1# Copyright (c) 2017-2020 Linaro Limited
2# Copyright (c) 2020 Arm Limited
3#
4# SPDX-License-Identifier: Apache-2.0
5#
6
7mainmenu "MCUboot configuration"
8
9comment "MCUboot-specific configuration options"
10
11# Hidden option to mark a project as MCUboot
12config MCUBOOT
13	default y
14	bool
15	select MPU_ALLOW_FLASH_WRITE if ARM_MPU
16	select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET
17	select MCUBOOT_BOOTUTIL_LIB
18
19config BOOT_USE_MBEDTLS
20	bool
21	# Hidden option
22	default n
23	help
24	  Use mbedTLS for crypto primitives.
25
26config BOOT_USE_TINYCRYPT
27	bool
28	# Hidden option
29	default n
30	# When building for ECDSA, we use our own copy of mbedTLS, so the
31	# Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
32	# will collide.
33	help
34	  Use TinyCrypt for crypto primitives.
35
36config BOOT_USE_CC310
37	bool
38	# Hidden option
39	default n
40	# When building for ECDSA, we use our own copy of mbedTLS, so the
41	# Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
42	# will collide.
43	help
44	  Use cc310 for crypto primitives.
45
46config BOOT_USE_NRF_CC310_BL
47	bool
48	default n
49
50config NRFXLIB_CRYPTO
51	bool
52	default n
53
54config NRF_CC310_BL
55	bool
56	default n
57
58menu "MCUBoot settings"
59
60config SINGLE_APPLICATION_SLOT
61	bool "Single slot bootloader"
62	default n
63	help
64	  Single image area is used for application which means that
65	  uploading a new application overwrites the one that previously
66	  occupied the area.
67
68choice BOOT_SIGNATURE_TYPE
69	prompt "Signature type"
70	default BOOT_SIGNATURE_TYPE_RSA
71
72config BOOT_SIGNATURE_TYPE_NONE
73	bool "No signature; use only hash check"
74	select BOOT_USE_TINYCRYPT
75
76config BOOT_SIGNATURE_TYPE_RSA
77	bool "RSA signatures"
78	select BOOT_USE_MBEDTLS
79	select MBEDTLS
80
81if BOOT_SIGNATURE_TYPE_RSA
82config BOOT_SIGNATURE_TYPE_RSA_LEN
83	int "RSA signature length"
84	range 2048 3072
85	default 2048
86endif
87
88config BOOT_SIGNATURE_TYPE_ECDSA_P256
89	bool "Elliptic curve digital signatures with curve P-256"
90
91if BOOT_SIGNATURE_TYPE_ECDSA_P256
92choice BOOT_ECDSA_IMPLEMENTATION
93	prompt "Ecdsa implementation"
94	default BOOT_ECDSA_TINYCRYPT
95
96config BOOT_ECDSA_TINYCRYPT
97	bool "Use tinycrypt"
98	select BOOT_USE_TINYCRYPT
99
100config BOOT_ECDSA_CC310
101	bool "Use CC310"
102	depends on HAS_HW_NRF_CC310
103	select BOOT_USE_NRF_CC310_BL
104	select NRF_CC310_BL
105	select NRFXLIB_CRYPTO
106	select BOOT_USE_CC310
107endchoice # Ecdsa implementation
108endif
109
110config BOOT_SIGNATURE_TYPE_ED25519
111	bool "Edwards curve digital signatures using ed25519"
112
113if BOOT_SIGNATURE_TYPE_ED25519
114choice BOOT_ED25519_IMPLEMENTATION
115	prompt "Ecdsa implementation"
116	default BOOT_ED25519_TINYCRYPT
117config BOOT_ED25519_TINYCRYPT
118	bool "Use tinycrypt"
119	select BOOT_USE_TINYCRYPT
120config BOOT_ED25519_MBEDTLS
121	bool "Use mbedTLS"
122	select BOOT_USE_MBEDTLS
123	select MBEDTLS
124endchoice
125endif
126
127endchoice
128
129config BOOT_SIGNATURE_KEY_FILE
130	string "PEM key file"
131	default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
132	default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519
133	default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072
134	default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048
135	default ""
136	help
137	  You can use either absolute or relative path.
138	  In case relative path is used, the build system assumes that it starts
139	  from the directory where the MCUBoot KConfig configuration file is
140	  located. If the key file is not there, the build system uses relative
141	  path that starts from the MCUBoot repository root directory.
