1 /* 2 * Copyright (c) 2018 Open Source Foundries Limited 3 * Copyright (c) 2019-2020 Arm Limited 4 * Copyright (c) 2019-2020 Linaro Limited 5 * Copyright (c) 2023 Nordic Semiconductor ASA 6 * 7 * SPDX-License-Identifier: Apache-2.0 8 */ 9 10 #ifndef __MCUBOOT_CONFIG_H__ 11 #define __MCUBOOT_CONFIG_H__ 12 13 #include <zephyr/devicetree.h> 14 15 #ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA 16 #define MCUBOOT_SIGN_RSA 17 # if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 2048 && \ 18 CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 3072) 19 # error "Invalid RSA key size (must be 2048 or 3072)" 20 # else 21 # define MCUBOOT_SIGN_RSA_LEN CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 22 # endif 23 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) 24 #define MCUBOOT_SIGN_EC256 25 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519) 26 #define MCUBOOT_SIGN_ED25519 27 #endif 28 29 #if defined(CONFIG_BOOT_USE_TINYCRYPT) 30 # if defined(CONFIG_MBEDTLS) || defined(CONFIG_BOOT_USE_CC310) 31 # error "One crypto library implementation allowed at a time." 32 # endif 33 #elif defined(CONFIG_MBEDTLS) && defined(CONFIG_BOOT_USE_CC310) 34 # error "One crypto library implementation allowed at a time." 35 #endif 36 37 #ifdef CONFIG_BOOT_USE_MBEDTLS 38 #define MCUBOOT_USE_MBED_TLS 39 #elif defined(CONFIG_BOOT_USE_TINYCRYPT) 40 #define MCUBOOT_USE_TINYCRYPT 41 #elif defined(CONFIG_BOOT_USE_CC310) 42 #define MCUBOOT_USE_CC310 43 #ifdef CONFIG_BOOT_USE_NRF_CC310_BL 44 #define MCUBOOT_USE_NRF_CC310_BL 45 #endif 46 #elif defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT) 47 #define MCUBOOT_USE_PSA_CRYPTO 48 #endif 49 50 #ifdef CONFIG_BOOT_IMG_HASH_ALG_SHA512 51 #define MCUBOOT_SHA512 52 #endif 53 54 #ifdef CONFIG_BOOT_IMG_HASH_ALG_SHA256 55 #define MCUBOOT_SHA256 56 #endif 57 58 /* Zephyr, regardless of C library used, provides snprintf */ 59 #define MCUBOOT_USE_SNPRINTF 1 60 61 #ifdef CONFIG_BOOT_HW_KEY 62 #define MCUBOOT_HW_KEY 63 #endif 64 65 #ifdef CONFIG_BOOT_VALIDATE_SLOT0 66 #define MCUBOOT_VALIDATE_PRIMARY_SLOT 67 #endif 68 69 #ifdef CONFIG_BOOT_VALIDATE_SLOT0_ONCE 70 #define MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE 71 #endif 72 73 #ifdef CONFIG_BOOT_UPGRADE_ONLY 74 #define MCUBOOT_OVERWRITE_ONLY 75 #define MCUBOOT_OVERWRITE_ONLY_FAST 76 #endif 77 78 #ifdef CONFIG_SINGLE_APPLICATION_SLOT 79 #define MCUBOOT_SINGLE_APPLICATION_SLOT 1 80 #define MCUBOOT_IMAGE_NUMBER 1 81 #else 82 83 #ifdef CONFIG_BOOT_SWAP_USING_MOVE 84 #define MCUBOOT_SWAP_USING_MOVE 1 85 #endif 86 87 #ifdef CONFIG_BOOT_DIRECT_XIP 88 #define MCUBOOT_DIRECT_XIP 89 #endif 90 91 #ifdef CONFIG_BOOT_DIRECT_XIP_REVERT 92 #define MCUBOOT_DIRECT_XIP_REVERT 93 #endif 94 95 #ifdef CONFIG_BOOT_RAM_LOAD 96 #define MCUBOOT_RAM_LOAD 1 97 #define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START 98 #define IMAGE_EXECUTABLE_RAM_SIZE CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE 99 #endif 100 101 #ifdef CONFIG_BOOT_FIRMWARE_LOADER 102 #define