1 /*
2  * Copyright (c) 2018 Open Source Foundries Limited
3  * Copyright (c) 2019-2020 Arm Limited
4  * Copyright (c) 2019-2020 Linaro Limited
5  * Copyright (c) 2023 Nordic Semiconductor ASA
6  *
7  * SPDX-License-Identifier: Apache-2.0
8  */
9 
10 #ifndef __MCUBOOT_CONFIG_H__
11 #define __MCUBOOT_CONFIG_H__
12 
13 #include <zephyr/devicetree.h>
14 
15 #ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA
16 #define MCUBOOT_SIGN_RSA
17 #  if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 2048 && \
18        CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 3072)
19 #    error "Invalid RSA key size (must be 2048 or 3072)"
20 #  else
21 #    define MCUBOOT_SIGN_RSA_LEN CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN
22 #  endif
23 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
24 #define MCUBOOT_SIGN_EC256
25 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
26 #define MCUBOOT_SIGN_ED25519
27 #endif
28 
29 #if defined(CONFIG_BOOT_USE_TINYCRYPT)
30 #  if defined(CONFIG_MBEDTLS) || defined(CONFIG_BOOT_USE_CC310)
31 #     error "One crypto library implementation allowed at a time."
32 #  endif
33 #elif defined(CONFIG_MBEDTLS) && defined(CONFIG_BOOT_USE_CC310)
34 #     error "One crypto library implementation allowed at a time."
35 #endif
36 
37 #ifdef CONFIG_BOOT_USE_MBEDTLS
38 #define MCUBOOT_USE_MBED_TLS
39 #elif defined(CONFIG_BOOT_USE_TINYCRYPT)
40 #define MCUBOOT_USE_TINYCRYPT
41 #elif defined(CONFIG_BOOT_USE_CC310)
42 #define MCUBOOT_USE_CC310
43 #ifdef CONFIG_BOOT_USE_NRF_CC310_BL
44 #define MCUBOOT_USE_NRF_CC310_BL
45 #endif
46 #elif defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
47 #define MCUBOOT_USE_PSA_CRYPTO
48 #endif
49 
50 #ifdef CONFIG_BOOT_IMG_HASH_ALG_SHA512
51 #define MCUBOOT_SHA512
52 #endif
53 
54 #ifdef CONFIG_BOOT_IMG_HASH_ALG_SHA256
55 #define MCUBOOT_SHA256
56 #endif
57 
58 /* Zephyr, regardless of C library used, provides snprintf */
59 #define MCUBOOT_USE_SNPRINTF 1
60 
61 #ifdef CONFIG_BOOT_HW_KEY
62 #define MCUBOOT_HW_KEY
63 #endif
64 
65 #ifdef CONFIG_BOOT_VALIDATE_SLOT0
66 #define MCUBOOT_VALIDATE_PRIMARY_SLOT
67 #endif
68 
69 #ifdef CONFIG_BOOT_VALIDATE_SLOT0_ONCE
70 #define MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE
71 #endif
72 
73 #ifdef CONFIG_BOOT_UPGRADE_ONLY
74 #define MCUBOOT_OVERWRITE_ONLY
75 #define MCUBOOT_OVERWRITE_ONLY_FAST
76 #endif
77 
78 #ifdef CONFIG_SINGLE_APPLICATION_SLOT
79 #define MCUBOOT_SINGLE_APPLICATION_SLOT 1
80 #define MCUBOOT_IMAGE_NUMBER    1
81 #else
82 
83 #ifdef CONFIG_BOOT_SWAP_USING_MOVE
84 #define MCUBOOT_SWAP_USING_MOVE 1
85 #endif
86 
87 #ifdef CONFIG_BOOT_SWAP_USING_OFFSET
88 #define MCUBOOT_SWAP_USING_OFFSET 1
89 #endif
90 
91 #ifdef CONFIG_BOOT_DIRECT_XIP
92 #define MCUBOOT_DIRECT_XIP
93 #endif
94 
95 #ifdef CONFIG_BOOT_DIRECT_XIP_REVERT
96 #define MCUBOOT_DIRECT_XIP_REVERT
97 #endif
98 
99 #ifdef CONFIG_BOOT_RAM_LOAD
100 #define MCUBOOT_RAM_LOAD 1
101 #define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START
102 #define IMAGE_EXECUTABLE_RAM_SIZE CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE
103 #endif
104 
105 #ifdef CONFIG_BOOT_FIRMWARE_LOADER
106 #define MCUBOOT_FIRMWARE_LOADER
107 #endif
108 
109 #ifdef CONFIG_UPDATEABLE_IMAGE_NUMBER
110 #define MCUBOOT_IMAGE_NUMBER    CONFIG_UPDATEABLE_IMAGE_NUMBER
111 #else
112 #define MCUBOOT_IMAGE_NUMBER    1
113 #endif
114 
115 #ifdef CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER
116 #define MCUBOOT_VERSION_CMP_USE_BUILD_NUMBER
117 #endif
118 
119 #ifdef CONFIG_BOOT_SWAP_SAVE_ENCTLV
120 #define MCUBOOT_SWAP_SAVE_ENCTLV 1
121 #endif
122 
123 #endif /* CONFIG_SINGLE_APPLICATION_SLOT */
124 
125 #ifdef CONFIG_SINGLE_APPLICATION_SLOT_RAM_LOAD
126 #define MCUBOOT_RAM_LOAD    1
127 #define MCUBOOT_IMAGE_NUMBER    1
128 #define MCUBOOT_SINGLE_APPLICATION_SLOT_RAM_LOAD    1
129 #define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START
130 #define IMAGE_EXECUTABLE_RAM_SIZE CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE
131 #endif
132 
133 #ifdef CONFIG_LOG
134 #define MCUBOOT_HAVE_LOGGING 1
135 #endif
136 
137 #ifdef CONFIG_BOOT_ENCRYPT_RSA
138 #define MCUBOOT_ENC_IMAGES
139 #define MCUBOOT_ENCRYPT_RSA
140 #endif
141 
142 #ifdef CONFIG_BOOT_ENCRYPT_EC256
143 #define MCUBOOT_ENC_IMAGES
144 #define MCUBOOT_ENCRYPT_EC256
145 #endif
146 
147 #ifdef CONFIG_BOOT_ENCRYPT_X25519
148 #define MCUBOOT_ENC_IMAGES
149 #define MCUBOOT_ENCRYPT_X25519
150 #endif
151 
152 #ifdef CONFIG_BOOT_DECOMPRESSION
153 #define MCUBOOT_DECOMPRESS_IMAGES
154 #endif
155 
156 /* Invoke hashing functions directly on storage device. This requires the device
157  * be able to map storage to address space or RAM.
158  */
159 #ifdef CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE
160 #define MCUBOOT_HASH_STORAGE_DIRECTLY
161 #endif
162 
163 #ifdef CONFIG_BOOT_SIGNATURE_TYPE_PURE
164 #define MCUBOOT_SIGN_PURE
165 #endif
166 
167 #ifdef CONFIG_BOOT_BOOTSTRAP
168 #define MCUBOOT_BOOTSTRAP 1
169 #endif
170 
171 #ifdef CONFIG_BOOT_USE_BENCH
172 #define MCUBOOT_USE_BENCH 1
173 #endif
174 
175 #ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION
176 #define MCUBOOT_DOWNGRADE_PREVENTION 1
177 /* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is
178  * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in
179  * preprocessor condition and my be not defined) */
180 #  ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
181 #    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1
182 #  else
183 #    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0
184 #  endif
185 #endif
186 
187 #ifdef CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION
188 #define MCUBOOT_HW_ROLLBACK_PROT
189 #endif
190 
191 #ifdef CONFIG_MEASURED_BOOT
192 #define MCUBOOT_MEASURED_BOOT
193 #endif
194 
195 #ifdef CONFIG_BOOT_SHARE_DATA
196 #define MCUBOOT_DATA_SHARING
197 #endif
198 
199 #ifdef CONFIG_BOOT_SHARE_BACKEND_RETENTION
200 #define MCUBOOT_CUSTOM_DATA_SHARING_FUNCTION
201 #endif
202 
203 #ifdef CONFIG_BOOT_SHARE_DATA_BOOTINFO
204 #define MCUBOOT_DATA_SHARING_BOOTINFO
205 #endif
206 