142	  The key file will be parsed by imgtool's getpub command and a .c source
143	  with the public key information will be written in a format expected by
144	  MCUboot.
145
146config MCUBOOT_CLEANUP_ARM_CORE
147	bool "Perform core cleanup before chain-load the application"
148	depends on CPU_CORTEX_M
149	default y
150	help
151	  This option instructs MCUboot to perform a clean-up of a set of
152	  architecture core HW registers before jumping to the application
153	  firmware. The clean-up sets these registers to their warm-reset
154	  values as specified by the architecture.
155
156	  This option is enabled by default to prevent possible problems when
157	  booting zephyr (or other) applications whereby e.g. a MPU stack guard
158	  may be initialised in RAM which is then used by the application
159	  start-up code which can cause a module fault and potentially make the
160	  module irrecoverable.
161
162config MBEDTLS_CFG_FILE
163	default "mcuboot-mbedtls-cfg.h"
164
165config BOOT_HW_KEY
166	bool "Use HW key for image verification"
167	default n
168	help
169	  Use HW key for image verification, otherwise the public key is embedded
170	  in MCUBoot. If enabled the public key is appended to the signed image
171	  and requires the hash of the public key to be provisioned to the device
172	  beforehand.
173
174config BOOT_VALIDATE_SLOT0
175	bool "Validate image in the primary slot on every boot"
176	default y
177	help
178	  If y, the bootloader attempts to validate the signature of the
179	  primary slot every boot. This adds the signature check time to
180	  every boot, but can mitigate against some changes that are
181	  able to modify the flash image itself.
182
183config BOOT_VALIDATE_SLOT0_ONCE
184	bool "Validate image in the primary slot just once after after upgrade"
185	depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT
186	default n
187	help
188	  If y, the bootloader attempts to validate the signature of the
189	  primary slot only once after an upgrade of the main slot.
190	  It caches the result in the magic area, which makes it an unsecure
191	  method. This option is usefull for lowering the boot up time for
192	  low end devices with as a compromise lowering the security level.
193	  If unsure, leave at the default value.
194
195config BOOT_PREFER_SWAP_MOVE
196	bool "Prefer the newer swap move algorithm"
197	default y if SOC_FAMILY_NRF
198	default y if !$(dt_nodelabel_enabled,scratch_partition)
199	help
200	  If y, the BOOT_IMAGE_UPGRADE_MODE will default to using
201	  "move" instead of "scratch".  This is a separate bool config
202	  option, because Kconfig doesn't allow defaults to be
203	  overridden in choice options.  Most devices should be using
204	  swap move.
205
206if !SINGLE_APPLICATION_SLOT
207choice BOOT_IMAGE_UPGRADE_MODE
208	prompt "Image upgrade modes"
209	default BOOT_SWAP_USING_MOVE if BOOT_PREFER_SWAP_MOVE
210	default BOOT_SWAP_USING_SCRATCH
211
212config BOOT_SWAP_USING_SCRATCH
213	bool "Swap mode that run with the scratch partition"
214	help
215	  This is the most conservative swap mode but it can work even on
216	  devices with heterogeneous flash page layout.
217
218config BOOT_UPGRADE_ONLY
219	bool "Overwrite image updates instead of swapping"
220	help
221	  If y, overwrite the primary slot with the upgrade image instead
222	  of swapping them. This prevents the fallback recovery, but
223	  uses a much simpler code path.
224
225config BOOT_SWAP_USING_MOVE
226	bool "Swap mode that can run without a scratch partition"
227	help
228	  If y, the swap upgrade is done in two steps, where first every
229	  sector of the primary slot is moved up one sector, then for
230	  each sector X in the secondary slot, it is moved to index X in
231	  the primary slot, then the sector at X+1 in the primary is
232	  moved to index X in the secondary.
233	  This allows a swap upgrade without using a scratch partition,
234	  but is currently limited to all sectors in both slots being of
235	  the same size.
