blob: 3b5f91fdcb71846634f4c0e843f3a7258582ebaa [file] [log] [blame]
David Vincze03368b82020-04-01 12:53:53 +02001# Copyright (c) 2017-2020 Linaro Limited
David Vinczec3084132020-02-18 14:50:47 +01002# Copyright (c) 2020 Arm Limited
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +02003#
4# SPDX-License-Identifier: Apache-2.0
5#
6
Marti Bolivar0e091c92018-04-12 11:23:16 -04007mainmenu "MCUboot configuration"
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +02008
Marti Bolivar0e091c92018-04-12 11:23:16 -04009comment "MCUboot-specific configuration options"
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +020010
Emanuele Di Santo865777d2018-11-08 11:28:15 +010011# Hidden option to mark a project as MCUboot
12config MCUBOOT
13 default y
14 bool
Rajavardhan Gundi07ba28f2018-12-10 15:44:48 +053015 select MPU_ALLOW_FLASH_WRITE if ARM_MPU
Marcin Niestrojc6be76a2020-03-22 14:39:35 +010016 select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET
Emanuele Di Santo865777d2018-11-08 11:28:15 +010017
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040018config BOOT_USE_MBEDTLS
19 bool
20 # Hidden option
21 default n
22 help
23 Use mbedTLS for crypto primitives.
24
25config BOOT_USE_TINYCRYPT
26 bool
27 # Hidden option
28 default n
Sebastian Bøe913a3852019-01-22 13:53:12 +010029 # When building for ECDSA, we use our own copy of mbedTLS, so the
30 # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
31 # will collide.
32 depends on ! MBEDTLS
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040033 help
34 Use TinyCrypt for crypto primitives.
35
Sigvart Hovlandebd05032019-03-21 10:47:32 +010036config BOOT_USE_CC310
37 bool
38 # Hidden option
39 default n
40 # When building for ECDSA, we use our own copy of mbedTLS, so the
41 # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
42 # will collide.
43 depends on ! MBEDTLS
44 help
45 Use cc310 for crypto primitives.
46
47config BOOT_USE_NRF_CC310_BL
48 bool
49 default n
50
51config NRFXLIB_CRYPTO
52 bool
53 default n
54
55config NRF_CC310_BL
56 bool
57 default n
58
Andrzej Puzdrowski97543282018-04-12 15:16:56 +020059menu "MCUBoot settings"
60
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040061choice
62 prompt "Signature type"
63 default BOOT_SIGNATURE_TYPE_RSA
64
Arvin Farahmandfb5ec182020-05-05 11:44:12 -040065config BOOT_SIGNATURE_TYPE_NONE
66 bool "No signature; use only hash check"
67 select BOOT_USE_TINYCRYPT
68
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040069config BOOT_SIGNATURE_TYPE_RSA
70 bool "RSA signatures"
71 select BOOT_USE_MBEDTLS
Marti Bolivara4818a52018-04-12 13:02:38 -040072 select MBEDTLS
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040073
Fabio Utzig105b59a2019-05-13 15:08:12 -070074if BOOT_SIGNATURE_TYPE_RSA
75config BOOT_SIGNATURE_TYPE_RSA_LEN
76 int "RSA signature length"
77 range 2048 3072
78 default 2048
79endif
80
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040081config BOOT_SIGNATURE_TYPE_ECDSA_P256
82 bool "Elliptic curve digital signatures with curve P-256"
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040083
Sigvart Hovlandebd05032019-03-21 10:47:32 +010084if BOOT_SIGNATURE_TYPE_ECDSA_P256
85choice
86 prompt "Ecdsa implementation"
Fabio Utzig34e93a52020-02-03 09:59:53 -030087 default BOOT_ECDSA_TINYCRYPT
88config BOOT_ECDSA_TINYCRYPT
Sigvart Hovlandebd05032019-03-21 10:47:32 +010089 bool "Use tinycrypt"
90 select BOOT_USE_TINYCRYPT
91config BOOT_CC310
92 bool "Use CC310"
93 select BOOT_USE_NRF_CC310_BL if HAS_HW_NRF_CC310
94 select NRF_CC310_BL if HAS_HW_NRF_CC310
95 select NRFXLIB_CRYPTO if SOC_FAMILY_NRF
96 select BOOT_USE_CC310
97endchoice
98endif
Fabio Utzig34e93a52020-02-03 09:59:53 -030099
100config BOOT_SIGNATURE_TYPE_ED25519
101 bool "Edwards curve digital signatures using ed25519"
102
103if BOOT_SIGNATURE_TYPE_ED25519
104choice
105 prompt "Ecdsa implementation"
106 default BOOT_ED25519_TINYCRYPT
107config BOOT_ED25519_TINYCRYPT
108 bool "Use tinycrypt"
109 select BOOT_USE_TINYCRYPT
110config BOOT_ED25519_MBEDTLS
111 bool "Use mbedTLS"
112 select BOOT_USE_MBEDTLS
113 select MBEDTLS
114endchoice
115endif
116
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400117endchoice
118
Fabio Utzigc690c762018-04-26 10:51:09 -0300119config BOOT_SIGNATURE_KEY_FILE
120 string "PEM key file"
121 default ""
