blob: 932110debfd960008ec7a1dc137a830d381cea06 [file] [log] [blame]
David Vincze03368b82020-04-01 12:53:53 +02001# Copyright (c) 2017-2020 Linaro Limited
David Vinczec3084132020-02-18 14:50:47 +01002# Copyright (c) 2020 Arm Limited
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +02003#
4# SPDX-License-Identifier: Apache-2.0
5#
6
Marti Bolivar0e091c92018-04-12 11:23:16 -04007mainmenu "MCUboot configuration"
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +02008
Marti Bolivar0e091c92018-04-12 11:23:16 -04009comment "MCUboot-specific configuration options"
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +020010
Emanuele Di Santo865777d2018-11-08 11:28:15 +010011# Hidden option to mark a project as MCUboot
12config MCUBOOT
13 default y
14 bool
Rajavardhan Gundi07ba28f2018-12-10 15:44:48 +053015 select MPU_ALLOW_FLASH_WRITE if ARM_MPU
Marcin Niestrojc6be76a2020-03-22 14:39:35 +010016 select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET
Andrzej Puzdrowskif573b392020-11-10 14:35:15 +010017 select MCUBOOT_BOOTUTIL_LIB
Emanuele Di Santo865777d2018-11-08 11:28:15 +010018
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040019config BOOT_USE_MBEDTLS
20 bool
21 # Hidden option
22 default n
23 help
24 Use mbedTLS for crypto primitives.
25
26config BOOT_USE_TINYCRYPT
27 bool
28 # Hidden option
29 default n
Sebastian Bøe913a3852019-01-22 13:53:12 +010030 # When building for ECDSA, we use our own copy of mbedTLS, so the
31 # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
32 # will collide.
33 depends on ! MBEDTLS
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040034 help
35 Use TinyCrypt for crypto primitives.
36
Sigvart Hovlandebd05032019-03-21 10:47:32 +010037config BOOT_USE_CC310
38 bool
39 # Hidden option
40 default n
41 # When building for ECDSA, we use our own copy of mbedTLS, so the
42 # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
43 # will collide.
44 depends on ! MBEDTLS
45 help
46 Use cc310 for crypto primitives.
47
48config BOOT_USE_NRF_CC310_BL
49 bool
50 default n
51
52config NRFXLIB_CRYPTO
53 bool
54 default n
55
56config NRF_CC310_BL
57 bool
58 default n
59
Andrzej Puzdrowski97543282018-04-12 15:16:56 +020060menu "MCUBoot settings"
61
Andrzej Puzdrowskifdff3e12020-09-15 08:23:25 +020062config SINGLE_APPLICATION_SLOT
63 bool "Single slot bootloader"
Dominik Ermel4dc3f442020-05-26 08:45:14 +000064 default n
65 help
66 Single image area is used for application which means that
67 uploading a new application overwrites the one that previously
68 occupied the area.
69
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040070choice
71 prompt "Signature type"
72 default BOOT_SIGNATURE_TYPE_RSA
73
Arvin Farahmandfb5ec182020-05-05 11:44:12 -040074config BOOT_SIGNATURE_TYPE_NONE
75 bool "No signature; use only hash check"
76 select BOOT_USE_TINYCRYPT
77
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040078config BOOT_SIGNATURE_TYPE_RSA
79 bool "RSA signatures"
80 select BOOT_USE_MBEDTLS
Marti Bolivara4818a52018-04-12 13:02:38 -040081 select MBEDTLS
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040082
Fabio Utzig105b59a2019-05-13 15:08:12 -070083if BOOT_SIGNATURE_TYPE_RSA
84config BOOT_SIGNATURE_TYPE_RSA_LEN
85 int "RSA signature length"
86 range 2048 3072
87 default 2048
88endif
89
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040090config BOOT_SIGNATURE_TYPE_ECDSA_P256
91 bool "Elliptic curve digital signatures with curve P-256"
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -040092