236
237config BOOT_DIRECT_XIP
238	bool "Run the latest image directly from its slot"
239	help
240	  If y, mcuboot selects the newest valid image based on the image version
241	  numbers, thereafter the selected image can run directly from its slot
242	  without having to move/copy it into the primary slot. For this reason the
243	  images must be linked to be executed from the given image slot. Using this
244	  mode results in a simpler code path and smaller code size.
245
246config BOOT_RAM_LOAD
247	bool "RAM load"
248	help
249	  If y, mcuboot selects the newest valid image based on the image version
250	  numbers, thereafter the selected image is copied to RAM and executed from
251	  there. For this reason, the image has to be linked to be executed from RAM.
252	  The address that the image is copied to is specified using the load-addr
253	  argument to the imgtool.py script which writes it to the image header.
254
255endchoice
256
257# Workaround for not being able to have commas in macro arguments
258DT_CHOSEN_Z_SRAM := zephyr,sram
259
260if BOOT_RAM_LOAD
261config BOOT_IMAGE_EXECUTABLE_RAM_START
262	hex "Boot image executable ram start"
263	default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM))
264
265config BOOT_IMAGE_EXECUTABLE_RAM_SIZE
266	int "Boot image executable base size"
267	default $(dt_chosen_reg_size_int,$(DT_CHOSEN_Z_SRAM),0)
268endif
269
270config BOOT_DIRECT_XIP_REVERT
271	bool "Enable the revert mechanism in direct-xip mode"
272	depends on BOOT_DIRECT_XIP
273	default n
274	help
275	  If y, enables the revert mechanism in direct-xip similar to the one in
276	  swap mode. It requires the trailer magic to be added to the signed image.
277	  When a reboot happens without the image being confirmed at runtime, the
278	  bootloader considers the image faulty and erases it. After this it will
279	  attempt to boot the previous image. The images can also be made permanent
280	  (marked as confirmed in advance) just like in swap mode.
281
282config BOOT_BOOTSTRAP
283	bool "Bootstrap erased the primary slot from the secondary slot"
284	default n
285	help
286	  If y, enables bootstraping support. Bootstrapping allows an erased
287	  primary slot to be initialized from a valid image in the secondary slot.
288	  If unsure, leave at the default value.
289
290config BOOT_SWAP_SAVE_ENCTLV
291	bool "Save encrypted key TLVs instead of plaintext keys in swap metadata"
292	default n
293	help
294	  If y, instead of saving the encrypted image keys in plaintext in the
295	  swap resume metadata, save the encrypted image TLVs. This should be used
296	  when there is no security mechanism protecting the data in the primary
297	  slot from being dumped. If n is selected (default), the keys are written
298	  after being decrypted from the image TLVs and could be read by an
299	  attacker who has access to the flash contents of the primary slot (eg
300	  JTAG/SWD or primary slot in external flash).
301	  If unsure, leave at the default value.
302
303config BOOT_ENCRYPT_IMAGE
304	bool
305	help
306	  Hidden option used to check if any image encryption is enabled.
307
308config BOOT_ENCRYPT_RSA
309	bool "Support for encrypted upgrade images using RSA"
310	select BOOT_ENCRYPT_IMAGE
311	help
312	  If y, images in the secondary slot can be encrypted and are decrypted
313	  on the fly when upgrading to the primary slot, as well as encrypted
314	  back when swapping from the primary slot to the secondary slot. The
315	  encryption mechanism used in this case is RSA-OAEP (2048 bits).
316
317config BOOT_ENCRYPT_EC256
318	bool "Support for encrypted upgrade images using ECIES-P256"
319	select BOOT_ENCRYPT_IMAGE
320	help
321	  If y, images in the secondary slot can be encrypted and are decrypted
322	  on the fly when upgrading to the primary slot, as well as encrypted
323	  back when swapping from the primary slot to the secondary slot. The
324	  encryption mechanism used in this case is ECIES using primitives
325	  described under "ECIES-P256 encryption" in docs/encrypted_images.md.
326
327config BOOT_ENCRYPT_X25519
328	bool "Support for encrypted upgrade images using ECIES-X25519"
329	select BOOT_ENCRYPT_IMAGE
330	help
331	  If y, images in the secondary slot can be encrypted and are decrypted
332	  on the fly when upgrading to the primary slot, as well as encrypted
333	  back when swapping from the primary slot to the secondary slot. The
334	  encryption mechanism used in this case is ECIES using primitives
335	  described under "ECIES-X25519 encryption" in docs/encrypted_images.md.