122 help
123 The key file will be parsed by imgtool's getpub command and a .c source
124 with the public key information will be written in a format expected by
125 MCUboot.
126
Andrzej Puzdrowski9a605b62020-03-16 13:34:30 +0100127config MCUBOOT_CLEANUP_ARM_CORE
128 bool "Perform core cleanup before chain-load the application"
129 depends on CPU_CORTEX_M
130 default y
131
Marti Bolivara4818a52018-04-12 13:02:38 -0400132config MBEDTLS_CFG_FILE
133 default "mcuboot-mbedtls-cfg.h"
134
David Vincze03368b82020-04-01 12:53:53 +0200135config BOOT_HW_KEY
136 bool "Use HW key for image verification"
137 default n
138 help
139 Use HW key for image verification, otherwise the public key is embedded
140 in MCUBoot. If enabled the public key is appended to the signed image
141 and requires the hash of the public key to be provisioned to the device
142 beforehand.
143
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400144config BOOT_VALIDATE_SLOT0
David Vincze2d736ad2019-02-18 11:50:22 +0100145 bool "Validate image in the primary slot on every boot"
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400146 default y
147 help
David Vincze2d736ad2019-02-18 11:50:22 +0100148 If y, the bootloader attempts to validate the signature of the
149 primary slot every boot. This adds the signature check time to
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400150 every boot, but can mitigate against some changes that are
151 able to modify the flash image itself.
152
153config BOOT_UPGRADE_ONLY
154 bool "Overwrite image updates instead of swapping"
155 default n
156 help
David Vincze2d736ad2019-02-18 11:50:22 +0100157 If y, overwrite the primary slot with the upgrade image instead
158 of swapping them. This prevents the fallback recovery, but
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400159 uses a much simpler code path.
160
Fabio Utzigc58842e2019-11-28 10:30:01 -0300161config BOOT_SWAP_USING_MOVE
Fabio Utzigdd2b6802020-01-06 09:10:45 -0300162 bool "Swap mode that can run without a scratch partition"
Håkon Øye Amundsen09be7832020-01-24 14:34:49 +0000163 default y if SOC_FAMILY_NRF
Fabio Utzigc58842e2019-11-28 10:30:01 -0300164 default n
165 help
166 If y, the swap upgrade is done in two steps, where first every
167 sector of the primary slot is moved up one sector, then for
168 each sector X in the secondary slot, it is moved to index X in
169 the primary slot, then the sector at X+1 in the primary is
170 moved to index X in the secondary.
171 This allows a swap upgrade without using a scratch partition,
172 but is currently limited to all sectors in both slots being of
173 the same size.
174
Fabio Utzigd0533ed2018-12-19 07:56:33 -0200175config BOOT_BOOTSTRAP
Sam Bristowd0ca0ff2019-10-30 20:51:35 +1300176 bool "Bootstrap erased the primary slot from the secondary slot"
Fabio Utzigd0533ed2018-12-19 07:56:33 -0200177 default n
178 help
179 If y, enables bootstraping support. Bootstrapping allows an erased
David Vincze2d736ad2019-02-18 11:50:22 +0100180 primary slot to be initialized from a valid image in the secondary slot.
Fabio Utzigd0533ed2018-12-19 07:56:33 -0200181 If unsure, leave at the default value.