Sigvart Hovlandebd05032019-03-21 10:47:32 +010093if BOOT_SIGNATURE_TYPE_ECDSA_P256
94choice
95 prompt "Ecdsa implementation"
Fabio Utzig34e93a52020-02-03 09:59:53 -030096 default BOOT_ECDSA_TINYCRYPT
Håkon Øye Amundsenee7282d2020-09-28 09:48:29 +000097
Fabio Utzig34e93a52020-02-03 09:59:53 -030098config BOOT_ECDSA_TINYCRYPT
Sigvart Hovlandebd05032019-03-21 10:47:32 +010099 bool "Use tinycrypt"
100 select BOOT_USE_TINYCRYPT
Håkon Øye Amundsenee7282d2020-09-28 09:48:29 +0000101
102config BOOT_ECDSA_CC310
Sigvart Hovlandebd05032019-03-21 10:47:32 +0100103 bool "Use CC310"
Håkon Øye Amundsenee7282d2020-09-28 09:48:29 +0000104 depends on HAS_HW_NRF_CC310
105 select BOOT_USE_NRF_CC310_BL
106 select NRF_CC310_BL
107 select NRFXLIB_CRYPTO
Sigvart Hovlandebd05032019-03-21 10:47:32 +0100108 select BOOT_USE_CC310
Håkon Øye Amundsenee7282d2020-09-28 09:48:29 +0000109endchoice # Ecdsa implementation
Sigvart Hovlandebd05032019-03-21 10:47:32 +0100110endif
Fabio Utzig34e93a52020-02-03 09:59:53 -0300111
112config BOOT_SIGNATURE_TYPE_ED25519
113 bool "Edwards curve digital signatures using ed25519"
114
115if BOOT_SIGNATURE_TYPE_ED25519
116choice
117 prompt "Ecdsa implementation"
118 default BOOT_ED25519_TINYCRYPT
119config BOOT_ED25519_TINYCRYPT
120 bool "Use tinycrypt"
121 select BOOT_USE_TINYCRYPT
122config BOOT_ED25519_MBEDTLS
123 bool "Use mbedTLS"
124 select BOOT_USE_MBEDTLS
125 select MBEDTLS
126endchoice
127endif
128
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400129endchoice
130
Fabio Utzigc690c762018-04-26 10:51:09 -0300131config BOOT_SIGNATURE_KEY_FILE
132 string "PEM key file"
Håkon Øye Amundsen705c6c22020-09-28 09:45:40 +0000133 default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
134 default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519
135 default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072
136 default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048
Fabio Utzigc690c762018-04-26 10:51:09 -0300137 default ""
138 help
Marek Pietabdcfc852020-08-04 02:22:55 -0700139 You can use either absolute or relative path.
140 In case relative path is used, the build system assumes that it starts
141 from the directory where the MCUBoot KConfig configuration file is
142 located. If the key file is not there, the build system uses relative
143 path that starts from the MCUBoot repository root directory.
Fabio Utzigc690c762018-04-26 10:51:09 -0300144 The key file will be parsed by imgtool's getpub command and a .c source
145 with the public key information will be written in a format expected by
146 MCUboot.
147
Andrzej Puzdrowski9a605b62020-03-16 13:34:30 +0100148config MCUBOOT_CLEANUP_ARM_CORE
149 bool "Perform core cleanup before chain-load the application"
150 depends on CPU_CORTEX_M
Ioannis Glaropoulos518d93a2020-10-22 14:22:14 +0200151 default y if !ARCH_SUPPORTS_ARCH_HW_INIT
152 help
153 This option instructs MCUboot to perform a clean-up of a set of
154 architecture core HW registers before junping to the application
155 firmware. The clean-up sets these registers to their warm-reset
156 values as specified by the architecture.
157
158 By default, this option is enabled only if the architecture does
159 not have the functionality to perform such a register clean-up
160 during application firmware boot.
161
162 Zephyr applications on Cortex-M will perform this register clean-up
163 by default, if they are chain-loadable by MCUboot, so MCUboot does
164 not need to perform such a cleanup itself.