336endif # !SINGLE_APPLICATION_SLOT
337
338config BOOT_ENCRYPTION_KEY_FILE
339	string "encryption key file"
340    depends on BOOT_ENCRYPT_EC256 || BOOT_SERIAL_ENCRYPT_EC256
341	default "enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
342	default ""
343	help
344	  You can use either absolute or relative path.
345	  In case relative path is used, the build system assumes that it starts
346	  from the directory where the MCUBoot KConfig configuration file is
347	  located. If the key file is not there, the build system uses relative
348	  path that starts from the MCUBoot repository root directory.
349	  The key file will be parsed by imgtool's getpriv command and a .c source
350	  with the public key information will be written in a format expected by
351	  MCUboot.
352
353config BOOT_MAX_IMG_SECTORS
354	int "Maximum number of sectors per image slot"
355	default 128
356	help
357	  This option controls the maximum number of sectors that each of
358	  the two image areas can contain. Smaller values reduce MCUboot's
359	  memory usage; larger values allow it to support larger images.
360	  If unsure, leave at the default value.
361
362config MEASURED_BOOT
363	bool "Store the boot state/measurements in shared memory"
364	default n
365	help
366	  If enabled, the bootloader will store certain boot measurements such as
367	  the hash of the firmware image in a shared memory area. This data can
368	  be used later by runtime services (e.g. by a device attestation service).
369
370config BOOT_SHARE_DATA
371	bool "Save application specific data in shared memory area"
372	default n
373
374choice BOOT_FAULT_INJECTION_HARDENING_PROFILE
375	prompt "Fault injection hardening profile"
376	default BOOT_FIH_PROFILE_OFF
377
378config BOOT_FIH_PROFILE_OFF
379	bool "No hardening against hardware level fault injection"
380	help
381	  No hardening in SW against hardware level fault injection: power or
382	  clock glitching, etc.
383
384config BOOT_FIH_PROFILE_LOW
385	bool "Moderate level hardening against hardware level fault injection"
386	help
387	  Moderate level hardening: Long global fail loop to avoid break out,
388	  control flow integrity check to discover discrepancy in expected code
389	  flow.
390
391config BOOT_FIH_PROFILE_MEDIUM
392	bool "Medium level hardening against hardware level fault injection"
393	help
394	  Medium level hardening: Long global fail loop to avoid break out,
395	  control flow integrity check to discover discrepancy in expected code
396	  flow, double variables to discover register or memory corruption.
397
398config BOOT_FIH_PROFILE_HIGH
399	bool "Maximum level hardening against hardware level fault injection"
400	select MBEDTLS
401	help
402	  Maximum level hardening: Long global fail loop to avoid break out,
403	  control flow integrity check to discover discrepancy in expected code
404	  flow, double variables to discover register or memory corruption, random
405	  delays to make code execution less predictable. Random delays requires an
406	  entropy source.
407
408endchoice
409
410choice BOOT_USB_DFU
411	prompt "USB DFU"
412	default BOOT_USB_DFU_NO
413
414config BOOT_USB_DFU_NO
415	prompt "Disabled"
416
417config BOOT_USB_DFU_WAIT
418	bool "Wait for a prescribed duration to see if USB DFU is invoked"
419	select USB_DEVICE_STACK
420	select USB_DFU_CLASS
421	select IMG_MANAGER
422	select STREAM_FLASH
423	select MULTITHREADING
424	help
425	  If y, MCUboot waits for a prescribed duration of time to allow
426	  for USB DFU to be invoked. Please note DFU always updates the
427	  slot1 image.
