1 /*
2  * Copyright (c) 2018 Open Source Foundries Limited
3  * Copyright (c) 2019-2020 Arm Limited
4  * Copyright (c) 2019-2020 Linaro Limited
5  * Copyright (c) 2023 Nordic Semiconductor ASA
6  *
7  * SPDX-License-Identifier: Apache-2.0
8  */
9 
10 #ifndef __MCUBOOT_CONFIG_H__
11 #define __MCUBOOT_CONFIG_H__
12 
13 #include <zephyr/devicetree.h>
14 
15 #ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA
16 #define MCUBOOT_SIGN_RSA
17 #  if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 2048 && \
18        CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 3072)
19 #    error "Invalid RSA key size (must be 2048 or 3072)"
20 #  else
21 #    define MCUBOOT_SIGN_RSA_LEN CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN
22 #  endif
23 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
24 #define MCUBOOT_SIGN_EC256
25 #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
26 #define MCUBOOT_SIGN_ED25519
27 #endif
28 
29 #if defined(CONFIG_BOOT_USE_TINYCRYPT)
30 #  if defined(CONFIG_MBEDTLS) || defined(CONFIG_BOOT_USE_CC310)
31 #     error "One crypto library implementation allowed at a time."
32 #  endif
33 #elif defined(CONFIG_MBEDTLS) && defined(CONFIG_BOOT_USE_CC310)
34 #     error "One crypto library implementation allowed at a time."
35 #endif
36 
37 #ifdef CONFIG_BOOT_USE_MBEDTLS
38 #define MCUBOOT_USE_MBED_TLS
39 #elif defined(CONFIG_BOOT_USE_TINYCRYPT)
40 #define MCUBOOT_USE_TINYCRYPT
41 #elif defined(CONFIG_BOOT_USE_CC310)
42 #define MCUBOOT_USE_CC310
43 #ifdef CONFIG_BOOT_USE_NRF_CC310_BL
44 #define MCUBOOT_USE_NRF_CC310_BL
45 #endif
46 #endif
47 
48 /* Zephyr, regardless of C library used, provides snprintf */
49 #define MCUBOOT_USE_SNPRINTF 1
50 
51 #ifdef CONFIG_BOOT_HW_KEY
52 #define MCUBOOT_HW_KEY
53 #endif
54 
55 #ifdef CONFIG_BOOT_VALIDATE_SLOT0
56 #define MCUBOOT_VALIDATE_PRIMARY_SLOT
57 #endif
58 
59 #ifdef CONFIG_BOOT_VALIDATE_SLOT0_ONCE
60 #define MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE
61 #endif
62 
63 #ifdef CONFIG_BOOT_UPGRADE_ONLY
64 #define MCUBOOT_OVERWRITE_ONLY
65 #define MCUBOOT_OVERWRITE_ONLY_FAST
66 #endif
67 
68 #ifdef CONFIG_SINGLE_APPLICATION_SLOT
69 #define MCUBOOT_SINGLE_APPLICATION_SLOT 1
70 #define MCUBOOT_IMAGE_NUMBER    1
71 #else
72 
73 #ifdef CONFIG_BOOT_SWAP_USING_MOVE
74 #define MCUBOOT_SWAP_USING_MOVE 1
75 #endif
76 
77 #ifdef CONFIG_BOOT_DIRECT_XIP
78 #define MCUBOOT_DIRECT_XIP
79 #endif
80 
81 #ifdef CONFIG_BOOT_DIRECT_XIP_REVERT
82 #define MCUBOOT_DIRECT_XIP_REVERT
83 #endif
84 
85 #ifdef CONFIG_BOOT_RAM_LOAD
86 #define MCUBOOT_RAM_LOAD 1
87 #define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START
88 #define IMAGE_EXECUTABLE_RAM_SIZE CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE
89 #endif
90 
91 #ifdef CONFIG_BOOT_FIRMWARE_LOADER
92 #define MCUBOOT_FIRMWARE_LOADER
93 #endif
94 
95 #ifdef CONFIG_UPDATEABLE_IMAGE_NUMBER
96 #define MCUBOOT_IMAGE_NUMBER    CONFIG_UPDATEABLE_IMAGE_NUMBER
97 #else
98 #define MCUBOOT_IMAGE_NUMBER    1
99 #endif
100 
101 #ifdef CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER
102 #define MCUBOOT_VERSION_CMP_USE_BUILD_NUMBER
103 #endif
104 
105 #ifdef CONFIG_BOOT_SWAP_SAVE_ENCTLV
106 #define MCUBOOT_SWAP_SAVE_ENCTLV 1
107 #endif
108 
109 #endif /* CONFIG_SINGLE_APPLICATION_SLOT */
110 
111 #ifdef CONFIG_LOG
112 #define MCUBOOT_HAVE_LOGGING 1
113 #endif
114 
115 #ifdef CONFIG_BOOT_ENCRYPT_RSA
116 #define MCUBOOT_ENC_IMAGES
117 #define MCUBOOT_ENCRYPT_RSA
118 #endif
119 
120 #ifdef CONFIG_BOOT_ENCRYPT_EC256
121 #define MCUBOOT_ENC_IMAGES
122 #define MCUBOOT_ENCRYPT_EC256
123 #endif
124 
125 #ifdef CONFIG_BOOT_ENCRYPT_X25519
126 #define MCUBOOT_ENC_IMAGES
127 #define MCUBOOT_ENCRYPT_X25519
128 #endif
129 
130 #ifdef CONFIG_BOOT_BOOTSTRAP
131 #define MCUBOOT_BOOTSTRAP 1
132 #endif
133 
134 #ifdef CONFIG_BOOT_USE_BENCH
135 #define MCUBOOT_USE_BENCH 1
136 #endif
137 
138 #ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION
139 #define MCUBOOT_DOWNGRADE_PREVENTION 1
140 /* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is
141  * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in
142  * preprocessor condition and my be not defined) */
143 #  ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
144 #    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1
145 #  else
146 #    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0
147 #  endif
148 #endif
149 
150 #ifdef CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION
151 #define MCUBOOT_HW_ROLLBACK_PROT
152 #endif
153 
154 #ifdef CONFIG_MEASURED_BOOT
155 #define MCUBOOT_MEASURED_BOOT
156 #endif
157 
158 #ifdef CONFIG_BOOT_SHARE_DATA
159 #define MCUBOOT_DATA_SHARING
160 #endif
161 
162 #ifdef CONFIG_BOOT_SHARE_BACKEND_RETENTION
163 #define MCUBOOT_CUSTOM_DATA_SHARING_FUNCTION
164 #endif
165 
166 #ifdef CONFIG_BOOT_SHARE_DATA_BOOTINFO
167 #define MCUBOOT_DATA_SHARING_BOOTINFO
168 #endif
169 
170 #ifdef CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE
171 #define MAX_BOOT_RECORD_SZ CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE
172 #endif
173 
174 #ifdef CONFIG_BOOT_FIH_PROFILE_OFF
175 #define MCUBOOT_FIH_PROFILE_OFF
176 #endif
177 
178 #ifdef CONFIG_BOOT_FIH_PROFILE_LOW
179 #define MCUBOOT_FIH_PROFILE_LOW
180 #endif
181 
182 #ifdef CONFIG_BOOT_FIH_PROFILE_MEDIUM
183 #define MCUBOOT_FIH_PROFILE_MEDIUM
184 #endif
185 
186 #ifdef CONFIG_BOOT_FIH_PROFILE_HIGH
187 #define MCUBOOT_FIH_PROFILE_HIGH
188 #endif
189 
190 #ifdef CONFIG_ENABLE_MGMT_PERUSER
191 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 1
192 #else
193 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0
194 #endif
195 
196 #ifdef CONFIG_BOOT_MGMT_CUSTOM_IMG_LIST
197 #define MCUBOOT_MGMT_CUSTOM_IMG_LIST
198 #endif
199 
200 #ifdef CONFIG_BOOT_MGMT_ECHO
201 #define MCUBOOT_BOOT_MGMT_ECHO
202 #endif
203 
204 #ifdef CONFIG_BOOT_IMAGE_ACCESS_HOOKS
205 #define MCUBOOT_IMAGE_ACCESS_HOOKS
206 #endif
207 
208 #ifdef CONFIG_MCUBOOT_VERIFY_IMG_ADDRESS
209 #define MCUBOOT_VERIFY_IMG_ADDRESS
210 #endif
211 
212 #ifdef CONFIG_MCUBOOT_SERIAL
213 #define MCUBOOT_SERIAL
214 #endif
215 
216 /*
217  * The configuration option enables direct image upload with the
218  * serial recovery.