182
Fabio Utzigca8ead22019-12-20 07:06:04 -0300183config BOOT_SWAP_SAVE_ENCTLV
184 bool "Save encrypted key TLVs instead of plaintext keys in swap metadata"
185 default n
186 help
187 If y, instead of saving the encrypted image keys in plaintext in the
188 swap resume metadata, save the encrypted image TLVs. This should be used
189 when there is no security mechanism protecting the data in the primary
190 slot from being dumped. If n is selected (default), the keys are written
191 after being decrypted from the image TLVs and could be read by an
192 attacker who has access to the flash contents of the primary slot (eg
193 JTAG/SWD or primary slot in external flash).
194 If unsure, leave at the default value.
195
Fabio Utzig5fe874c2018-08-31 07:41:50 -0300196config BOOT_ENCRYPT_RSA
Fabio Utzig42cc29a2019-11-05 07:54:41 -0300197 bool "Support for encrypted upgrade images using RSA"
Fabio Utzig5fe874c2018-08-31 07:41:50 -0300198 default n
199 help
David Vincze2d736ad2019-02-18 11:50:22 +0100200 If y, images in the secondary slot can be encrypted and are decrypted
201 on the fly when upgrading to the primary slot, as well as encrypted
Fabio Utzig42cc29a2019-11-05 07:54:41 -0300202 back when swapping from the primary slot to the secondary slot. The
203 encryption mechanism used in this case is RSA-OAEP (2048 bits).
204
205config BOOT_ENCRYPT_EC256
206 bool "Support for encrypted upgrade images using ECIES-P256"
207 default n
208 help
209 If y, images in the secondary slot can be encrypted and are decrypted
210 on the fly when upgrading to the primary slot, as well as encrypted
211 back when swapping from the primary slot to the secondary slot. The
212 encryption mechanism used in this case is ECIES using primitives
213 described under "ECIES-P256 encryption" in docs/encrypted_images.md.
Fabio Utzig5fe874c2018-08-31 07:41:50 -0300214
Fabio Utzigb6f014c2020-04-02 13:25:01 -0300215config BOOT_ENCRYPT_X25519
216 bool "Support for encrypted upgrade images using ECIES-X25519"
217 default n
218 help
219 If y, images in the secondary slot can be encrypted and are decrypted
220 on the fly when upgrading to the primary slot, as well as encrypted
221 back when swapping from the primary slot to the secondary slot. The
222 encryption mechanism used in this case is ECIES using primitives
223 described under "ECIES-X25519 encryption" in docs/encrypted_images.md.
224
Marti Bolivar0e091c92018-04-12 11:23:16 -0400225config BOOT_MAX_IMG_SECTORS
226 int "Maximum number of sectors per image slot"
227 default 128
228 help
229 This option controls the maximum number of sectors that each of
230 the two image areas can contain. Smaller values reduce MCUboot's
231 memory usage; larger values allow it to support larger images.
232 If unsure, leave at the default value.
233
Emanuele Di Santo205c8c62018-07-20 11:42:31 +0200234config BOOT_ERASE_PROGRESSIVELY
235 bool "Erase flash progressively when receiving new firmware"
236 default y if SOC_NRF52840
237 help
238 If enabled, flash is erased as necessary when receiving new firmware,
239 instead of erasing the whole image slot at once. This is necessary
240 on some hardware that has long erase times, to prevent long wait
241 times at the beginning of the DFU process.
242
David Vincze1cf11b52020-03-24 07:51:09 +0100243config MEASURED_BOOT
244 bool "Store the boot state/measurements in shared memory"
245 default n
246 help
247 If enabled, the bootloader will store certain boot measurements such as
248 the hash of the firmware image in a shared memory area. This data can
249 be used later by runtime services (e.g. by a device attestation service).
250
251config BOOT_SHARE_DATA
252 bool "Save application specific data in shared memory area"
253 default n
254
Rajavardhan Gundi51c9d702019-02-20 14:08:52 +0530255config BOOT_WAIT_FOR_USB_DFU
256 bool "Wait for a prescribed duration to see if USB DFU is invoked"
257 default n
258 select USB
259 select USB_DFU_CLASS
260 select IMG_MANAGER
261 help
262 If y, MCUboot waits for a prescribed duration of time to allow
263 for USB DFU to be invoked. Please note DFU always updates the
264 slot1 image.
265
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400266config ZEPHYR_TRY_MASS_ERASE
267 bool "Try to mass erase flash when flashing MCUboot image"
268 default y
269 help
270 If y, attempt to configure the Zephyr build system's "flash"
271 target to mass-erase the flash device before flashing the
272 MCUboot image. This ensures the scratch and other partitions
273 are in a consistent state.
