature of the |
| 105 | primary slot every boot. This adds the signature check time to |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 106 | every boot, but can mitigate against some changes that are |
| 107 | able to modify the flash image itself. |
| 108 | |
| 109 | config BOOT_UPGRADE_ONLY |
| 110 | bool "Overwrite image updates instead of swapping" |
| 111 | default n |
| 112 | help |
David Vincze | 2d736ad | 2019-02-18 11:50:22 +0100 | [diff] [blame] | 113 | If y, overwrite the primary slot with the upgrade image instead |
| 114 | of swapping them. This prevents the fallback recovery, but |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 115 | uses a much simpler code path. |
| 116 | |
Fabio Utzig | d0533ed | 2018-12-19 07:56:33 -0200 | [diff] [blame] | 117 | config BOOT_BOOTSTRAP |
David Vincze | 2d736ad | 2019-02-18 11:50:22 +0100 | [diff] [blame] | 118 | bool "Boostrap erased the primary slot from the secondary slot" |
Fabio Utzig | d0533ed | 2018-12-19 07:56:33 -0200 | [diff] [blame] | 119 | default n |
| 120 | help |
| 121 | If y, enables bootstraping support. Bootstrapping allows an erased |
David Vincze | 2d736ad | 2019-02-18 11:50:22 +0100 | [diff] [blame] | 122 | primary slot to be initialized from a valid image in the secondary slot. |
Fabio Utzig | d0533ed | 2018-12-19 07:56:33 -0200 | [diff] [blame] | 123 | If unsure, leave at the default value. |
| 124 | |
Fabio Utzig | 5fe874c | 2018-08-31 07:41:50 -0300 | [diff] [blame] | 125 | config BOOT_ENCRYPT_RSA |
| 126 | bool "Support for encrypted upgrade images" |
| 127 | default n |
| 128 | help |
David Vincze | 2d736ad | 2019-02-18 11:50:22 +0100 | [diff] [blame] | 129 | If y, images in the secondary slot can be encrypted and are decrypted |
| 130 | on the fly when upgrading to the primary slot, as well as encrypted |
| 131 | back when swapping from the primary slot to the secondary slot. |
Fabio Utzig | 5fe874c | 2018-08-31 07:41:50 -0300 | [diff] [blame] | 132 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 133 | config BOOT_MAX_IMG_SECTORS |
| 134 | int "Maximum number of sectors per image slot" |
| 135 | default 128 |
| 136 | help |
| 137 | This option controls the maximum number of sectors that each of |
| 138 | the two image areas can contain. Smaller values reduce MCUboot's |
| 139 | memory usage; larger values allow it to support larger images. |
| 140 | If unsure, leave at the default value. |
| 141 | |
Emanuele Di Santo | 205c8c6 | 2018-07-20 11:42:31 +0200 | [diff] [blame] | 142 | config BOOT_ERASE_PROGRESSIVELY |
| 143 | bool "Erase flash progressively when receiving new firmware" |
| 144 | default y if SOC_NRF52840 |
| 145 | help |
| 146 | If enabled, flash is erased as necessary when receiving new firmware, |
| 147 | instead of erasing the whole image slot at once. This is necessary |
| 148 | on some hardware that has long erase times, to prevent long wait |
| 149 | times at the beginning of the DFU process. |
| 150 | |
Rajavardhan Gundi | 51c9d70 | 2019-02-20 14:08:52 +0530 | [diff] [blame] | 151 | config BOOT_WAIT_FOR_USB_DFU |
| 152 | bool "Wait for a prescribed duration to see if USB DFU is invoked" |
| 153 | default n |
| 154 | select USB |
| 155 | select USB_DFU_CLASS |
| 156 | select IMG_MANAGER |
| 157 | help |
| 158 | If y, MCUboot waits for a prescribed duration of time to allow |
| 159 | for USB DFU to be invoked. Please note DFU always updates the |
| 160 | slot1 image. |
| 161 | |
Marti Bolivar | bc2fa4e | 2018-04-12 12:18:32 -0400 | [diff] [blame] | 162 | config ZEPHYR_TRY_MASS_ERASE |
| 163 | bool "Try to mass erase flash when flashing MCUboot image" |
| 164 | default y |
| 165 | help |
| 166 | If y, attempt to configure the Zephyr build system's "flash" |
| 167 | target to mass-erase the flash device before flashing the |
| 168 | MCUboot image. This ensures the scratch and other partitions |
| 169 | are in a consistent state. |
| 170 | |
| 171 | This is not available for all targets. |
| 172 | |
Fabio Utzig | 9a4b9ba | 2018-05-07 08:31:27 -0300 | [diff] [blame] | 173 | config BOOT_HAVE_LOGGING |
| 174 | bool "MCUboot have logging enabled" |
| 175 | default y |
Emanuele Di Santo | 9f1933d | 2018-11-20 10:59:59 +0100 | [diff] [blame] | 176 | select LOG |
Michael Scott | cef4427 | 2019-02-01 11:12:15 -0800 | [diff] [blame] | 177 | select LOG_IMMEDIATE |
Fabio Utzig | 9a4b9ba | 2018-05-07 08:31:27 -0300 | [diff] [blame] | 178 | help |
| 179 | If y, enables logging on the serial port. The log level can |
Michael Scott | 74ceae5 | 2019-02-01 14:01:09 -0800 | [diff] [blame] | 180 | be defined by setting `CONFIG_MCUBOOT_LOG_LEVEL_*`. |