207 #ifdef CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE
208 #define MAX_BOOT_RECORD_SZ CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE
209 #endif
210 
211 #ifdef CONFIG_BOOT_FIH_PROFILE_OFF
212 #define MCUBOOT_FIH_PROFILE_OFF
213 #endif
214 
215 #ifdef CONFIG_BOOT_FIH_PROFILE_LOW
216 #define MCUBOOT_FIH_PROFILE_LOW
217 #endif
218 
219 #ifdef CONFIG_BOOT_FIH_PROFILE_MEDIUM
220 #define MCUBOOT_FIH_PROFILE_MEDIUM
221 #endif
222 
223 #ifdef CONFIG_BOOT_FIH_PROFILE_HIGH
224 #define MCUBOOT_FIH_PROFILE_HIGH
225 #endif
226 
227 #ifdef CONFIG_ENABLE_MGMT_PERUSER
228 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 1
229 #else
230 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0
231 #endif
232 
233 #ifdef CONFIG_BOOT_MGMT_CUSTOM_IMG_LIST
234 #define MCUBOOT_MGMT_CUSTOM_IMG_LIST
235 #endif
236 
237 #ifdef CONFIG_BOOT_MGMT_ECHO
238 #define MCUBOOT_BOOT_MGMT_ECHO
239 #endif
240 
241 #ifdef CONFIG_BOOT_IMAGE_ACCESS_HOOKS
242 #define MCUBOOT_IMAGE_ACCESS_HOOKS
243 #endif
244 
245 #ifdef CONFIG_BOOT_GO_HOOKS
246 #define MCUBOOT_BOOT_GO_HOOKS
247 #endif
248 
249 #ifdef CONFIG_BOOT_FLASH_AREA_HOOKS
250 #define MCUBOOT_FLASH_AREA_HOOKS
251 #endif
252 
253 #ifdef CONFIG_MCUBOOT_VERIFY_IMG_ADDRESS
254 #define MCUBOOT_VERIFY_IMG_ADDRESS
255 #endif
256 
257 #ifdef CONFIG_MCUBOOT_SERIAL
258 #define MCUBOOT_SERIAL
259 #endif
260 
261 /*
262  * The configuration option enables direct image upload with the
263  * serial recovery.
264  */
265 #ifdef CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD
266 #define MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD
267 #endif
268 
269 #ifdef CONFIG_BOOT_SERIAL_WAIT_FOR_DFU
270 #define MCUBOOT_SERIAL_WAIT_FOR_DFU
271 #endif
272 
273 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_HASH
274 #define MCUBOOT_SERIAL_IMG_GRP_HASH
275 #endif
276 
277 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE
278 #define MCUBOOT_SERIAL_IMG_GRP_IMAGE_STATE
279 #endif
280 
281 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_SLOT_INFO
282 #define MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO
283 #endif
284 
285 #ifdef CONFIG_MCUBOOT_SERIAL
286 #define MCUBOOT_SERIAL_RECOVERY
287 #endif
288 
289 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \
290      defined(CONFIG_BOOT_USB_DFU_GPIO))
291 #define MCUBOOT_USB_DFU
292 #endif
293 
294 /*
295  * The option enables code, currently in boot_serial, that attempts
296  * to erase flash progressively, as update fragments are received,
297  * instead of erasing whole image size of flash area after receiving
298  * first frame.
299  * Enabling this options prevents stalling the beginning of transfer
300  * for the time needed to erase large chunk of flash.
301  */
302 #ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY
303 #define MCUBOOT_ERASE_PROGRESSIVELY
304 #endif
305 
306 /*
307  * Enabling this option uses newer flash map APIs. This saves RAM and
308  * avoids deprecated API usage.
309  *
310  * (This can be deleted when flash_area_to_sectors() is removed instead
311  * of simply deprecated.)