Andrzej Puzdrowski9a605b62020-03-16 13:34:30 +0100165
Marti Bolivara4818a52018-04-12 13:02:38 -0400166config MBEDTLS_CFG_FILE
167 default "mcuboot-mbedtls-cfg.h"
168
David Vincze03368b82020-04-01 12:53:53 +0200169config BOOT_HW_KEY
170 bool "Use HW key for image verification"
171 default n
172 help
173 Use HW key for image verification, otherwise the public key is embedded
174 in MCUBoot. If enabled the public key is appended to the signed image
175 and requires the hash of the public key to be provisioned to the device
176 beforehand.
177
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400178config BOOT_VALIDATE_SLOT0
David Vincze2d736ad2019-02-18 11:50:22 +0100179 bool "Validate image in the primary slot on every boot"
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400180 default y
181 help
David Vincze2d736ad2019-02-18 11:50:22 +0100182 If y, the bootloader attempts to validate the signature of the
183 primary slot every boot. This adds the signature check time to
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400184 every boot, but can mitigate against some changes that are
185 able to modify the flash image itself.
186
Andrzej Puzdrowskifdff3e12020-09-15 08:23:25 +0200187if !SINGLE_APPLICATION_SLOT
David Vincze5a6e1812020-06-29 13:34:42 +0200188choice
189 prompt "Image upgrade modes"
190 default BOOT_SWAP_USING_MOVE if SOC_FAMILY_NRF
191 default BOOT_SWAP_USING_SCRATCH
192
193config BOOT_SWAP_USING_SCRATCH
194 bool "Swap mode that run with the scratch partition"
195 help
196 This is the most conservative swap mode but it can work even on
197 devices with heterogeneous flash page layout.
198
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400199config BOOT_UPGRADE_ONLY
200 bool "Overwrite image updates instead of swapping"
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400201 help
David Vincze2d736ad2019-02-18 11:50:22 +0100202 If y, overwrite the primary slot with the upgrade image instead
203 of swapping them. This prevents the fallback recovery, but
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400204 uses a much simpler code path.
205
Fabio Utzigc58842e2019-11-28 10:30:01 -0300206config BOOT_SWAP_USING_MOVE
Fabio Utzigdd2b6802020-01-06 09:10:45 -0300207 bool "Swap mode that can run without a scratch partition"
Fabio Utzigc58842e2019-11-28 10:30:01 -0300208 help
209 If y, the swap upgrade is done in two steps, where first every
210 sector of the primary slot is moved up one sector, then for
211 each sector X in the secondary slot, it is moved to index X in
212 the primary slot, then the sector at X+1 in the primary is
213 moved to index X in the secondary.
214 This allows a swap upgrade without using a scratch partition,
215 but is currently limited to all sectors in both slots being of
216 the same size.
David Vincze5a6e1812020-06-29 13:34:42 +0200217
218config BOOT_DIRECT_XIP
219 bool "Run the latest image directly from its slot"
220 help
221 If y, mcuboot selects the newest valid image based on the image version
222 numbers, thereafter the selected image can run directly from its slot
223 without having to move/copy it into the primary slot. For this reason the
224 images must be linked to be executed from the given image slot. Using this
225 mode results in a simpler code path and smaller code size.
226
227endchoice
Fabio Utzigc58842e2019-11-28 10:30:01 -0300228
David Vincze505fba22020-10-22 13:53:29 +0200229config BOOT_DIRECT_XIP_REVERT
230 bool "Enable the revert mechanism in direct-xip mode"
Andrzej Puzdrowski32342e72020-11-18 17:04:44 +0100231 depends on BOOT_DIRECT_XIP
David Vincze505fba22020-10-22 13:53:29 +0200232 default n
233 help
234 If y, enables the revert mechanism in direct-xip similar to the one in
235 swap mode. It requires the trailer magic to be added to the signed image.
236 When a reboot happens without the image being confirmed at runtime, the
237 bootloader considers the image faulty and erases it. After this it will
238 attempt to boot the previous image. The images can also be made permanent
239 (marked as confirmed in advance) just like in swap mode.
240
Fabio Utzigd0533ed2018-12-19 07:56:33 -0200241config BOOT_BOOTSTRAP
Sam Bristowd0ca0ff2019-10-30 20:51:35 +1300242 bool "Bootstrap erased the primary slot from the secondary slot"
Fabio Utzigd0533ed2018-12-19 07:56:33 -0200243 default n
244 help
245 If y, enables bootstraping support. Bootstrapping allows an erased
David Vincze2d736ad2019-02-18 11:50:22 +0100246 primary slot to be initialized from a valid image in the secondary slot.