MCUBOOT_FIRMWARE_LOADER 103 #endif 104 105 #ifdef CONFIG_UPDATEABLE_IMAGE_NUMBER 106 #define MCUBOOT_IMAGE_NUMBER CONFIG_UPDATEABLE_IMAGE_NUMBER 107 #else 108 #define MCUBOOT_IMAGE_NUMBER 1 109 #endif 110 111 #ifdef CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER 112 #define MCUBOOT_VERSION_CMP_USE_BUILD_NUMBER 113 #endif 114 115 #ifdef CONFIG_BOOT_SWAP_SAVE_ENCTLV 116 #define MCUBOOT_SWAP_SAVE_ENCTLV 1 117 #endif 118 119 #endif /* CONFIG_SINGLE_APPLICATION_SLOT */ 120 121 #ifdef CONFIG_LOG 122 #define MCUBOOT_HAVE_LOGGING 1 123 #endif 124 125 #ifdef CONFIG_BOOT_ENCRYPT_RSA 126 #define MCUBOOT_ENC_IMAGES 127 #define MCUBOOT_ENCRYPT_RSA 128 #endif 129 130 #ifdef CONFIG_BOOT_ENCRYPT_EC256 131 #define MCUBOOT_ENC_IMAGES 132 #define MCUBOOT_ENCRYPT_EC256 133 #endif 134 135 #ifdef CONFIG_BOOT_ENCRYPT_X25519 136 #define MCUBOOT_ENC_IMAGES 137 #define MCUBOOT_ENCRYPT_X25519 138 #endif 139 140 #ifdef CONFIG_BOOT_DECOMPRESSION 141 #define MCUBOOT_DECOMPRESS_IMAGES 142 #endif 143 144 #ifdef CONFIG_BOOT_BOOTSTRAP 145 #define MCUBOOT_BOOTSTRAP 1 146 #endif 147 148 #ifdef CONFIG_BOOT_USE_BENCH 149 #define MCUBOOT_USE_BENCH 1 150 #endif 151 152 #ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION 153 #define MCUBOOT_DOWNGRADE_PREVENTION 1 154 /* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is 155 * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in 156 * preprocessor condition and my be not defined) */ 157 # ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 158 # define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1 159 # else 160 # define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0 161 # endif 162 #endif 163 164 #ifdef CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION 165 #define MCUBOOT_HW_ROLLBACK_PROT 166 #endif 167 168 #ifdef CONFIG_MEASURED_BOOT 169 #define MCUBOOT_MEASURED_BOOT 170 #endif 171 172 #ifdef CONFIG_BOOT_SHARE_DATA 173 #define MCUBOOT_DATA_SHARING 174 #endif 175 176 #ifdef CONFIG_BOOT_SHARE_BACKEND_RETENTION 177 #define MCUBOOT_CUSTOM_DATA_SHARING_FUNCTION 178 #endif 179 180 #ifdef CONFIG_BOOT_SHARE_DATA_BOOTINFO 181 #define MCUBOOT_DATA_SHARING_BOOTINFO 182 #endif 183 184 #ifdef CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE 185 #define MAX_BOOT_RECORD_SZ CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE 186 #endif 187 188 #ifdef CONFIG_BOOT_FIH_PROFILE_OFF 189 #define MCUBOOT_FIH_PROFILE_OFF 190 #endif 191 192 #ifdef CONFIG_BOOT_FIH_PROFILE_LOW 193 #define MCUBOOT_FIH_PROFILE_LOW 194 #endif 195 196 #ifdef CONFIG_BOOT_FIH_PROFILE_MEDIUM 197 #define MCUBOOT_FIH_PROFILE_MEDIUM 198 #endif 199 200 #ifdef CONFIG_BOOT_FIH_PROFILE_HIGH 201 #define MCUBOOT_FIH_PROFILE_HIGH 202 #endif 203 204 #ifdef CONFIG_ENABLE_MGMT_PERUSER 205 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 1 206 #else 207 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0 208 #endif 209 210 #ifdef CONFIG_BOOT_MGMT_CUSTOM_IMG_LIST 211 #define MCUBOOT_MGMT_CUSTOM_IMG_LIST 212 #endif 213 214 #ifdef CONFIG_BOOT_MGMT_ECHO 215 #define MCUBOOT_BOOT_MGMT_ECHO 216 #endif 217 218 #ifdef CONFIG_BOOT_IMAGE_ACCESS_HOOKS 219 #define MCUBOOT_IMAGE_ACCESS_HOOKS 220 #endif 221 222 #ifdef CONFIG_MCUBOOT_VERIFY_IMG_ADDRESS 223 #define MCUBOOT_VERIFY_IMG_ADDRESS 224 #endif 225 226 #ifdef CONFIG_MCUBOOT_SERIAL 227 #define MCUBOOT_SERIAL 228 #endif 229 230 /* 231 * The configuration option enables direct image upload with the 232 * serial recovery. 