312  */
313 #define MCUBOOT_USE_FLASH_AREA_GET_SECTORS
314 
315 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \
316      defined(CONFIG_BOOT_USB_DFU_GPIO))
317 #  ifndef CONFIG_MULTITHREADING
318 #    error "USB DFU Requires MULTITHREADING"
319 #  endif
320 #endif
321 
322 #if defined(CONFIG_BOOT_MAX_IMG_SECTORS_AUTO) && defined(MIN_SECTOR_COUNT)
323 
324 #define MCUBOOT_MAX_IMG_SECTORS       MIN_SECTOR_COUNT
325 
326 #elif defined(CONFIG_BOOT_MAX_IMG_SECTORS)
327 
328 #define MCUBOOT_MAX_IMG_SECTORS       CONFIG_BOOT_MAX_IMG_SECTORS
329 
330 #else
331 #define MCUBOOT_MAX_IMG_SECTORS       128
332 #endif
333 
334 #ifdef CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE
335 #define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE
336 #endif
337 
338 #ifdef CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE
339 #define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE
340 #endif
341 
342 #if defined(MCUBOOT_DATA_SHARING) && defined(ZEPHYR_VER_INCLUDE)
343 #include <zephyr/app_version.h>
344 
345 #define MCUBOOT_VERSION_AVAILABLE
346 #define MCUBOOT_VERSION_MAJOR APP_VERSION_MAJOR
347 #define MCUBOOT_VERSION_MINOR APP_VERSION_MINOR
348 #define MCUBOOT_VERSION_PATCHLEVEL APP_PATCHLEVEL
349 #define MCUBOOT_VERSION_TWEAK APP_TWEAK
350 #endif
351 
352 /* Support 32-byte aligned flash sizes */
353 #if DT_HAS_CHOSEN(zephyr_flash)
354     #if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8
355         #define MCUBOOT_BOOT_MAX_ALIGN \
356             DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
357     #endif
358 #endif
359 
360 #ifdef CONFIG_MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
361 #define MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP 1
362 #endif
363 
364 #if CONFIG_BOOT_WATCHDOG_FEED
365 #if CONFIG_BOOT_WATCHDOG_FEED_NRFX_WDT
366 #include <nrfx_wdt.h>
367 
368 #define FEED_WDT_INST(id)                                    \
369     do {                                                     \
370         nrfx_wdt_t wdt_inst_##id = NRFX_WDT_INSTANCE(id);    \
371         for (uint8_t i = 0; i < NRF_WDT_CHANNEL_NUMBER; i++) \
372         {                                                    \
373             nrf_wdt_reload_request_set(wdt_inst_##id.p_reg,  \
374                 (nrf_wdt_rr_register_t)(NRF_WDT_RR0 + i));   \
375         }                                                    \
376     } while (0)
377 #if defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1)
378 #define MCUBOOT_WATCHDOG_FEED() \
379     do {                        \
380         FEED_WDT_INST(0);       \
381         FEED_WDT_INST(1);       \
382     } while (0)
383 #elif defined(CONFIG_NRFX_WDT0)
384 #define MCUBOOT_WATCHDOG_FEED() \
385     FEED_WDT_INST(0);
386 #elif defined(CONFIG_NRFX_WDT30) && defined(CONFIG_NRFX_WDT31)
387 #define MCUBOOT_WATCHDOG_FEED() \
388     do {                        \
389         FEED_WDT_INST(30);      \
390         FEED_WDT_INST(31);      \
391     } while (0)
392 #elif defined(CONFIG_NRFX_WDT30)
393 #define MCUBOOT_WATCHDOG_FEED() \
394     FEED_WDT_INST(30);
395 #elif defined(CONFIG_NRFX_WDT31)
396 #define MCUBOOT_WATCHDOG_FEED() \
397     FEED_WDT_INST(31);
398 #else
399 #error "No NRFX WDT instances enabled"
400 #endif
401 
402 #elif DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) /* CONFIG_BOOT_WATCHDOG_FEED_NRFX_WDT */
403 #include <zephyr/device.h>
404 #include <zephyr/drivers/watchdog.h>
405 
406 #define MCUBOOT_WATCHDOG_SETUP()                              \
407     do {                                                      \
408         const struct device* wdt =                            \
409             DEVICE_DT_GET(DT_ALIAS(watchdog0));               \
410         if (device_is_ready(wdt)) {                           \
411             wdt_setup(wdt, 0);                                \
412         }                                                     \
413     } while (0)
414 
415 #define MCUBOOT_WATCHDOG_FEED()                               \
416     do {                                                      \
417         const struct device* wdt =                            \
418             DEVICE_DT_GET(DT_ALIAS(watchdog0));               \
419         if (device_is_ready(wdt)) {                           \
420             wdt_feed(wdt, 0);                                 \
421         }                                                     \
422     } while (0)
423 #else /* DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) */
424 /* No vendor implementation, no-op for historical reasons */
425 #define MCUBOOT_WATCHDOG_FEED()         \
426     do {                                \
427     } while (0)
428 #endif
429 #else  /* CONFIG_BOOT_WATCHDOG_FEED */
430 /* Not enabled, no feed activity */
431 #define MCUBOOT_WATCHDOG_FEED()         \
432     do {                                \
433     } while (0)
434 
435 #endif /* CONFIG_BOOT_WATCHDOG_FEED */
436 
437 #ifndef MCUBOOT_WATCHDOG_SETUP
438 #define MCUBOOT_WATCHDOG_SETUP()
439 #endif
440 
441 #define MCUBOOT_CPU_IDLE() \
442   if (!IS_ENABLED(CONFIG_MULTITHREADING)) { \
443     k_cpu_idle(); \
444   }
445 
446 #endif /* __MCUBOOT_CONFIG_H__ */
447