1 /* 2 * Copyright (c) 2018 Open Source Foundries Limited 3 * Copyright (c) 2019-2020 Arm Limited 4 * Copyright (c) 2019-2020 Linaro Limited 5 * 6 * SPDX-License-Identifier: Apache-2.0 7 */ 8 9 #ifndef __MCUBOOT_CONFIG_H__ 10 #define __MCUBOOT_CONFIG_H__ 11 12 #include <zephyr/devicetree.h> 13 14 #ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA 15 #define MCUBOOT_SIGN_RSA 16 # if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 2048 && \ 17 CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 3072) 18 # error "Invalid RSA key size (must be 2048 or 3072)" 19 # else 20 # define MCUBOOT_SIGN_RSA_LEN CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 21 # endif 22 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) 23 #define MCUBOOT_SIGN_EC256 24 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519) 25 #define MCUBOOT_SIGN_ED25519 26 #endif 27 28 #if defined(CONFIG_BOOT_USE_TINYCRYPT) 29 # if defined(CONFIG_MBEDTLS) || defined(CONFIG_BOOT_USE_CC310) 30 # error "One crypto library implementation allowed at a time." 31 # endif 32 #elif defined(CONFIG_MBEDTLS) && defined(CONFIG_BOOT_USE_CC310) 33 # error "One crypto library implementation allowed at a time." 34 #endif 35 36 #ifdef CONFIG_BOOT_USE_MBEDTLS 37 #define MCUBOOT_USE_MBED_TLS 38 #elif defined(CONFIG_BOOT_USE_TINYCRYPT) 39 #define MCUBOOT_USE_TINYCRYPT 40 #elif defined(CONFIG_BOOT_USE_CC310) 41 #define MCUBOOT_USE_CC310 42 #ifdef CONFIG_BOOT_USE_NRF_CC310_BL 43 #define MCUBOOT_USE_NRF_CC310_BL 44 #endif 45 #endif 46 47 /* Zephyr, regardless of C library used, provides snprintf */ 48 #define MCUBOOT_USE_SNPRINTF 1 49 50 #ifdef CONFIG_BOOT_HW_KEY 51 #define MCUBOOT_HW_KEY 52 #endif 53 54 #ifdef CONFIG_BOOT_VALIDATE_SLOT0 55 #define MCUBOOT_VALIDATE_PRIMARY_SLOT 56 #endif 57 58 #ifdef CONFIG_BOOT_VALIDATE_SLOT0_ONCE 59 #define MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE 60 #endif 61 62 #ifdef CONFIG_BOOT_UPGRADE_ONLY 63 #define MCUBOOT_OVERWRITE_ONLY 64 #define MCUBOOT_OVERWRITE_ONLY_FAST 65 #endif 66 67 #ifdef CONFIG_SINGLE_APPLICATION_SLOT 68 #define MCUBOOT_SINGLE_APPLICATION_SLOT 1 69 #define MCUBOOT_IMAGE_NUMBER 1 70 #else 71 72 #ifdef CONFIG_BOOT_SWAP_USING_MOVE 73 #define MCUBOOT_SWAP_USING_MOVE 1 74 #endif 75 76 #ifdef CONFIG_BOOT_DIRECT_XIP 77 #define MCUBOOT_DIRECT_XIP 78 #endif 79 80 #ifdef CONFIG_BOOT_DIRECT_XIP_REVERT 81 #define MCUBOOT_DIRECT_XIP_REVERT 82 #endif 83 84 #ifdef CONFIG_BOOT_RAM_LOAD 85 #define MCUBOOT_RAM_LOAD 1 86 #define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START 87 #define IMAGE_EXECUTABLE_RAM_SIZE CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE 88 #endif 89 90 #ifdef CONFIG_UPDATEABLE_IMAGE_NUMBER 91 #define MCUBOOT_IMAGE_NUMBER CONFIG_UPDATEABLE_IMAGE_NUMBER 92 #else 93 #define MCUBOOT_IMAGE_NUMBER 1 94 #endif 95 96 #ifdef CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER 97 #define MCUBOOT_VERSION_CMP_USE_BUILD_NUMBER 98 #endif 99 100 #ifdef CONFIG_BOOT_SWAP_SAVE_ENCTLV 101 #define MCUBOOT_SWAP_SAVE_ENCTLV 1 102 #endif 103 104 #endif /* CONFIG_SINGLE_APPLICATION_SLOT */ 105 106 #ifdef CONFIG_LOG 107 #define MCUBOOT_HAVE_LOGGING 1 108 #endif 109 110 #ifdef CONFIG_BOOT_ENCRYPT_RSA 111 #define MCUBOOT_ENC_IMAGES 112 #define MCUBOOT_ENCRYPT_RSA 113 #endif 114 115 #ifdef CONFIG_BOOT_ENCRYPT_EC256 116 #define MCUBOOT_ENC_IMAGES 117 #define MCUBOOT_ENCRYPT_EC256 118 #endif 119 120 #ifdef CONFIG_BOOT_SERIAL_ENCRYPT_EC256 121 #define MCUBOOT_ENC_IMAGES 122 #define MCUBOOT_ENCRYPT_EC256 123 #endif 124 125 #ifdef CONFIG_BOOT_ENCRYPT_X25519 126 #define MCUBOOT_ENC_IMAGES 127 #define MCUBOOT_ENCRYPT_X25519 128 #endif 129 130 #ifdef CONFIG_BOOT_BOOTSTRAP 131 #define MCUBOOT_BOOTSTRAP 1 132 #endif 133 134 #ifdef CONFIG_BOOT_USE_BENCH 135 #define MCUBOOT_USE_BENCH 1 136 #endif 137 138 #ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION 139 #define MCUBOOT_DOWNGRADE_PREVENTION 1 140 /* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is 141 * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in 142 * preprocessor condition and my be not defined) */ 143 # ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 144 # define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1 145 # else 146 # define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0 147 # endif 148 #endif 149 150 #ifdef CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION 151 #define MCUBOOT_HW_ROLLBACK_PROT 152 #endif 153 154 #ifdef CONFIG_MEASURED_BOOT 155 #define MCUBOOT_MEASURED_BOOT 156 #endif 157 158 #ifdef CONFIG_BOOT_SHARE_DATA 159 #define MCUBOOT_DATA_SHARING 160 #endif 161 162 #ifdef CONFIG_BOOT_FIH_PROFILE_OFF 163 #define MCUBOOT_FIH_PROFILE_OFF 164 #endif 165 166 #ifdef CONFIG_BOOT_FIH_PROFILE_LOW 167 #define MCUBOOT_FIH_PROFILE_LOW 168 #endif 169 170 #ifdef CONFIG_BOOT_FIH_PROFILE_MEDIUM 171 #define MCUBOOT_FIH_PROFILE_MEDIUM 172 #endif 173 174 #ifdef CONFIG_BOOT_FIH_PROFILE_HIGH 175 #define MCUBOOT_FIH_PROFILE_HIGH 176 #endif 177 178 #ifdef CONFIG_ENABLE_MGMT_PERUSER 179 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 1 180 #else 181 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0 182 #endif 183 184 #ifdef CONFIG_BOOT_MGMT_CUSTOM_IMG_LIST 185 #define MCUBOOT_MGMT_CUSTOM_IMG_LIST 186 #endif 187 188 #ifdef CONFIG_BOOT_MGMT_ECHO 189 #define MCUBOOT_BOOT_MGMT_ECHO 190 #endif 191 192 #ifdef CONFIG_BOOT_IMAGE_ACCESS_HOOKS 193 #define MCUBOOT_IMAGE_ACCESS_HOOKS 194 #endif 195 196 #ifdef CONFIG_MCUBOOT_VERIFY_IMG_ADDRESS 197 #define MCUBOOT_VERIFY_IMG_ADDRESS 198 #endif 199 200 /* 201 * The configuration option enables direct image upload with the 202 * serial recovery. 203 */ 204 #ifdef CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD 205 #define MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD 206 #endif 207 208 #ifdef CONFIG_BOOT_SERIAL_WAIT_FOR_DFU 209 #define MCUBOOT_SERIAL_WAIT_FOR_DFU 210 #endif 211 212 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_HASH 213 #define MCUBOOT_SERIAL_IMG_GRP_HASH 214 #endif 215 216 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE 217 #define MCUBOOT_SERIAL_IMG_GRP_IMAGE_STATE 218 #endif 219 220 /* 221 * The option enables code, currently in boot_serial, that attempts 222 * to erase flash progressively, as update fragments are received, 223 * instead of erasing whole image size of flash area after receiving 224 * first frame. 225 * Enabling this options prevents stalling the beginning of transfer 226 * for the time needed to erase large chunk of flash. 227 */ 228 #ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY 229 #define MCUBOOT_ERASE_PROGRESSIVELY 230 #endif 231 232 /* 233 * Enabling this option uses newer flash map APIs. This saves RAM and 234 * avoids deprecated API usage. 