Fabio Utzigd0533ed2018-12-19 07:56:33 -0200247 If unsure, leave at the default value.
248
Fabio Utzigca8ead22019-12-20 07:06:04 -0300249config BOOT_SWAP_SAVE_ENCTLV
250 bool "Save encrypted key TLVs instead of plaintext keys in swap metadata"
251 default n
252 help
253 If y, instead of saving the encrypted image keys in plaintext in the
254 swap resume metadata, save the encrypted image TLVs. This should be used
255 when there is no security mechanism protecting the data in the primary
256 slot from being dumped. If n is selected (default), the keys are written
257 after being decrypted from the image TLVs and could be read by an
258 attacker who has access to the flash contents of the primary slot (eg
259 JTAG/SWD or primary slot in external flash).
260 If unsure, leave at the default value.
261
Fabio Utzig5fe874c2018-08-31 07:41:50 -0300262config BOOT_ENCRYPT_RSA
Fabio Utzig42cc29a2019-11-05 07:54:41 -0300263 bool "Support for encrypted upgrade images using RSA"
Fabio Utzig5fe874c2018-08-31 07:41:50 -0300264 default n
265 help
David Vincze2d736ad2019-02-18 11:50:22 +0100266 If y, images in the secondary slot can be encrypted and are decrypted
267 on the fly when upgrading to the primary slot, as well as encrypted
Fabio Utzig42cc29a2019-11-05 07:54:41 -0300268 back when swapping from the primary slot to the secondary slot. The
269 encryption mechanism used in this case is RSA-OAEP (2048 bits).
270
271config BOOT_ENCRYPT_EC256
272 bool "Support for encrypted upgrade images using ECIES-P256"
273 default n
274 help
275 If y, images in the secondary slot can be encrypted and are decrypted
276 on the fly when upgrading to the primary slot, as well as encrypted
277 back when swapping from the primary slot to the secondary slot. The
278 encryption mechanism used in this case is ECIES using primitives
279 described under "ECIES-P256 encryption" in docs/encrypted_images.md.
Fabio Utzig5fe874c2018-08-31 07:41:50 -0300280
Fabio Utzigb6f014c2020-04-02 13:25:01 -0300281config BOOT_ENCRYPT_X25519
282 bool "Support for encrypted upgrade images using ECIES-X25519"
283 default n
284 help
285 If y, images in the secondary slot can be encrypted and are decrypted
286 on the fly when upgrading to the primary slot, as well as encrypted
287 back when swapping from the primary slot to the secondary slot. The
288 encryption mechanism used in this case is ECIES using primitives
289 described under "ECIES-X25519 encryption" in docs/encrypted_images.md.
David Vincze505fba22020-10-22 13:53:29 +0200290endif # !SINGLE_APPLICATION_SLOT
Fabio Utzigb6f014c2020-04-02 13:25:01 -0300291
Marti Bolivar0e091c92018-04-12 11:23:16 -0400292config BOOT_MAX_IMG_SECTORS
293 int "Maximum number of sectors per image slot"
294 default 128
295 help
296 This option controls the maximum number of sectors that each of
297 the two image areas can contain. Smaller values reduce MCUboot's
298 memory usage; larger values allow it to support larger images.
299 If unsure, leave at the default value.
300
Emanuele Di Santo205c8c62018-07-20 11:42:31 +0200301config BOOT_ERASE_PROGRESSIVELY
302 bool "Erase flash progressively when receiving new firmware"
Bernt Johan Damsloraa2fad122019-09-20 18:25:34 +0200303 default y if SOC_FAMILY_NRF
Emanuele Di Santo205c8c62018-07-20 11:42:31 +0200304 help
305 If enabled, flash is erased as necessary when receiving new firmware,
306 instead of erasing the whole image slot at once. This is necessary
307 on some hardware that has long erase times, to prevent long wait
308 times at the beginning of the DFU process.
