1# General configuration options
2
3# Copyright (c) 2014-2015 Wind River Systems, Inc.
4# Copyright (c) 2016 Intel Corporation
5# Copyright (c) 2023 Nordic Semiconductor ASA
6# SPDX-License-Identifier: Apache-2.0
7
8config MCUBOOT
9	bool
10	help
11	  Hidden option used to indicate that the current image is MCUBoot
12
13config BOOTLOADER_MCUBOOT
14	bool "MCUboot bootloader support"
15	select USE_DT_CODE_PARTITION
16	imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
17	depends on !MCUBOOT
18	help
19	  This option signifies that the target uses MCUboot as a bootloader,
20	  or in other words that the image is to be chain-loaded by MCUboot.
21	  This sets several required build system and Device Tree options in
22	  order for the image generated to be bootable using the MCUboot open
23	  source bootloader. Currently this includes:
24
25	    * Setting ROM_START_OFFSET to a default value that allows space
26	      for the MCUboot image header
27	    * Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
28	      (or Armv8-M baseline) targets with no built-in vector relocation
29	      mechanisms
30
31	  By default, this option instructs Zephyr to initialize the core
32	  architecture HW registers during boot, when this is supported by
33	  the application. This removes the need by MCUboot to reset
34	  the core registers' state itself.
35
36if BOOTLOADER_MCUBOOT
37
38config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
39	string "Extra parameters to west sign"
40	default "--quiet"
41	help
42	  Parameters that are passed by cmake to west sign, just after
43	  the command, before all other parameters needed for image
44	  signing.
45	  By default this is set to "--quiet" to prevent extra, non-error,
46	  diagnostic messages from west sign. This does not affect signing
47	  tool for which extra parameters are passed with
48	  MCUBOOT_EXTRA_IMGTOOL_ARGS.
49
50config MCUBOOT_SIGNATURE_KEY_FILE
51	string "Path to the mcuboot signing key file"
52	default ""
53	depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
54	help
55	  The file contains a key pair whose public half is verified
56	  by your target's MCUboot image. The file is in PEM format.
57
58	  If set to a non-empty value, the build system tries to
59	  sign the final binaries using a 'west sign -t imgtool' command.
60	  The signed binaries are placed in the build directory
61	  at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
62
63	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
64	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
65	  and CONFIG_BUILD_OUTPUT_HEX.
66
67	  This option should contain a path to the same file as the
68	  BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
69	  may be absolute or relative to the west workspace topdir. (The MCUboot
70	  config option is used for the MCUboot bootloader image; this option is
71	  for your application which is to be loaded by MCUboot. The MCUboot
72	  config option can be a relative path from the MCUboot repository
73	  root.)
74
75	  If left empty, you must sign the Zephyr binaries manually.
76
77config MCUBOOT_ENCRYPTION_KEY_FILE
78	string "Path to the mcuboot encryption key file"
79	default ""
80	depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
81	help
82	  The file contains the public key that is used to encrypt the
83	  ephemeral key that encrypts the image. The corresponding
84	  private key is hard coded in the MCUboot source code and is
85	  used to decrypt the ephemeral key that is embedded in the
86	  image. The file is in PEM format.
87
88	  If set to a non-empty value, the build system tries to
89	  sign and encrypt the final binaries using a 'west sign -t imgtool'
90	  command. The binaries are placed in the build directory at
91	  zephyr/zephyr.signed.encrypted.bin and
92	  zephyr/zephyr.signed.encrypted.hex.
93
94	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
95	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
96	  and CONFIG_BUILD_OUTPUT_HEX.
97
98	  This option should either be an absolute path or a path relative to
99	  the west workspace topdir.
100	  Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
101
102	  If left empty, you must encrypt the Zephyr binaries manually.
103
104config MCUBOOT_IMGTOOL_SIGN_VERSION
105	string "Version to pass to imgtool when signing"
106	default "$(VERSION_MAJOR).$(VERSION_MINOR).$(PATCHLEVEL)+$(VERSION_TWEAK)" if "$(VERSION_MAJOR)" != ""
107	default "0.0.0+0"
108	help
109	  When signing with imgtool then this setting will be passed as version
110	  argument to the tool.
111	  The format is major.minor.revision+build.
112
113config MCUBOOT_EXTRA_IMGTOOL_ARGS
114	string "Extra arguments to pass to imgtool when signing"
115	default ""
116	help
117	  When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
118	  string) you can use this option to pass extra options to
119	  imgtool. For example, you could set this to "--version 1.2".
120
121config MCUBOOT_GENERATE_UNSIGNED_IMAGE
122	bool "Generate unsigned binary image bootable with MCUboot"
123	help
124	  Enabling this configuration allows automatic unsigned binary image
125	  generation when MCUboot signing key is not provided,
126	  i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
127
128config MCUBOOT_GENERATE_CONFIRMED_IMAGE
129	bool "Also generate a padded, confirmed image"
130	help
131	  The signed, padded, and confirmed binaries are placed in the build
132	  directory at zephyr/zephyr.signed.confirmed.bin and
133	  zephyr/zephyr.signed.confirmed.hex.
134
135	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
136	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
137	  and CONFIG_BUILD_OUTPUT_HEX.