274
275 This is not available for all targets.
276
David Brownf6d14c22019-12-10 15:36:36 -0700277config BOOT_USE_BENCH
278 bool "Enable benchmark code"
279 default n
280 help
281 If y, adds support for simple benchmarking that can record
282 time intervals between two calls. The time printed depends
283 on the particular Zephyr target, and is generally ticks of a
284 specific board-specific timer.
285
Michael Scott74ceae52019-02-01 14:01:09 -0800286module = MCUBOOT
Piotr Mienkowski15aa6ef2019-04-08 22:48:15 +0200287module-str = MCUBoot bootloader
Michael Scott74ceae52019-02-01 14:01:09 -0800288source "subsys/logging/Kconfig.template.log_config"
Michael Scott74ceae52019-02-01 14:01:09 -0800289
Andrzej Puzdrowskiaf148532020-02-25 12:51:26 +0100290config MCUBOOT_LOG_THREAD_STACK_SIZE
291 int "Stack size for the MCUBoot log processing thread"
292 depends on LOG && !LOG_IMMEDIATE
293 default 2048 if COVERAGE_GCOV
294 default 1024 if NO_OPTIMIZATIONS
295 default 1024 if XTENSA
296 default 4096 if (X86 && X86_64)
297 default 4096 if ARM64
298 default 768
299 help
300 Set the internal stack size for MCUBoot log processing thread.
301
Marti Bolivar0e091c92018-04-12 11:23:16 -0400302menuconfig MCUBOOT_SERIAL
303 bool "MCUboot serial recovery"
304 default n
305 select REBOOT
Emanuele Di Santo30a92652019-01-16 14:01:08 +0100306 select GPIO
Marti Bolivar0e091c92018-04-12 11:23:16 -0400307 select SERIAL
Emanuele Di Santo30a92652019-01-16 14:01:08 +0100308 select UART_INTERRUPT_DRIVEN
Marti Bolivar0e091c92018-04-12 11:23:16 -0400309 select BASE64
310 select TINYCBOR
311 help
312 If y, enables a serial-port based update mode. This allows
313 MCUboot itself to load update images into flash over a UART.
314 If unsure, leave at the default value.
315
316if MCUBOOT_SERIAL
317
Emanuele Di Santoc4bf7802018-07-20 11:39:57 +0200318choice
319 prompt "Serial device"
Andrzej Puzdrowskif4a9a9d2020-04-24 12:31:51 +0200320 default BOOT_SERIAL_UART if !BOARD_NRF52840DONGLE_NRF52840
321 default BOOT_SERIAL_CDC_ACM if BOARD_NRF52840DONGLE_NRF52840
Emanuele Di Santoc4bf7802018-07-20 11:39:57 +0200322
323config BOOT_SERIAL_UART
324 bool "UART"
325 # SERIAL and UART_INTERRUPT_DRIVEN already selected
326
327config BOOT_SERIAL_CDC_ACM
328 bool "CDC ACM"
329 select USB
330 select USB_DEVICE_STACK
331 select USB_CDC_ACM
332
333endchoice
334
Marti Bolivar0e091c92018-04-12 11:23:16 -0400335config BOOT_MAX_LINE_INPUT_LEN
336 int "Maximum command line length"
337 default 512
338 help
339 Maximum length of commands transported over the serial port.
340
341config BOOT_SERIAL_DETECT_PORT
342 string "GPIO device to trigger serial recovery mode"
343 default GPIO_0 if SOC_FAMILY_NRF
344 help
345 Zephyr GPIO device which contains the pin used to trigger
346 serial recovery mode.
347
348config BOOT_SERIAL_DETECT_PIN
349 int "Pin to trigger serial recovery mode"
Andrzej Puzdrowskif4a9a9d2020-04-24 12:31:51 +0200350 default 6 if BOARD_NRF9160DK_NRF9160
Andrzej Puzdrowskifefdea22020-03-27 09:41:14 +0100351 default 11 if BOARD_NRF52840DK_NRF52840
Andrzej Puzdrowskif4a9a9d2020-04-24 12:31:51 +0200352 default 13 if BOARD_NRF52DK_NRF52832
Håkon Øye Amundsen6fc25952020-01-02 15:15:42 +0000353 default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPPNS
Marti Bolivar0e091c92018-04-12 11:23:16 -0400354 help
355 Pin on the serial detect port which triggers serial recovery mode.
356
357config BOOT_SERIAL_DETECT_PIN_VAL
358 int "Serial detect pin trigger value"
359 default 0
360 range 0 1
361 help
362 Logic value of the detect pin which triggers serial recovery
363 mode.