428
429config BOOT_USB_DFU_GPIO
430	bool "Use GPIO to detect whether to trigger DFU mode"
431	select USB_DEVICE_STACK
432	select USB_DFU_CLASS
433	select IMG_MANAGER
434	select STREAM_FLASH
435	select MULTITHREADING
436	help
437	  If y, MCUboot uses GPIO to detect whether to invoke USB DFU.
438
439endchoice
440
441config BOOT_USB_DFU_WAIT_DELAY_MS
442	int "USB DFU wait duration"
443	depends on BOOT_USB_DFU_WAIT
444	default 12000
445	help
446	  Milliseconds to wait for USB DFU to be invoked.
447
448if BOOT_USB_DFU_GPIO
449
450config BOOT_USB_DFU_DETECT_DELAY
451	int "Serial detect pin detection delay time [ms]"
452	default 0
453	help
454	  Used to prevent the bootloader from loading on button press.
455	  Useful for powering on when using the same button as
456	  the one used to place the device in bootloader mode.
457
458endif # BOOT_USB_DFU_GPIO
459
460config ZEPHYR_TRY_MASS_ERASE
461	bool "Try to mass erase flash when flashing MCUboot image (DEPRECATED)"
462	select DEPRECATED
463	help
464	  If y, attempt to configure the Zephyr build system's "flash"
465	  target to mass-erase the flash device before flashing the
466	  MCUboot image. This ensures the scratch and other partitions
467	  are in a consistent state.
468
469	  This is not available for all targets.
470
471	  This option has been deprecated, to perform a mass erase when
472	  flashing a board, `west flash --erase` should be used instead.
473
474config BOOT_USE_BENCH
475        bool "Enable benchmark code"
476        default n
477        help
478          If y, adds support for simple benchmarking that can record
479          time intervals between two calls.  The time printed depends
480          on the particular Zephyr target, and is generally ticks of a
481          specific board-specific timer.
482
483module = MCUBOOT
484module-str = MCUBoot bootloader
485source "subsys/logging/Kconfig.template.log_config"
486
487config MCUBOOT_LOG_THREAD_STACK_SIZE
488	int "Stack size for the MCUBoot log processing thread"
489	depends on LOG && !LOG_IMMEDIATE
490	default 2048 if COVERAGE_GCOV
491	default 1024 if NO_OPTIMIZATIONS
492	default 1024 if XTENSA
493	default 4096 if (X86 && X86_64)
494	default 4096 if ARM64
495	default 768
496	help
497	  Set the internal stack size for MCUBoot log processing thread.
498
499config MCUBOOT_INDICATION_LED
500	bool "Turns on LED indication when device is in DFU"
501	default n
502	help
503	  Device device activates the LED while in bootloader mode.
504	  mcuboot-led0 alias must be set in the device's .dts
505	  definitions for this to work.
506
507rsource "Kconfig.serial_recovery"
508
509config BOOT_INTR_VEC_RELOC
510	bool "Relocate the interrupt vector to the application"
511	default n
512	depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR
513	help
514	  Relocate the interrupt vector to the application before it is started.
515	  Select this option if application requires vector relocation,
516	  but it doesn't relocate vector in its reset handler.
517
518config UPDATEABLE_IMAGE_NUMBER
519	int "Number of updateable images"
520	default 1
521	range 1 1 if SINGLE_APPLICATION_SLOT
522	help
523	  Enables support of multi image update.
524
525config BOOT_VERSION_CMP_USE_BUILD_NUMBER
526	bool "Use build number while comparing image version"
527	depends on (UPDATEABLE_IMAGE_NUMBER > 1) || BOOT_DIRECT_XIP || \
528		   BOOT_RAM_LOAD || MCUBOOT_DOWNGRADE_PREVENTION
529	help
530	  By default, the image version comparison relies only on version major,
531	  minor and revision. Enable this option to take into account the build
532	  number as well.
533
534choice BOOT_DOWNGRADE_PREVENTION_CHOICE
535	prompt "Downgrade prevention"
536	optional
537
538config MCUBOOT_DOWNGRADE_PREVENTION
539	bool "SW based downgrade prevention"
540	depends on !BOOT_DIRECT_XIP
541	help
542	  Prevent downgrades by enforcing incrementing version numbers.
543	  When this option is set, any upgrade must have greater major version
544	  or greater minor version with equal major version. This mechanism
545	  only protects against some attacks against version downgrades (for
546	  example, a JTAG could be used to write an older version).