309
David Vincze1cf11b52020-03-24 07:51:09 +0100310config MEASURED_BOOT
311 bool "Store the boot state/measurements in shared memory"
312 default n
313 help
314 If enabled, the bootloader will store certain boot measurements such as
315 the hash of the firmware image in a shared memory area. This data can
316 be used later by runtime services (e.g. by a device attestation service).
317
318config BOOT_SHARE_DATA
319 bool "Save application specific data in shared memory area"
320 default n
321
Tamas Banfce87332020-07-10 12:40:11 +0100322choice
323 prompt "Fault injection hardening profile"
324 default BOOT_FIH_PROFILE_OFF
325
326config BOOT_FIH_PROFILE_OFF
327 bool "No hardening against hardware level fault injection"
328 help
329 No hardening in SW against hardware level fault injection: power or
330 clock glitching, etc.
331
332config BOOT_FIH_PROFILE_LOW
333 bool "Moderate level hardening against hardware level fault injection"
334 help
335 Moderate level hardening: Long global fail loop to avoid break out,
336 control flow integrity check to discover discrepancy in expected code
337 flow.
338
339config BOOT_FIH_PROFILE_MEDIUM
340 bool "Medium level hardening against hardware level fault injection"
341 help
342 Medium level hardening: Long global fail loop to avoid break out,
343 control flow integrity check to discover discrepancy in expected code
344 flow, double variables to discover register or memory corruption.
345
346config BOOT_FIH_PROFILE_HIGH
347 bool "Maximum level hardening against hardware level fault injection"
348 select MBEDTLS
349 help
350 Maximum level hardening: Long global fail loop to avoid break out,
351 control flow integrity check to discover discrepancy in expected code
352 flow, double variables to discover register or memory corruption, random
353 delays to make code execution less predictable. Random delays requires an
354 entropy source.
355
356endchoice
357
Josh Gao837cf882020-11-13 18:51:27 -0800358choice BOOT_USB_DFU
359 prompt "USB DFU"
360 default BOOT_USB_DFU_NO
361
362config BOOT_USB_DFU_NO
363 prompt "Disabled"
364
365config BOOT_USB_DFU_WAIT
Rajavardhan Gundi51c9d702019-02-20 14:08:52 +0530366 bool "Wait for a prescribed duration to see if USB DFU is invoked"
Rajavardhan Gundi51c9d702019-02-20 14:08:52 +0530367 select USB
368 select USB_DFU_CLASS
369 select IMG_MANAGER
370 help
371 If y, MCUboot waits for a prescribed duration of time to allow
372 for USB DFU to be invoked. Please note DFU always updates the
373 slot1 image.
374
Josh Gao837cf882020-11-13 18:51:27 -0800375config BOOT_USB_DFU_GPIO
376 bool "Use GPIO to detect whether to trigger DFU mode"
377 select USB
378 select USB_DFU_CLASS
379 select IMG_MANAGER
380 help
381 If y, MCUboot uses GPIO to detect whether to invoke USB DFU.
382
383endchoice
384
385config BOOT_USB_DFU_WAIT_DELAY_MS
386 int "USB DFU wait duration"
387 depends on BOOT_USB_DFU_WAIT
388 default 12000
389 help
390 Milliseconds to wait for USB DFU to be invoked.
391
392if BOOT_USB_DFU_GPIO
393
394config BOOT_USB_DFU_DETECT_PORT
395 string "GPIO device to trigger USB DFU mode"
396 default GPIO_0 if SOC_FAMILY_NRF
397 help
398 Zephyr GPIO device that contains the pin used to trigger
399 USB DFU.
400
401config BOOT_USB_DFU_DETECT_PIN
402 int "Pin to trigger USB DFU mode"
403 default 6 if BOARD_NRF9160DK_NRF9160
404 default 11 if BOARD_NRF52840DK_NRF52840
405 default 13 if BOARD_NRF52DK_NRF52832
406 default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPPNS
Jamie McCrae10a81122021-05-04 10:52:17 +0100407 default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPPNS
Josh Gao837cf882020-11-13 18:51:27 -0800408 help
409 Pin on the DFU detect port that triggers DFU mode.
410
411config BOOT_USB_DFU_DETECT_PIN_VAL
412 int "USB DFU detect pin trigger value"
413 default 0
414 range 0 1
415 help
416 Logic value of the detect pin that triggers USB DFU mode.
417
418config BOOT_USB_DFU_DETECT_DELAY
419 int "Serial detect pin detection delay time [ms]"
420 default 0
421 help
422 Used to prevent the bootloader from loading on button press.
423 Useful for powering on when using the same button as
424 the one used to place the device in bootloader mode.