138
139menu "On board MCUboot operation mode"
140
141choice MCUBOOT_BOOTLOADER_MODE
142	prompt "Application assumed MCUboot mode of operation"
143	default MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH # MCUBOOT_BOOTLOADER_MODE
144	help
145	  Informs application build on assumed MCUboot mode of operation.
146	  This is important for validataing application against DT configuration,
147	  which is done by west sign.
148
149config MCUBOOT_BOOTLOADER_MODE_SINGLE_APP
150	bool "MCUboot has been configured for single slot execution"
151	help
152	  MCUboot will only boot slot0_partition placed application and does
153	  not care about other slots. In this mode application is not able
154	  to DFU its own update to secondary slot and all updates need to
155	  be performed using MCUboot serial recovery.
156
157config MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH
158	bool "MCUboot has been configured for swap without scratch operation"
159	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
160	help
161	  MCUboot expects slot0_partition and slot1_partition to be present
162	  in DT and application will boot from slot0_partition.
163	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
164	  if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
165
166config MCUBOOT_BOOTLOADER_MODE_SWAP_SCRATCH
167	bool "MCUboot has been configured for swap using scratch operation"
168	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
169	help
170	  MCUboot expects slot0_partition, slot1_partition and scratch_partition
171	  to be present in DT, and application will boot from slot0_partition.
172	  In this mode scratch_partition is used as temporary storage when
173	  MCUboot swaps application from the secondary slot to the primary
174	  slot.
175	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
176	  if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
177
178config MCUBOOT_BOOTLOADER_MODE_OVERWRITE_ONLY
179	bool "MCUboot has been configured to just overwrite primary slot"
180	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
181	help
182	  MCUboot will take contents of secondary slot of an image and will
183	  overwrite primary slot with it.
184	  In this mode it is not possible to revert back to previous version
185	  as it is not stored in the secondary slot.
186	  This mode supports MCUBOOT_BOOTLOADER_NO_DOWNGRADE which means
187	  that the overwrite will not happen unless the version of secondary
188	  slot is higher than the version in primary slot.
189
190config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
191	bool "MCUboot has been configured for DirectXIP operation"
192	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
193	select MCUBOOT_BOOTLOADER_NO_DOWNGRADE
194	help
195	  MCUboot expects slot0_partition and slot1_partition to exist in DT.
196	  In this mode MCUboot can boot from either partition and will
197	  select one with higher application image version, which usually
198	  means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER
199	  is also selected that enables comparison of build number.
200	  This option automatically selectes
201	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
202	  to swap back to older version of application.
203
204config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT
205	bool "MCUboot has been configured for DirectXIP with revert"
206	select MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
207	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
208	select MCUBOOT_BOOTLOADER_NO_DOWNGRADE
209	help
210	  MCUboot expects slot0_partition and slot1_partition to exist in DT.
211	  In this mode MCUboot will boot the application with the higher version
212	  from either slot, as long as it has been marked to be boot
213	  next time for test or permanently. In case when application is marked
214	  for test it needs to confirm itself, on the first boot, or it will
215	  be removed and MCUboot will revert to booting previously approved
216	  application.
217	  This mode does not allow freely switching between application
218	  versions, as, once higher version application is approved, it is
219	  not possible to select lower version for boot.
220	  This mode selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
221	  to downgrade running application, but note that MCUboot may do that
222	  if application with higher version will not get confirmed.
223
224endchoice # MCUBOOT_BOOTLOADER_MODE
225
226config MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
227	bool
228	help
229	  Selected mode supports downgrade prevention, where you cannot switch to
230	  an application with lower version than the currently running application.
231
232if MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
233config MCUBOOT_BOOTLOADER_NO_DOWNGRADE
234	bool "MCUboot mode has downgrade prevention enabled"
235	help
236	  Selected MCUboot mode has downgrade prevention enabled, where you are not
237	  able to change back to image with lower version number.
238	  This options should be selected when MCUboot has been built with
239	  MCUBOOT_DOWNGRADE_PREVENTION option enabled.
240endif
241
242endmenu # On board MCUboot operation mode
243
244endif # BOOTLOADER_MCUBOOT
245
246menuconfig MCUBOOT_BOOTUTIL_LIB
247	bool "MCUboot utility library"
248	help
249	  Enable MCUboot utility library which implements functions
250	  required by the chain-loaded application and the MCUboot.
251
252if MCUBOOT_BOOTUTIL_LIB
253
254# hidden option for disabling module-own log configuration
255# while building MCUboot bootloader
256config MCUBOOT_BOOTUTIL_LIB_OWN_LOG
257	bool
258	default y
259
260if MCUBOOT_BOOTUTIL_LIB_OWN_LOG
261module = MCUBOOT_UTIL
262module-str = MCUboot bootutil
263source "subsys/logging/Kconfig.template.log_config"
264endif
265
266config BOOT_IMAGE_ACCESS_HOOKS
267	bool "Hooks for overriding MCUboot's bootutil native routines"
268	help
269	  Allow to provide procedures for override or extend native
270	  MCUboot's routines required for access the image data.
271	  It is up to the application project to add source file which
272	  implements hooks to the build.
273
274if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT
275
276config MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
277	bool
278	help
279	  Adds support for setting for test and confirming images
280	  when bootloader is in DirectXIP-revert mode.
281endif
282
283endif # MCUBOOT_BOOTUTIL_LIB
284