364
Andrzej Puzdrowskif0004802019-10-01 14:13:35 +0200365# Workaround for not being able to have commas in macro arguments
366DT_CHOSEN_Z_CONSOLE := zephyr,console
367
368config RECOVERY_UART_DEV_NAME
369 string "UART Device Name for Recovery UART"
370 default "$(dt_chosen_label,$(DT_CHOSEN_Z_CONSOLE))" if HAS_DTS
371 default "UART_0"
372 depends on BOOT_SERIAL_UART
373 help
374 This option specifies the name of UART device to be used for
375 serial recovery.
376
Marti Bolivar0e091c92018-04-12 11:23:16 -0400377endif # MCUBOOT_SERIAL
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +0200378
Andrzej Puzdrowski97543282018-04-12 15:16:56 +0200379endmenu
380
Carles Cufi84ede582018-01-29 15:12:00 +0100381config MCUBOOT_DEVICE_SETTINGS
382 # Hidden selector for device-specific settings
383 bool
384 default y
385 # CPU options
386 select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0
Carles Cufi67c792e2018-01-29 15:14:31 +0100387 # Enable flash page layout if available
388 select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT
Andrzej Puzdrowskib788c712018-04-12 12:42:49 +0200389 # Enable flash_map module as flash I/O back-end
390 select FLASH_MAP
Carles Cufi84ede582018-01-29 15:12:00 +0100391
392config MCUBOOT_DEVICE_CPU_CORTEX_M0
393 # Hidden selector for Cortex-M0 settings
394 bool
395 default n
396 select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP
397
Marti Bolivar0e091c92018-04-12 11:23:16 -0400398comment "Zephyr configuration options"
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +0200399
Marti Bolivarf84cc4b2019-08-20 16:06:56 -0700400# Disabling MULTITHREADING provides a code size advantage, but
401# it requires peripheral drivers (particularly a flash driver)
402# that works properly with the option enabled.
403#
404# If you know for sure that your hardware will work, you can default
405# it to n here. Otherwise, having it on by default makes the most
406# hardware work.
407config MULTITHREADING
Andrzej Puzdrowski9a4946c2020-02-20 12:39:12 +0100408 default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING
Marti Bolivarf84cc4b2019-08-20 16:06:56 -0700409 default n if SOC_FAMILY_NRF
410 default y
411
Andrzej Puzdrowski9a4946c2020-02-20 12:39:12 +0100412config LOG_IMMEDIATE
413 default n if MULTITHREADING
Andrzej Puzdrowski3f092bd2020-02-17 13:25:32 +0100414 default y
415
416config LOG_PROCESS_THREAD
417 default n # mcuboot has its own log processing thread
418
419# override USB device name
420config USB_DEVICE_PRODUCT
421 default "MCUBOOT"
Andrzej Puzdrowski9a4946c2020-02-20 12:39:12 +0100422
Håkon Øye Amundsen954dd2b2019-09-23 09:24:13 +0000423config UPDATEABLE_IMAGE_NUMBER
424 int "Number of updateable images"
425 default 1
426 help
427 Enables support of multi image update.
428
David Vinczec3084132020-02-18 14:50:47 +0100429choice
430 prompt "Downgrade prevention"
431 optional
432
Håkon Øye Amundsen2d1bac12020-01-03 13:08:09 +0000433config MCUBOOT_DOWNGRADE_PREVENTION
David Vinczec3084132020-02-18 14:50:47 +0100434 bool "SW based downgrade prevention"
Håkon Øye Amundsen2d1bac12020-01-03 13:08:09 +0000435 depends on BOOT_UPGRADE_ONLY
436 help
437 Prevent downgrades by enforcing incrementing version numbers.
438 When this option is set, any upgrade must have greater major version
439 or greater minor version with equal major version. This mechanism
440 only protects against some attacks against version downgrades (for
441 example, a JTAG could be used to write an older version).
442
David Vinczec3084132020-02-18 14:50:47 +0100443config MCUBOOT_HW_DOWNGRADE_PREVENTION
444 bool "HW based downgrade prevention"
445 help
446 Prevent undesirable/malicious software downgrades. When this option is
447 set, any upgrade must have greater or equal security counter value.
448 Because of the acceptance of equal values it allows for software
449 downgrade to some extent.
450
451endchoice
452
Robert Lubos1b19d2a2020-01-31 14:05:35 +0100453source "Kconfig.zephyr"