425
426endif # BOOT_USB_DFU_GPIO
427
Marti Bolivarbc2fa4e2018-04-12 12:18:32 -0400428config ZEPHYR_TRY_MASS_ERASE
429 bool "Try to mass erase flash when flashing MCUboot image"
430 default y
431 help
432 If y, attempt to configure the Zephyr build system's "flash"
433 target to mass-erase the flash device before flashing the
434 MCUboot image. This ensures the scratch and other partitions
435 are in a consistent state.
436
437 This is not available for all targets.
438
David Brownf6d14c22019-12-10 15:36:36 -0700439config BOOT_USE_BENCH
440 bool "Enable benchmark code"
441 default n
442 help
443 If y, adds support for simple benchmarking that can record
444 time intervals between two calls. The time printed depends
445 on the particular Zephyr target, and is generally ticks of a
446 specific board-specific timer.
447
Michael Scott74ceae52019-02-01 14:01:09 -0800448module = MCUBOOT
Piotr Mienkowski15aa6ef2019-04-08 22:48:15 +0200449module-str = MCUBoot bootloader
Michael Scott74ceae52019-02-01 14:01:09 -0800450source "subsys/logging/Kconfig.template.log_config"
Michael Scott74ceae52019-02-01 14:01:09 -0800451
Andrzej Puzdrowskiaf148532020-02-25 12:51:26 +0100452config MCUBOOT_LOG_THREAD_STACK_SIZE
453 int "Stack size for the MCUBoot log processing thread"
454 depends on LOG && !LOG_IMMEDIATE
455 default 2048 if COVERAGE_GCOV
456 default 1024 if NO_OPTIMIZATIONS
457 default 1024 if XTENSA
458 default 4096 if (X86 && X86_64)
459 default 4096 if ARM64
460 default 768
461 help
462 Set the internal stack size for MCUBoot log processing thread.
463
Marti Bolivar0e091c92018-04-12 11:23:16 -0400464menuconfig MCUBOOT_SERIAL
465 bool "MCUboot serial recovery"
466 default n
467 select REBOOT
Emanuele Di Santo30a92652019-01-16 14:01:08 +0100468 select GPIO
Marti Bolivar0e091c92018-04-12 11:23:16 -0400469 select SERIAL
Emanuele Di Santo30a92652019-01-16 14:01:08 +0100470 select UART_INTERRUPT_DRIVEN
Marti Bolivar0e091c92018-04-12 11:23:16 -0400471 select BASE64
472 select TINYCBOR
473 help
474 If y, enables a serial-port based update mode. This allows
475 MCUboot itself to load update images into flash over a UART.
476 If unsure, leave at the default value.
477
478if MCUBOOT_SERIAL
479
Emanuele Di Santoc4bf7802018-07-20 11:39:57 +0200480choice
481 prompt "Serial device"
Andrzej Puzdrowskif4a9a9d2020-04-24 12:31:51 +0200482 default BOOT_SERIAL_UART if !BOARD_NRF52840DONGLE_NRF52840
483 default BOOT_SERIAL_CDC_ACM if BOARD_NRF52840DONGLE_NRF52840
Emanuele Di Santoc4bf7802018-07-20 11:39:57 +0200484
485config BOOT_SERIAL_UART
486 bool "UART"
487 # SERIAL and UART_INTERRUPT_DRIVEN already selected
488
489config BOOT_SERIAL_CDC_ACM
490 bool "CDC ACM"
491 select USB
492 select USB_DEVICE_STACK
493 select USB_CDC_ACM
494
495endchoice
496
Jared Wolff8e4d7912021-01-21 19:34:05 -0500497config MCUBOOT_INDICATION_LED
498 bool "Turns on LED indication when device is in DFU"
499 default n
500 help
501 Device device activates the LED while in bootloader mode.
502 bootloader-led0 alias must be set in the device's .dts
503 definitions for this to work.