Fabio Utzig | 9a4b9ba | 2018-05-07 08:31:27 -0300 | [diff] [blame] | 181 | If unsure, leave at the default value. |
| 182 | |
Michael Scott | 74ceae5 | 2019-02-01 14:01:09 -0800 | [diff] [blame] | 183 | if BOOT_HAVE_LOGGING |
| 184 | module = MCUBOOT |
| 185 | module-dep = LOG |
| 186 | module-str = Log level for MCUBOOT application |
| 187 | source "subsys/logging/Kconfig.template.log_config" |
| 188 | endif |
| 189 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 190 | menuconfig MCUBOOT_SERIAL |
| 191 | bool "MCUboot serial recovery" |
| 192 | default n |
| 193 | select REBOOT |
Emanuele Di Santo | 30a9265 | 2019-01-16 14:01:08 +0100 | [diff] [blame] | 194 | select GPIO |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 195 | select SERIAL |
Emanuele Di Santo | 30a9265 | 2019-01-16 14:01:08 +0100 | [diff] [blame] | 196 | select UART_INTERRUPT_DRIVEN |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 197 | select BASE64 |
| 198 | select TINYCBOR |
| 199 | help |
| 200 | If y, enables a serial-port based update mode. This allows |
| 201 | MCUboot itself to load update images into flash over a UART. |
| 202 | If unsure, leave at the default value. |
| 203 | |
| 204 | if MCUBOOT_SERIAL |
| 205 | |
Emanuele Di Santo | c4bf780 | 2018-07-20 11:39:57 +0200 | [diff] [blame] | 206 | choice |
| 207 | prompt "Serial device" |
| 208 | default BOOT_SERIAL_UART if !BOARD_NRF52840_PCA10059 |
| 209 | default BOOT_SERIAL_CDC_ACM if BOARD_NRF52840_PCA10059 |
| 210 | |
| 211 | config BOOT_SERIAL_UART |
| 212 | bool "UART" |
| 213 | # SERIAL and UART_INTERRUPT_DRIVEN already selected |
| 214 | |
| 215 | config BOOT_SERIAL_CDC_ACM |
| 216 | bool "CDC ACM" |
| 217 | select USB |
| 218 | select USB_DEVICE_STACK |
| 219 | select USB_CDC_ACM |
| 220 | |
| 221 | endchoice |
| 222 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 223 | config BOOT_MAX_LINE_INPUT_LEN |
| 224 | int "Maximum command line length" |
| 225 | default 512 |
| 226 | help |
| 227 | Maximum length of commands transported over the serial port. |
| 228 | |
| 229 | config BOOT_SERIAL_DETECT_PORT |
| 230 | string "GPIO device to trigger serial recovery mode" |
| 231 | default GPIO_0 if SOC_FAMILY_NRF |
| 232 | help |
| 233 | Zephyr GPIO device which contains the pin used to trigger |
| 234 | serial recovery mode. |
| 235 | |
| 236 | config BOOT_SERIAL_DETECT_PIN |
| 237 | int "Pin to trigger serial recovery mode" |
| 238 | default 11 if BOARD_NRF52840_PCA10056 |
| 239 | default 13 if BOARD_NRF52_PCA10040 |
| 240 | help |
| 241 | Pin on the serial detect port which triggers serial recovery mode. |
| 242 | |
| 243 | config BOOT_SERIAL_DETECT_PIN_VAL |
| 244 | int "Serial detect pin trigger value" |
| 245 | default 0 |
| 246 | range 0 1 |
| 247 | help |
| 248 | Logic value of the detect pin which triggers serial recovery |
| 249 | mode. |
| 250 | |
| 251 | endif # MCUBOOT_SERIAL |
Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 252 | |
Andrzej Puzdrowski | 9754328 | 2018-04-12 15:16:56 +0200 | [diff] [blame] | 253 | endmenu |
| 254 | |
Carles Cufi | 84ede58 | 2018-01-29 15:12:00 +0100 | [diff] [blame] | 255 | config MCUBOOT_DEVICE_SETTINGS |
| 256 | # Hidden selector for device-specific settings |
| 257 | bool |
| 258 | default y |
| 259 | # CPU options |
| 260 | select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 |
Carles Cufi | 67c792e | 2018-01-29 15:14:31 +0100 | [diff] [blame] | 261 | # Enable flash page layout if available |
| 262 | select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT |
Andrzej Puzdrowski | b788c71 | 2018-04-12 12:42:49 +0200 | [diff] [blame] | 263 | # Enable flash_map module as flash I/O back-end |
| 264 | select FLASH_MAP |
Carles Cufi | 84ede58 | 2018-01-29 15:12:00 +0100 | [diff] [blame] | 265 | |
| 266 | config MCUBOOT_DEVICE_CPU_CORTEX_M0 |
| 267 | # Hidden selector for Cortex-M0 settings |
| 268 | bool |
| 269 | default n |
| 270 | select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP |
| 271 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 272 | comment "Zephyr configuration options" |
Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 273 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 274 | config ZEPHYR_BASE |
Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 275 | string |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 276 | option env="ZEPHYR_BASE" |
Andrzej Puzdrowski | 64ad092 | 2017-09-22 11:33:41 +0200 | [diff] [blame] | 277 | |
Marti Bolivar | 0e091c9 | 2018-04-12 11:23:16 -0400 | [diff] [blame] | 278 | source "$ZEPHYR_BASE/Kconfig.zephyr" |