233 */ 234 #ifdef CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD 235 #define MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD 236 #endif 237 238 #ifdef CONFIG_BOOT_SERIAL_WAIT_FOR_DFU 239 #define MCUBOOT_SERIAL_WAIT_FOR_DFU 240 #endif 241 242 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_HASH 243 #define MCUBOOT_SERIAL_IMG_GRP_HASH 244 #endif 245 246 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE 247 #define MCUBOOT_SERIAL_IMG_GRP_IMAGE_STATE 248 #endif 249 250 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_SLOT_INFO 251 #define MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO 252 #endif 253 254 #ifdef CONFIG_MCUBOOT_SERIAL 255 #define MCUBOOT_SERIAL_RECOVERY 256 #endif 257 258 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \ 259 defined(CONFIG_BOOT_USB_DFU_GPIO)) 260 #define MCUBOOT_USB_DFU 261 #endif 262 263 /* 264 * The option enables code, currently in boot_serial, that attempts 265 * to erase flash progressively, as update fragments are received, 266 * instead of erasing whole image size of flash area after receiving 267 * first frame. 268 * Enabling this options prevents stalling the beginning of transfer 269 * for the time needed to erase large chunk of flash. 270 */ 271 #ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY 272 #define MCUBOOT_ERASE_PROGRESSIVELY 273 #endif 274 275 /* 276 * Enabling this option uses newer flash map APIs. This saves RAM and 277 * avoids deprecated API usage. 278 * 279 * (This can be deleted when flash_area_to_sectors() is removed instead 280 * of simply deprecated.) 281 */ 282 #define MCUBOOT_USE_FLASH_AREA_GET_SECTORS 283 284 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \ 285 defined(CONFIG_BOOT_USB_DFU_GPIO)) 286 # ifndef CONFIG_MULTITHREADING 287 # error "USB DFU Requires MULTITHREADING" 288 # endif 289 #endif 290 291 #if defined(CONFIG_BOOT_MAX_IMG_SECTORS_AUTO) && defined(MIN_SECTOR_COUNT) 292 293 #define MCUBOOT_MAX_IMG_SECTORS MIN_SECTOR_COUNT 294 295 #elif defined(CONFIG_BOOT_MAX_IMG_SECTORS) 296 297 #define MCUBOOT_MAX_IMG_SECTORS CONFIG_BOOT_MAX_IMG_SECTORS 298 299 #else 300 #define MCUBOOT_MAX_IMG_SECTORS 128 301 #endif 302 303 #ifdef CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE 304 #define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE 305 #endif 306 307 #ifdef CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE 308 #define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE 309 #endif 310 311 #if defined(MCUBOOT_DATA_SHARING) && defined(ZEPHYR_VER_INCLUDE) 312 #include <zephyr/app_version.h> 313 314 #define MCUBOOT_VERSION_AVAILABLE 315 #define MCUBOOT_VERSION_MAJOR APP_VERSION_MAJOR 316 #define MCUBOOT_VERSION_MINOR APP_VERSION_MINOR 317 #define MCUBOOT_VERSION_PATCHLEVEL APP_PATCHLEVEL 318 #endif 319 320 /* Support 32-byte aligned flash sizes */ 321 #if DT_HAS_CHOSEN(zephyr_flash) 322 #if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8 323 #define MCUBOOT_BOOT_MAX_ALIGN \ 324 DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size) 325 #endif 326 #endif 327 328 #ifdef CONFIG_MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP 329 #define MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP 1 330 #endif 331 332 #if CONFIG_BOOT_WATCHDOG_FEED 333 #if CONFIG_BOOT_WATCHDOG_FEED_NRFX_WDT 334 #include <nrfx_wdt.h> 335 336 #define FEED_WDT_INST(id) \ 337 do { \ 338 nrfx_wdt_t wdt_inst_##id = NRFX_WDT_INSTANCE(id); \ 339 for (uint8_t i = 0; i < NRF_WDT_CHANNEL_NUMBER; i++) \ 340 { \ 341 nrf_wdt_reload_request_set(wdt_inst_##id.p_reg, \ 342 (nrf_wdt_rr_register_t)(NRF_WDT_RR0 + i)); \ 343 } \ 344 } while (0) 345 #if defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1) 346 #define MCUBOOT_WATCHDOG_FEED() \ 347 do { \ 348 FEED_WDT_INST(0); \ 349 FEED_WDT_INST(1); \ 350 } while (0) 351 #elif defined(CONFIG_NRFX_WDT0) 352 #define MCUBOOT_WATCHDOG_FEED() \ 353 FEED_WDT_INST(0); 354 #elif defined(CONFIG_NRFX_WDT30) && defined(CONFIG_NRFX_WDT31) 355 #define MCUBOOT_WATCHDOG_FEED() \ 356 do { \ 357 FEED_WDT_INST(30); \ 358 FEED_WDT_INST(31); \ 359 } while (0) 360 #elif defined(CONFIG_NRFX_WDT30) 361 #define MCUBOOT_WATCHDOG_FEED() \ 362 FEED_WDT_INST(30); 363 #elif defined(CONFIG_NRFX_WDT31) 364 #define MCUBOOT_WATCHDOG_FEED() \ 365 FEED_WDT_INST(31); 366 #else 367 #error "No NRFX WDT instances enabled" 368 #endif 369 370 #elif DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) /* CONFIG_BOOT_WATCHDOG_FEED_NRFX_WDT */ 371 #include <zephyr/device.h> 372 #include <zephyr/drivers/watchdog.h> 373 374 #define MCUBOOT_WATCHDOG_SETUP() \ 375 do { \ 376 const struct device* wdt = \ 377 DEVICE_DT_GET(DT_ALIAS(watchdog0)); \ 378 if (device_is_ready(wdt)) { \ 379 wdt_setup(wdt, 0); \ 380 } \ 381 } while (0) 382 383 #define MCUBOOT_WATCHDOG_FEED() \ 384 do { \ 385 const struct device* wdt = \ 386 DEVICE_DT_GET(DT_ALIAS(watchdog0)); \ 387 if (device_is_ready(wdt)) { \ 388 wdt_feed(wdt, 0); \ 389 } \ 390 } while (0) 391 #else /* DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) */ 392 /* No vendor implementation, no-op for historical reasons */ 393 #define MCUBOOT_WATCHDOG_FEED() \ 394 do { \ 395 } while (0) 396 #endif 397 #else /* CONFIG_BOOT_WATCHDOG_FEED */ 398 /* Not enabled, no feed activity */ 399 #define MCUBOOT_WATCHDOG_FEED() \ 400 do { \ 401 } while (0) 402 403 #endif /* CONFIG_BOOT_WATCHDOG_FEED */ 404 405 #ifndef MCUBOOT_WATCHDOG_SETUP 406 #define MCUBOOT_WATCHDOG_SETUP() 407 #endif 408 409 #define MCUBOOT_CPU_IDLE() \ 410 if (!IS_ENABLED(CONFIG_MULTITHREADING)) { \ 411 k_cpu_idle(); \ 412 } 413 414 #endif /* __MCUBOOT_CONFIG_H__ */ 415
