1# Copyright (c) 2022 Nordic Semiconductor
2#
3# SPDX-License-Identifier: Apache-2.0
4
5config SUPPORT_BOOTLOADER
6	bool
7	default y
8
9config SUPPORT_BOOTLOADER_MCUBOOT_ZEPHYR
10	bool
11	default y
12
13choice BOOTLOADER
14	prompt "Bootloader support"
15	default BOOTLOADER_NONE
16	depends on SUPPORT_BOOTLOADER
17
18config BOOTLOADER_NONE
19	bool "None"
20	help
21	  Do not Include a bootloader in the build
22
23config BOOTLOADER_MCUBOOT
24	bool "MCUboot"
25	depends on SUPPORT_BOOTLOADER_MCUBOOT_ZEPHYR
26	help
27	  Include MCUboot (Zephyr port) as the bootloader to use
28
29endchoice
30
31if BOOTLOADER_MCUBOOT
32
33choice MCUBOOT_MODE
34	prompt "Mode of operation"
35	default MCUBOOT_MODE_SWAP_USING_MOVE
36	help
37	  The operating mode of MCUboot (which will also be propagated to the application).
38
39config MCUBOOT_MODE_SINGLE_APP
40	bool "Single slot"
41	help
42	  MCUboot will only boot slot0_partition placed application and does not care about other
43	  slots. In this mode application is not able to DFU its own update to secondary slot and
44	  all updates need to be performed using MCUboot serial recovery.
45
46config MCUBOOT_MODE_SWAP_USING_OFFSET
47	bool "Swap using offset"
48	select EXPERIMENTAL
49	help
50	  MCUboot expects slot0_partition and slot1_partition to be present in DT and application
51	  will boot from slot0_partition. MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
52	  in main application if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
53
54config MCUBOOT_MODE_SWAP_USING_MOVE
55	bool "Swap using move"
56	help
57	  MCUboot expects slot0_partition and slot1_partition to be present in DT and application
58	  will boot from slot0_partition. MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
59	  in main application if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
60
61config MCUBOOT_MODE_SWAP_WITHOUT_SCRATCH
62	bool "Swap without scratch (swap using move) [DEPRECATED]"
63	select DEPRECATED
64	help
65	  This Kconfig is deprecated, use MCUBOOT_MODE_SWAP_USING_MOVE instead.
66
67config MCUBOOT_MODE_SWAP_SCRATCH
68	bool "Swap using scratch"
69	help
70	  MCUboot expects slot0_partition, slot1_partition and scratch_partition to be present in
71	  DT, and application will boot from slot0_partition. In this mode scratch_partition is
72	  used as temporary storage when MCUboot swaps application from the secondary slot to the
73	  primary slot.
74	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected in main application if MCUboot
75	  has been built with MCUBOOT_DOWNGRADE_PREVENTION.
76
77config MCUBOOT_MODE_OVERWRITE_ONLY
78	bool "Overwrite"
79	help
80	  MCUboot will take contents of secondary slot of an image and will overwrite primary slot
81	  with it. In this mode it is not possible to revert back to previous version as it is not
82	  stored in the secondary slot.
83	  This mode supports MCUBOOT_BOOTLOADER_NO_DOWNGRADE which means that the overwrite will
84	  not happen unless the version of secondary slot is higher than the version in primary
85	  slot.
86
87config MCUBOOT_MODE_DIRECT_XIP
88	bool "DirectXIP"
89	help
90	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode MCUboot
91	  can boot from either partition and will select one with higher application image version,
92	  which usually means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER is
93	  also selected in MCUboot that enables comparison of build number.
94	  This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
95	  to swap back to older version of application.
96
97config MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT
98	bool "DirectXIP with revert"
99	help
100	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode MCUboot
101	  will boot the application with the higher version from either slot, as long as it has
102	  been marked to be boot next time for test or permanently. In case when application is
103	  marked for test it needs to confirm itself, on the first boot, or it will be removed and
104	  MCUboot will revert to booting previously approved application.
105	  This mode does not allow freely switching between application versions, as, once higher
106	  version application is approved, it is not possible to select lower version for boot.
107	  This mode selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible to downgrade
108	  running application, but note that MCUboot may do that if application with higher
109	  version will not get confirmed.
110
111config MCUBOOT_MODE_RAM_LOAD
112	bool "RAM load"
113	help
114	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot
115	  will select the image with the higher version number, copy it to RAM and begin execution
116	  from there. The image must be linked to execute from RAM, the address that it is copied
117	  to is specified using the load-addr argument when running imgtool.
118
119	  Note: RAM must be assigned to the bootloader that is not used by the application in this
120	  mode so that the bootloader is able to function until the application has booted.
121
122config MCUBOOT_MODE_FIRMWARE_UPDATER
123	bool "Firmware updater"
124	help
125	  MCUboot will only boot slot0_partition for the main application but has an entrance
126	  mechanism defined for entering the slot1_partition which is a dedicated firmware updater
127	  application used to update the slot0_partition application.
128
129endchoice
130
131config SIGNATURE_TYPE
132	string
133	default "NONE" if BOOT_SIGNATURE_TYPE_NONE
134	default "RSA" if BOOT_SIGNATURE_TYPE_RSA
135	default "ECDSA_P256" if BOOT_SIGNATURE_TYPE_ECDSA_P256
136	default "ED25519" if BOOT_SIGNATURE_TYPE_ED25519
137
138choice BOOT_SIGNATURE_TYPE
139	prompt "Signature type"
140	default BOOT_SIGNATURE_TYPE_RSA
141
142config BOOT_SIGNATURE_TYPE_NONE
143	bool "No signature; use only hash check"
144
145config BOOT_SIGNATURE_TYPE_RSA
146	bool "RSA signatures"
147
148config BOOT_SIGNATURE_TYPE_ECDSA_P256
149	bool "Elliptic curve digital signatures with curve P-256"
150
151config BOOT_SIGNATURE_TYPE_ED25519
152	bool "Edwards curve digital signatures using ed25519"
153
154endchoice
155
156config BOOT_SIGNATURE_KEY_FILE
157	string "Signing PEM key file" if !BOOT_SIGNATURE_TYPE_NONE
158	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
159	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519
160	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA
161	default ""
162	help
163	  Absolute path to signing key file to use with MCUBoot.
164
165config SUPPORT_BOOT_ENCRYPTION
166	bool
167	depends on !BOOT_SIGNATURE_TYPE_NONE && !MCUBOOT_MODE_DIRECT_XIP && !MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT && !MCUBOOT_MODE_FIRMWARE_UPDATER
168	default y
169
170config BOOT_ENCRYPTION
171	bool "Encrypted image support"
172	depends on SUPPORT_BOOT_ENCRYPTION
173	help
174	  Support encrypted images.
175
176config BOOT_ENCRYPTION_KEY_FILE
177	string "Encryption PEM key file"
178	depends on BOOT_ENCRYPTION
179	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
180	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/enc-x25519-priv.pem" if BOOT_SIGNATURE_TYPE_ED25519
181	default "$(ZEPHYR_MCUBOOT_MODULE_DIR)/enc-rsa2048-priv.pem" if BOOT_SIGNATURE_TYPE_RSA
182	default ""
183	help
184	  Absolute path to encryption key file to use with MCUBoot.
185
186endif
187