219  */
220 #ifdef CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD
221 #define MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD
222 #endif
223 
224 #ifdef CONFIG_BOOT_SERIAL_WAIT_FOR_DFU
225 #define MCUBOOT_SERIAL_WAIT_FOR_DFU
226 #endif
227 
228 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_HASH
229 #define MCUBOOT_SERIAL_IMG_GRP_HASH
230 #endif
231 
232 #ifdef CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE
233 #define MCUBOOT_SERIAL_IMG_GRP_IMAGE_STATE
234 #endif
235 
236 #ifdef CONFIG_MCUBOOT_SERIAL
237 #define MCUBOOT_SERIAL_RECOVERY
238 #endif
239 
240 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \
241      defined(CONFIG_BOOT_USB_DFU_GPIO))
242 #define MCUBOOT_USB_DFU
243 #endif
244 
245 /*
246  * The option enables code, currently in boot_serial, that attempts
247  * to erase flash progressively, as update fragments are received,
248  * instead of erasing whole image size of flash area after receiving
249  * first frame.
250  * Enabling this options prevents stalling the beginning of transfer
251  * for the time needed to erase large chunk of flash.
252  */
253 #ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY
254 #define MCUBOOT_ERASE_PROGRESSIVELY
255 #endif
256 
257 /*
258  * Enabling this option uses newer flash map APIs. This saves RAM and
259  * avoids deprecated API usage.
260  *
261  * (This can be deleted when flash_area_to_sectors() is removed instead
262  * of simply deprecated.)
263  */
264 #define MCUBOOT_USE_FLASH_AREA_GET_SECTORS
265 
266 #if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \
267      defined(CONFIG_BOOT_USB_DFU_GPIO))
268 #  ifndef CONFIG_MULTITHREADING
269 #    error "USB DFU Requires MULTITHREADING"
270 #  endif
271 #endif
272 
273 #ifdef CONFIG_BOOT_MAX_IMG_SECTORS
274 
275 #define MCUBOOT_MAX_IMG_SECTORS       CONFIG_BOOT_MAX_IMG_SECTORS
276 
277 #else
278 #define MCUBOOT_MAX_IMG_SECTORS       128
279 #endif
280 
281 #ifdef CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE
282 #define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE
283 #endif
284 
285 #ifdef CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE
286 #define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE
287 #endif
288 
289 #if defined(MCUBOOT_DATA_SHARING) && defined(ZEPHYR_VER_INCLUDE)
290 #include <app_version.h>
291 
292 #define MCUBOOT_VERSION_AVAILABLE
293 #define MCUBOOT_VERSION_MAJOR APP_VERSION_MAJOR
294 #define MCUBOOT_VERSION_MINOR APP_VERSION_MINOR
295 #define MCUBOOT_VERSION_PATCHLEVEL APP_PATCHLEVEL
296 #endif
297 
298 /* Support 32-byte aligned flash sizes */
299 #if DT_HAS_CHOSEN(zephyr_flash)
300     #if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8
301         #define MCUBOOT_BOOT_MAX_ALIGN \
302             DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
303     #endif
304 #endif
305 
306 #ifdef CONFIG_MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
307 #define MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP 1
308 #endif
309 
310 #if CONFIG_BOOT_WATCHDOG_FEED
311 #if CONFIG_NRFX_WDT
312 #include <nrfx_wdt.h>
313 
314 #define FEED_WDT_INST(id)                                    \
315     do {                                                     \