547
548config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
549	bool "Use image security counter instead of version number"
550	depends on MCUBOOT_DOWNGRADE_PREVENTION
551	depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH)
552	help
553       Security counter is used for version eligibility check instead of pure
554       version.  When this option is set, any upgrade must have greater or
555       equal security counter value.
556       Because of the acceptance of equal values it allows for software
557       downgrades to some extent.
558
559config MCUBOOT_HW_DOWNGRADE_PREVENTION
560	bool "HW based downgrade prevention"
561	help
562	  Prevent undesirable/malicious software downgrades. When this option is
563	  set, any upgrade must have greater or equal security counter value.
564	  Because of the acceptance of equal values it allows for software
565	  downgrade to some extent.
566
567endchoice
568
569config BOOT_WATCHDOG_FEED
570	bool "Feed the watchdog while doing swap"
571	default y if WATCHDOG
572	default y if SOC_FAMILY_NRF
573	# for nRF nrfx based implementation is available
574	imply NRFX_WDT if SOC_FAMILY_NRF
575	imply NRFX_WDT0 if SOC_FAMILY_NRF
576	imply NRFX_WDT1 if SOC_FAMILY_NRF
577	help
578	  Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is
579	  used to feed watchdog while doing time consuming operations.
580
581config BOOT_IMAGE_ACCESS_HOOKS
582	bool "Enable hooks for overriding MCUboot's native routines"
583	help
584	  Allow to provide procedures for override or extend native
585	  MCUboot's routines required for access the image data and the image
586	  update. It is up to the project customization to add required source
587	  files to the build.
588
589config MCUBOOT_ACTION_HOOKS
590	bool "Enable hooks for responding to MCUboot status changes"
591	help
592	  This will call a handler when the MCUboot status changes which allows
593	  for some level of user feedback, for instance to change LED status to
594	  indicate a failure, using the callback:
595	  'void mcuboot_status_change(mcuboot_status_type_t status)' where
596	  'mcuboot_status_type_t' is listed in
597	  boot/bootutil/include/bootutil/mcuboot_status.h
598
599endmenu
600
601config MCUBOOT_DEVICE_SETTINGS
602	# Hidden selector for device-specific settings
603	bool
604	default y
605        # CPU options
606	select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0
607        # Enable flash page layout if available
608	select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT
609	# Enable flash_map module as flash I/O back-end
610	select FLASH_MAP
611
612config MCUBOOT_DEVICE_CPU_CORTEX_M0
613	# Hidden selector for Cortex-M0 settings
614	bool
615	default n
616	select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP
617
618comment "Zephyr configuration options"
619
620# Disabling MULTITHREADING provides a code size advantage, but
621# it requires peripheral drivers (particularly a flash driver)
622# that works properly with the option enabled.
623#
624# If you know for sure that your hardware will work, you can default
625# it to n here. Otherwise, having it on by default makes the most
626# hardware work.
627config MULTITHREADING
628	default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING
629	default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT
630	default n if SOC_FAMILY_NRF
631	default n if SOC_FAMILY_ESP32 && MCUBOOT
632	default y
633
634config LOG_PROCESS_THREAD
635	default n # mcuboot has its own log processing thread
636
637# override USB device name
638config USB_DEVICE_PRODUCT
639	default "MCUBOOT"
640
641# use MCUboot's own log configuration
642config MCUBOOT_BOOTUTIL_LIB_OWN_LOG
643	bool
644	default n
645
646config MCUBOOT_VERIFY_IMG_ADDRESS
647	bool "Verify reset address of image in secondary slot"
648	depends on UPDATEABLE_IMAGE_NUMBER > 1
649	depends on !BOOT_ENCRYPT_IMAGE
650	depends on ARM
651	default y if BOOT_UPGRADE_ONLY
652	help
653	  Verify that the reset address in the image located in the secondary slot
654	  is contained within the corresponding primary slot. This is recommended
655	  if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user
656	  incorrectly uploads an update for image 1 to image 0's secondary slot
657	  MCUboot will overwrite image 0's primary slot with this image even
658	  though it will not boot. If swapping is enabled this will be handled
659	  since the image will not confirm itself. If, however, swapping is not
660	  enabled then the only mitigation is serial recovery. This feature can
661	  also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image
662	  linked at the correct address is loaded.
663
664source "Kconfig.zephyr"
665