504
Marti Bolivar0e091c92018-04-12 11:23:16 -0400505config BOOT_MAX_LINE_INPUT_LEN
506 int "Maximum command line length"
507 default 512
508 help
509 Maximum length of commands transported over the serial port.
510
511config BOOT_SERIAL_DETECT_PORT
512 string "GPIO device to trigger serial recovery mode"
513 default GPIO_0 if SOC_FAMILY_NRF
514 help
Josh Gao837cf882020-11-13 18:51:27 -0800515 Zephyr GPIO device that contains the pin used to trigger
Marti Bolivar0e091c92018-04-12 11:23:16 -0400516 serial recovery mode.
517
518config BOOT_SERIAL_DETECT_PIN
519 int "Pin to trigger serial recovery mode"
Andrzej Puzdrowskif4a9a9d2020-04-24 12:31:51 +0200520 default 6 if BOARD_NRF9160DK_NRF9160
Andrzej Puzdrowskifefdea22020-03-27 09:41:14 +0100521 default 11 if BOARD_NRF52840DK_NRF52840
Andrzej Puzdrowskif4a9a9d2020-04-24 12:31:51 +0200522 default 13 if BOARD_NRF52DK_NRF52832
Ole Sæther83ec8422020-11-25 13:26:21 +0100523 default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS || \
524 BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS
Marti Bolivar0e091c92018-04-12 11:23:16 -0400525 help
Josh Gao837cf882020-11-13 18:51:27 -0800526 Pin on the serial detect port that triggers serial recovery mode.
Marti Bolivar0e091c92018-04-12 11:23:16 -0400527
528config BOOT_SERIAL_DETECT_PIN_VAL
529 int "Serial detect pin trigger value"
530 default 0
531 range 0 1
532 help
Josh Gao837cf882020-11-13 18:51:27 -0800533 Logic value of the detect pin that triggers serial recovery
Marti Bolivar0e091c92018-04-12 11:23:16 -0400534 mode.
535
Jared Wolff8e4d7912021-01-21 19:34:05 -0500536config BOOT_SERIAL_DETECT_DELAY
Jared Wolffdf8e9742021-02-04 11:17:00 -0500537 int "Serial detect pin detection delay time [ms]"
Jared Wolff8e4d7912021-01-21 19:34:05 -0500538 default 0
539 help
540 Used to prevent the bootloader from loading on button press.
541 Useful for powering on when using the same button as
542 the one used to place the device in bootloader mode.
543
Andrzej Puzdrowskif0004802019-10-01 14:13:35 +0200544# Workaround for not being able to have commas in macro arguments
545DT_CHOSEN_Z_CONSOLE := zephyr,console
546
547config RECOVERY_UART_DEV_NAME
548 string "UART Device Name for Recovery UART"
549 default "$(dt_chosen_label,$(DT_CHOSEN_Z_CONSOLE))" if HAS_DTS
550 default "UART_0"
551 depends on BOOT_SERIAL_UART
552 help
553 This option specifies the name of UART device to be used for
554 serial recovery.
555
Marti Bolivar0e091c92018-04-12 11:23:16 -0400556endif # MCUBOOT_SERIAL
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +0200557
Rafał Kuźniad854bb62020-06-17 15:06:47 +0200558config BOOT_INTR_VEC_RELOC
559 bool "Relocate the interrupt vector to the application"
560 default n
561 depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR
562 help
563 Relocate the interrupt vector to the application before it is started.
564 Select this option if application requires vector relocation,
565 but it doesn't relocate vector in its reset handler.