316         nrfx_wdt_t wdt_inst_##id = NRFX_WDT_INSTANCE(id);    \
317         for (uint8_t i = 0; i < NRF_WDT_CHANNEL_NUMBER; i++) \
318         {                                                    \
319             nrf_wdt_reload_request_set(wdt_inst_##id.p_reg,  \
320                 (nrf_wdt_rr_register_t)(NRF_WDT_RR0 + i));   \
321         }                                                    \
322     } while (0)
323 #if defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1)
324 #define MCUBOOT_WATCHDOG_FEED() \
325     do {                        \
326         FEED_WDT_INST(0);       \
327         FEED_WDT_INST(1);       \
328     } while (0)
329 #elif defined(CONFIG_NRFX_WDT0)
330 #define MCUBOOT_WATCHDOG_FEED() \
331     FEED_WDT_INST(0);
332 #elif defined(CONFIG_NRFX_WDT30) && defined(CONFIG_NRFX_WDT31)
333 #define MCUBOOT_WATCHDOG_FEED() \
334     do {                        \
335         FEED_WDT_INST(30);      \
336         FEED_WDT_INST(31);      \
337     } while (0)
338 #elif defined(CONFIG_NRFX_WDT30)
339 #define MCUBOOT_WATCHDOG_FEED() \
340     FEED_WDT_INST(30);
341 #elif defined(CONFIG_NRFX_WDT31)
342 #define MCUBOOT_WATCHDOG_FEED() \
343     FEED_WDT_INST(31);
344 #else
345 #error "No NRFX WDT instances enabled"
346 #endif
347 
348 #elif DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) /* CONFIG_NRFX_WDT */
349 #include <zephyr/device.h>
350 #include <zephyr/drivers/watchdog.h>
351 
352 #define MCUBOOT_WATCHDOG_SETUP()                              \
353     do {                                                      \
354         const struct device* wdt =                            \
355             DEVICE_DT_GET(DT_ALIAS(watchdog0));               \
356         if (device_is_ready(wdt)) {                           \
357             wdt_setup(wdt, 0);                                \
358         }                                                     \
359     } while (0)
360 
361 #define MCUBOOT_WATCHDOG_FEED()                               \
362     do {                                                      \
363         const struct device* wdt =                            \
364             DEVICE_DT_GET(DT_ALIAS(watchdog0));               \
365         if (device_is_ready(wdt)) {                           \
366             wdt_feed(wdt, 0);                                 \
367         }                                                     \
368     } while (0)
369 #else /* DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) */
370 /* No vendor implementation, no-op for historical reasons */
371 #define MCUBOOT_WATCHDOG_FEED()         \
372     do {                                \
373     } while (0)
374 #endif
375 #else  /* CONFIG_BOOT_WATCHDOG_FEED */
376 /* Not enabled, no feed activity */
377 #define MCUBOOT_WATCHDOG_FEED()         \
378     do {                                \
379     } while (0)
380 
381 #endif /* CONFIG_BOOT_WATCHDOG_FEED */
382 
383 #ifndef MCUBOOT_WATCHDOG_SETUP
384 #define MCUBOOT_WATCHDOG_SETUP()
385 #endif
386 
387 #define MCUBOOT_CPU_IDLE() \
388   if (!IS_ENABLED(CONFIG_MULTITHREADING)) { \
389     k_cpu_idle(); \
390   }
391 
392 #endif /* __MCUBOOT_CONFIG_H__ */
393