1# Licensed to the Apache Software Foundation (ASF) under one 2# or more contributor license agreements. See the NOTICE file 3# distributed with this work for additional information 4# regarding copyright ownership. The ASF licenses this file 5# to you under the Apache License, Version 2.0 (the 6# "License"); you may not use this file except in compliance 7# with the License. You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, 12# software distributed under the License is distributed on an 13# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14# KIND, either express or implied. See the License for the 15# specific language governing permissions and limitations 16# under the License. 17# 18 19# Package: boot/mynewt/mcuboot_config 20 21syscfg.defs: 22 BOOTUTIL_IMAGE_NUMBER: 23 description: 'Number of images for multi-image (0 and 1 mean single image).' 24 value: 0 25 BOOTUTIL_VALIDATE_SLOT0: 26 description: 'Validate image at slot 0 on each boot.' 27 value: 0 28 BOOTUTIL_SIGN_RSA: 29 description: 'Images are signed using RSA.' 30 value: 0 31 BOOTUTIL_SIGN_RSA_LEN: 32 description: 'Key size for RSA keys (2048 or 3072).' 33 value: 2048 34 BOOTUTIL_SIGN_EC256: 35 description: 'Images are signed using ECDSA NIST P-256.' 36 value: 0 37 BOOTUTIL_SIGN_ED25519: 38 description: 'Images are signed using ED25519.' 39 value: 0 40 BOOTUTIL_ENCRYPT_RSA: 41 description: 'Support for encrypted images using RSA-2048-OAEP.' 42 value: 0 43 BOOTUTIL_ENCRYPT_KW: 44 description: 'Support for encrypted images using AES-128-Keywrap.' 45 value: 0 46 BOOTUTIL_ENCRYPT_EC256: 47 description: 'Support for encrypted images using ECIES-P256.' 48 value: 0 49 BOOTUTIL_ENCRYPT_X25519: 50 description: 'Support for encrypted images using ECIES-X25519.' 51 value: 0 52 BOOTUTIL_USE_MBED_TLS: 53 description: 'Use mbed TLS for crypto operations.' 54 value: 1 55 BOOTUTIL_USE_TINYCRYPT: 56 description: 'Use tinycrypt for crypto operations.' 57 value: 0 58 BOOTUTIL_SWAP_USING_MOVE: 59 description: 'Perform swap without requiring scratch.' 60 value: 0 61 BOOTUTIL_SWAP_SAVE_ENCTLV: 62 description: 'Save TLVs instead of plaintext encryption keys in swap status.' 63 value: 0 64 BOOTUTIL_OVERWRITE_ONLY: 65 description: 'Non-swapping upgrades, copy from slot 1 to slot 0 only.' 66 value: 0 67 BOOTUTIL_OVERWRITE_ONLY_FAST: 68 description: 'Use faster copy only upgrade.' 69 value: 1 70 BOOTUTIL_SINGLE_APPLICATION_SLOT: 71 description: 'Set to one if there is only one slot.' 72 value: 0 73 BOOTUTIL_IMAGE_FORMAT_V2: 74 description: 'Indicates that system is using v2 of image format.' 75 value: 1 76 BOOTUTIL_MAX_IMG_SECTORS: 77 description: 'Maximum number of sectors that are swapped.' 78 value: 128 79 BOOTUTIL_DOWNGRADE_PREVENTION: 80 description: > 81 Select downgrade prevention strategy. 82 - none downgrades are allowed 83 - version: 84 Prevent downgrades by enforcing incrementing version numbers. 85 When this option is set, any upgrade must have greater major version 86 or greater minor version with equal major version. This mechanism 87 only protects against some attacks against version downgrades (for 88 example, a JTAG could be used to write an older version). 89 - security_counter: 90 security counter is used for version eligibility check instead of pure 91 version. When this option is set, any upgrade must have greater or 92 equal security counter value. 93 Because of the acceptance of equal values it allows for software 94 downgrades to some extent. 95 choices: 96 - none 97 - version 98 - security_counter 99 value: none 100 BOOTUTIL_VERSION_CMP_USE_BUILD_NUMBER: 101 description: > 102 Use build number while comparing image version. 103 By default, the image version comparison relies only on version major, 104 minor and revision. Enable this option to take into account the build 105 number as well. 106 This only affect builds with BOOTUTIL_DOWNGRADE_PREVENTION set to version. 107 value: 0 108 BOOTUTIL_HW_ROLLBACK_PROT: 109 description: > 110 Prevent undesirable/malicious software downgrades. When this option is 111 set, any upgrade must have greater or equal security counter value. 112 Because of the acceptance of equal values it allows for software 113 downgrade to some extent 114 value: 0 115 BOOTUTIL_HAVE_LOGGING: 116 description: 'Enable serial logging' 117 value: 0 118 restrictions: 119 - "!BOOTUTIL_NO_LOGGING" 120 BOOTUTIL_NO_LOGGING: 121 description: 'No serial logging' 122 value: 1 123 restrictions: 124 - "!BOOTUTIL_HAVE_LOGGING" 125 BOOTUTIL_LOG_LEVEL: 126 description: > 127 Default console log level. Valid values are: 128 BOOTUTIL_LOG_LEVEL_OFF 129 BOOTUTIL_LOG_LEVEL_ERROR 130 BOOTUTIL_LOG_LEVEL_WARNING 131 BOOTUTIL_LOG_LEVEL_INFO 132 BOOTUTIL_LOG_LEVEL_DEBUG 133 value: 'BOOTUTIL_LOG_LEVEL_INFO' 134 BOOTUTIL_BOOTSTRAP: 135 description: 'Support bootstrapping slot0 from slot1, if slot0 is empty' 136 value: 0 137 BOOTUTIL_FEED_WATCHDOG: 138 description: 'Enable watchdog feeding while performing a swap upgrade' 139 value: 0 140 141 MCUBOOT_MEASURED_BOOT: 142 description: > 143 Store the boot state/measurements in shared memory. 144 If enabled, the bootloader will store certain boot measurements such as 145 the hash of the firmware image in a shared memory area. This data can 146 be used later by runtime services (e.g. by a device attestation service). 147 value: 148 MCUBOOT_MEASURED_BOOT_MAX_RECORD_SZ: 149 description: the maximum size of the CBOR encoded boot record in bytes. 150 value: 151 MCUBOOT_DATA_SHARING: 152 description: Save application specific data in shared memory (RAM). 153 value: 154 MCUBOOT_SHARED_DATA_BASE: 155 description: RAM address of shared data 156 value: 157 MCUBOOT_SHARED_DATA_SIZE: 158 description: Shared data size. 159 value: 160