566
Andrzej Puzdrowski16b6d152020-06-01 14:16:54 +0200567config UPDATEABLE_IMAGE_NUMBER
568 int "Number of updateable images"
569 default 1
Andrzej Puzdrowskifdff3e12020-09-15 08:23:25 +0200570 range 1 1 if SINGLE_APPLICATION_SLOT
Andrzej Puzdrowski16b6d152020-06-01 14:16:54 +0200571 help
572 Enables support of multi image update.
573
574choice
575 prompt "Downgrade prevention"
576 optional
577
578config MCUBOOT_DOWNGRADE_PREVENTION
579 bool "SW based downgrade prevention"
580 depends on BOOT_UPGRADE_ONLY
581 help
582 Prevent downgrades by enforcing incrementing version numbers.
583 When this option is set, any upgrade must have greater major version
584 or greater minor version with equal major version. This mechanism
585 only protects against some attacks against version downgrades (for
586 example, a JTAG could be used to write an older version).
587
588config MCUBOOT_HW_DOWNGRADE_PREVENTION
589 bool "HW based downgrade prevention"
590 help
591 Prevent undesirable/malicious software downgrades. When this option is
592 set, any upgrade must have greater or equal security counter value.
593 Because of the acceptance of equal values it allows for software
594 downgrade to some extent.
595
596endchoice
597
Andrzej Puzdrowskid21442a2020-10-12 16:47:28 +0200598config BOOT_WATCHDOG_FEED
599 bool "Feed the watchdog while doing swap"
600 default y if SOC_FAMILY_NRF
601 imply NRFX_WDT
602 imply NRFX_WDT0
603 imply NRFX_WDT1
604 help
605 Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is
606 used to feed watchdog while doing time consuming operations.
607
Andrzej Puzdrowski97543282018-04-12 15:16:56 +0200608endmenu
609
Carles Cufi84ede582018-01-29 15:12:00 +0100610config MCUBOOT_DEVICE_SETTINGS
611 # Hidden selector for device-specific settings
612 bool
613 default y
614 # CPU options
615 select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0
Carles Cufi67c792e2018-01-29 15:14:31 +0100616 # Enable flash page layout if available
617 select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT
Andrzej Puzdrowskib788c712018-04-12 12:42:49 +0200618 # Enable flash_map module as flash I/O back-end
619 select FLASH_MAP
Carles Cufi84ede582018-01-29 15:12:00 +0100620
621config MCUBOOT_DEVICE_CPU_CORTEX_M0
622 # Hidden selector for Cortex-M0 settings
623 bool
624 default n
625 select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP
626
Marti Bolivar0e091c92018-04-12 11:23:16 -0400627comment "Zephyr configuration options"
Andrzej Puzdrowski64ad0922017-09-22 11:33:41 +0200628
Marti Bolivarf84cc4b2019-08-20 16:06:56 -0700629# Disabling MULTITHREADING provides a code size advantage, but
630# it requires peripheral drivers (particularly a flash driver)
631# that works properly with the option enabled.
632#
633# If you know for sure that your hardware will work, you can default
634# it to n here. Otherwise, having it on by default makes the most
635# hardware work.
636config MULTITHREADING
Andrzej Puzdrowski9a4946c2020-02-20 12:39:12 +0100637 default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING
Josh Gao837cf882020-11-13 18:51:27 -0800638 default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT
Marti Bolivarf84cc4b2019-08-20 16:06:56 -0700639 default n if SOC_FAMILY_NRF
640 default y
641
Andrzej Puzdrowski9a4946c2020-02-20 12:39:12 +0100642config LOG_IMMEDIATE
643 default n if MULTITHREADING
Andrzej Puzdrowski3f092bd2020-02-17 13:25:32 +0100644 default y
645
646config LOG_PROCESS_THREAD
647 default n # mcuboot has its own log processing thread
648
649# override USB device name
650config USB_DEVICE_PRODUCT
651 default "MCUBOOT"
Andrzej Puzdrowski9a4946c2020-02-20 12:39:12 +0100652
Andrzej Puzdrowskif573b392020-11-10 14:35:15 +0100653# use MCUboot's own log configuration
654config MCUBOOT_BOOTUTIL_LIB_OWN_LOG
655 bool
656 default n
657
Robert Lubos1b19d2a2020-01-31 14:05:35 +0100658source "Kconfig.zephyr"