235 * 236 * (This can be deleted when flash_area_to_sectors() is removed instead 237 * of simply deprecated.) 238 */ 239 #define MCUBOOT_USE_FLASH_AREA_GET_SECTORS 240 241 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \ 242 defined(CONFIG_BOOT_USB_DFU_GPIO)) 243 # ifndef CONFIG_MULTITHREADING 244 # error "USB DFU Requires MULTITHREADING" 245 # endif 246 #endif 247 248 #ifdef CONFIG_BOOT_MAX_IMG_SECTORS 249 250 #define MCUBOOT_MAX_IMG_SECTORS CONFIG_BOOT_MAX_IMG_SECTORS 251 252 #else 253 #define MCUBOOT_MAX_IMG_SECTORS 128 254 #endif 255 256 #ifdef CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE 257 #define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE 258 #endif 259 260 #ifdef CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE 261 #define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE 262 #endif 263 264 /* Support 32-byte aligned flash sizes */ 265 #if DT_HAS_CHOSEN(zephyr_flash) 266 #if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8 267 #define MCUBOOT_BOOT_MAX_ALIGN \ 268 DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size) 269 #endif 270 #endif 271 272 #if CONFIG_BOOT_WATCHDOG_FEED 273 #if CONFIG_NRFX_WDT 274 #include <nrfx_wdt.h> 275 276 #define FEED_WDT_INST(id) \ 277 do { \ 278 nrfx_wdt_t wdt_inst_##id = NRFX_WDT_INSTANCE(id); \ 279 for (uint8_t i = 0; i < NRF_WDT_CHANNEL_NUMBER; i++) \ 280 { \ 281 nrf_wdt_reload_request_set(wdt_inst_##id.p_reg, \ 282 (nrf_wdt_rr_register_t)(NRF_WDT_RR0 + i)); \ 283 } \ 284 } while (0) 285 #if defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1) 286 #define MCUBOOT_WATCHDOG_FEED() \ 287 do { \ 288 FEED_WDT_INST(0); \ 289 FEED_WDT_INST(1); \ 290 } while (0) 291 #elif defined(CONFIG_NRFX_WDT0) 292 #define MCUBOOT_WATCHDOG_FEED() \ 293 FEED_WDT_INST(0); 294 #else /* defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1) */ 295 #error "No NRFX WDT instances enabled" 296 #endif /* defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1) */ 297 298 #elif DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) /* CONFIG_NRFX_WDT */ 299 #include <zephyr/device.h> 300 #include <zephyr/drivers/watchdog.h> 301 302 #define MCUBOOT_WATCHDOG_SETUP() \ 303 do { \ 304 const struct device* wdt = \ 305 DEVICE_DT_GET(DT_ALIAS(watchdog0)); \ 306 if (device_is_ready(wdt)) { \ 307 wdt_setup(wdt, 0); \ 308 } \ 309 } while (0) 310 311 #define MCUBOOT_WATCHDOG_FEED() \ 312 do { \ 313 const struct device* wdt = \ 314 DEVICE_DT_GET(DT_ALIAS(watchdog0)); \ 315 if (device_is_ready(wdt)) { \ 316 wdt_feed(wdt, 0); \ 317 } \ 318 } while (0) 319 #else /* DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) */ 320 /* No vendor implementation, no-op for historical reasons */ 321 #define MCUBOOT_WATCHDOG_FEED() \ 322 do { \ 323 } while (0) 324 #endif 325 #else /* CONFIG_BOOT_WATCHDOG_FEED */ 326 /* Not enabled, no feed activity */ 327 #define MCUBOOT_WATCHDOG_FEED() \ 328 do { \ 329 } while (0) 330 331 #endif /* CONFIG_BOOT_WATCHDOG_FEED */ 332 333 #ifndef MCUBOOT_WATCHDOG_SETUP 334 #define MCUBOOT_WATCHDOG_SETUP() 335 #endif 336 337 #define MCUBOOT_CPU_IDLE() \ 338 if (!IS_ENABLED(CONFIG_MULTITHREADING)) { \ 339 k_cpu_idle(); \ 340 } 341 342 #endif /* __MCUBOOT_CONFIG_H__ */ 343
