1# Copyright (c) 2022 Nordic Semiconductor
2#
3# SPDX-License-Identifier: Apache-2.0
4
5config SUPPORT_BOOTLOADER
6	bool
7	default y
8
9config SUPPORT_BOOTLOADER_MCUBOOT_ZEPHYR
10	bool
11	default y
12
13choice BOOTLOADER
14	prompt "Bootloader support"
15	default BOOTLOADER_NONE
16	depends on SUPPORT_BOOTLOADER
17
18config BOOTLOADER_NONE
19	bool "None"
20	help
21	  Do not Include a bootloader in the build
22
23config BOOTLOADER_MCUBOOT
24	bool "MCUboot"
25	depends on SUPPORT_BOOTLOADER_MCUBOOT_ZEPHYR
26	help
27	  Include MCUboot (Zephyr port) as the bootloader to use
28
29endchoice
30
31if BOOTLOADER_MCUBOOT
32
33choice MCUBOOT_MODE
34	prompt "Mode of operation"
35	default MCUBOOT_MODE_SWAP_WITHOUT_SCRATCH
36	help
37	  The operating mode of MCUboot (which will also be propagated to the application).
38
39config MCUBOOT_MODE_SINGLE_APP
40	bool "Single slot"
41	help
42	  MCUboot will only boot slot0_partition placed application and does not care about other
43	  slots. In this mode application is not able to DFU its own update to secondary slot and
44	  all updates need to be performed using MCUboot serial recovery.
45
46config MCUBOOT_MODE_SWAP_WITHOUT_SCRATCH
47	bool "Swap without scratch (swap using move)"
48	help
49	  MCUboot expects slot0_partition and slot1_partition to be present in DT and application
50	  will boot from slot0_partition. MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
51	  in main application if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
52
53config MCUBOOT_MODE_SWAP_SCRATCH
54	bool "Swap using scratch"
55	help
56	  MCUboot expects slot0_partition, slot1_partition and scratch_partition to be present in
57	  DT, and application will boot from slot0_partition. In this mode scratch_partition is
58	  used as temporary storage when MCUboot swaps application from the secondary slot to the
59	  primary slot.
60	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected in main application if MCUboot
61	  has been built with MCUBOOT_DOWNGRADE_PREVENTION.
62
63config MCUBOOT_MODE_OVERWRITE_ONLY
64	bool "Overwrite"
65	help
66	  MCUboot will take contents of secondary slot of an image and will overwrite primary slot
67	  with it. In this mode it is not possible to revert back to previous version as it is not
68	  stored in the secondary slot.
69	  This mode supports MCUBOOT_BOOTLOADER_NO_DOWNGRADE which means that the overwrite will
70	  not happen unless the version of secondary slot is higher than the version in primary
71	  slot.
72
73config MCUBOOT_MODE_DIRECT_XIP
74	bool "DirectXIP"
75	help
76	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode MCUboot
77	  can boot from either partition and will select one with higher application image version,
78	  which usually means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER is
79	  also selected in MCUboot that enables comparison of build number.
80	  This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
81	  to swap back to older version of application.
82
83config MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT
84	bool "DirectXIP with revert"
85	help
86	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode MCUboot
87	  will boot the application with the higher version from either slot, as long as it has
88	  been marked to be boot next time for test or permanently. In case when application is
89	  marked for test it needs to confirm itself, on the first boot, or it will be removed and
90	  MCUboot will revert to booting previously approved application.
91	  This mode does not allow freely switching between application versions, as, once higher
92	  version application is approved, it is not possible to select lower version for boot.
93	  This mode selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible to downgrade
94	  running application, but note that MCUboot may do that if application with higher
95	  version will not get confirmed.
96
97config MCUBOOT_MODE_RAM_LOAD
98	bool "RAM load"
99	help
100	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot
101	  will select the image with the higher version number, copy it to RAM and begin execution
102	  from there. The image must be linked to execute from RAM, the address that it is copied
103	  to is specified using the load-addr argument when running imgtool.
104
105	  Note: RAM must be assigned to the bootloader that is not used by the application in this
106	  mode so that the bootloader is able to function until the application has booted.
107
108config MCUBOOT_MODE_FIRMWARE_UPDATER
109	bool "Firmware updater"
110	help
111	  MCUboot will only boot slot0_partition for the main application but has an entrance
112	  mechanism defined for entering the slot1_partition which is a dedicated firmware updater
113	  application used to update the slot0_partition application.
114
115endchoice
116
117config SIGNATURE_TYPE
118	string
119	default NONE if BOOT_SIGNATURE_TYPE_NONE
120	default RSA  if BOOT_SIGNATURE_TYPE_RSA
121	default ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256
122	default ED25519 if BOOT_SIGNATURE_TYPE_ED25519
123
124choice BOOT_SIGNATURE_TYPE
125	prompt "Signature type"
126	default BOOT_SIGNATURE_TYPE_RSA
127
128config BOOT_SIGNATURE_TYPE_NONE
129	bool "No signature; use only hash check"
130
131config BOOT_SIGNATURE_TYPE_RSA
132	bool "RSA signatures"
133
134config BOOT_SIGNATURE_TYPE_ECDSA_P256
135	bool "Elliptic curve digital signatures with curve P-256"
136
137config BOOT_SIGNATURE_TYPE_ED25519
138	bool "Edwards curve digital signatures using ed25519"
139
140endchoice
141
142config BOOT_SIGNATURE_KEY_FILE
143	string "Signing PEM key file" if !BOOT_SIGNATURE_TYPE_NONE
144	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
145	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519
146	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA
147	default ""
148	help
149	  Absolute path to signing key file to use with MCUBoot.
150
151config SUPPORT_BOOT_ENCRYPTION
152	bool
153	depends on !BOOT_SIGNATURE_TYPE_NONE && !MCUBOOT_MODE_DIRECT_XIP && !MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT && !MCUBOOT_MODE_FIRMWARE_UPDATER
154	default y
155
156config BOOT_ENCRYPTION
157	bool "Encrypted image support"
158	depends on SUPPORT_BOOT_ENCRYPTION
159	help
160	  Support encrypted images.
161
162config BOOT_ENCRYPTION_KEY_FILE
163	string "Encryption PEM key file"
164	depends on BOOT_ENCRYPTION
165	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
166	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/enc-x25519-priv.pem" if BOOT_SIGNATURE_TYPE_ED25519
167	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/enc-rsa2048-priv.pem" if BOOT_SIGNATURE_TYPE_RSA
168	default ""
169	help
170	  Absolute path to encryption key file to use with MCUBoot.
171
172endif
173