1# General configuration options
2
3# Copyright (c) 2014-2015 Wind River Systems, Inc.
4# Copyright (c) 2016 Intel Corporation
5# Copyright (c) 2023 Nordic Semiconductor ASA
6# SPDX-License-Identifier: Apache-2.0
7
8config MCUBOOT
9	bool
10	help
11	  Hidden option used to indicate that the current image is MCUBoot
12
13config BOOTLOADER_MCUBOOT
14	bool "MCUboot bootloader support"
15	select USE_DT_CODE_PARTITION if !MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
16	imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
17	depends on !MCUBOOT
18	help
19	  This option signifies that the target uses MCUboot as a bootloader,
20	  or in other words that the image is to be chain-loaded by MCUboot.
21	  This sets several required build system and Device Tree options in
22	  order for the image generated to be bootable using the MCUboot open
23	  source bootloader. Currently this includes:
24
25	    * Setting ROM_START_OFFSET to a default value that allows space
26	      for the MCUboot image header
27	    * Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
28	      (or Armv8-M baseline) targets with no built-in vector relocation
29	      mechanisms
30
31	  By default, this option instructs Zephyr to initialize the core
32	  architecture HW registers during boot, when this is supported by
33	  the application. This removes the need by MCUboot to reset
34	  the core registers' state itself.
35
36if BOOTLOADER_MCUBOOT
37
38config MCUBOOT_SIGNATURE_KEY_FILE
39	string "Path to the mcuboot signing key file"
40	default ""
41	depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
42	help
43	  The file contains a key pair whose public half is verified
44	  by your target's MCUboot image. The file is in PEM format.
45
46	  If set to a non-empty value, the build system tries to
47	  sign the final binaries using a 'west sign -t imgtool' command.
48	  The signed binaries are placed in the build directory
49	  at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
50
51	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
52	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
53	  and CONFIG_BUILD_OUTPUT_HEX.
54
55	  This option should contain a path to the same file as the
56	  BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
57	  may be absolute or relative to the west workspace topdir. (The MCUboot
58	  config option is used for the MCUboot bootloader image; this option is
59	  for your application which is to be loaded by MCUboot. The MCUboot
60	  config option can be a relative path from the MCUboot repository
61	  root.)
62
63	  If left empty, you must sign the Zephyr binaries manually.
64
65config MCUBOOT_ENCRYPTION_KEY_FILE
66	string "Path to the mcuboot encryption key file"
67	default ""
68	depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
69	help
70	  The file contains the public key that is used to encrypt the
71	  ephemeral key that encrypts the image. The corresponding
72	  private key is hard coded in the MCUboot source code and is
73	  used to decrypt the ephemeral key that is embedded in the
74	  image. The file is in PEM format.
75
76	  If set to a non-empty value, the build system tries to
77	  sign and encrypt the final binaries using a 'west sign -t imgtool'
78	  command. The binaries are placed in the build directory at
79	  zephyr/zephyr.signed.encrypted.bin and
80	  zephyr/zephyr.signed.encrypted.hex.
81
82	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
83	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
84	  and CONFIG_BUILD_OUTPUT_HEX.
85
86	  This option should either be an absolute path or a path relative to
87	  the west workspace topdir.
88	  Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
89
90	  If left empty, you must encrypt the Zephyr binaries manually.
91
92config MCUBOOT_IMGTOOL_SIGN_VERSION
93	string "Version to pass to imgtool when signing"
94	default "$(APP_VERSION_TWEAK_STRING)" if "$(VERSION_MAJOR)" != ""
95	default "0.0.0+0"
96	help
97	  When signing with imgtool then this setting will be passed as version
98	  argument to the tool.
99	  The format is major.minor.revision+build.
100
101config MCUBOOT_IMGTOOL_OVERWRITE_ONLY
102	bool "Use overwrite-only instead of swap upgrades"
103	help
104	  If enabled, --overwrite-only option passed to imgtool to avoid
105	  adding the swap status area size when calculating overflow.
106
107config MCUBOOT_EXTRA_IMGTOOL_ARGS
108	string "Extra arguments to pass to imgtool when signing"
109	default ""
110	help
111	  When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
112	  string) you can use this option to pass extra options to
113	  imgtool. For example, you could set this to "--version 1.2".
114
115config MCUBOOT_GENERATE_UNSIGNED_IMAGE
116	bool "Generate unsigned binary image bootable with MCUboot"
117	help
118	  Enabling this configuration allows automatic unsigned binary image
119	  generation when MCUboot signing key is not provided,
120	  i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
121
122config MCUBOOT_GENERATE_CONFIRMED_IMAGE
123	bool "Also generate a padded, confirmed image"
124	help
125	  The signed, padded, and confirmed binaries are placed in the build
126	  directory at zephyr/zephyr.signed.confirmed.bin and
127	  zephyr/zephyr.signed.confirmed.hex.
128
129	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
130	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
131	  and CONFIG_BUILD_OUTPUT_HEX.
132
133menu "On board MCUboot operation mode"
134
135choice MCUBOOT_BOOTLOADER_MODE
136	prompt "Application assumed MCUboot mode of operation"
137	default MCUBOOT_BOOTLOADER_MODE_SWAP_USING_MOVE
138	help
139	  Informs application build on assumed MCUboot mode of operation.
140	  This is important for validataing application against DT configuration,
141	  which is done by west sign.
142
143config MCUBOOT_BOOTLOADER_MODE_SINGLE_APP
144	bool "MCUboot has been configured for single slot execution"
145	select MCUBOOT_IMGTOOL_OVERWRITE_ONLY
146	help
147	  MCUboot will only boot slot0_partition placed application and does
148	  not care about other slots. In this mode application is not able
149	  to DFU its own update to secondary slot and all updates need to
150	  be performed using MCUboot serial recovery.
151
152config MCUBOOT_BOOTLOADER_MODE_SWAP_USING_OFFSET
153	bool "MCUboot has been configured for swap using offset operation"
154	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
155	help
156	  MCUboot expects slot0_partition and slot1_partition to be present
157	  in DT and application will boot from slot0_partition.
158	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
159	  if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
160
161config MCUBOOT_BOOTLOADER_MODE_SWAP_USING_MOVE
162	bool "MCUboot has been configured for swap using move operation"
163	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
164	help
165	  MCUboot expects slot0_partition and slot1_partition to be present
166	  in DT and application will boot from slot0_partition.
167	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
168	  if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
169
170config MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH
171	bool "MCUboot has been configured for swap without scratch operation [DEPRECATED]"
172	select DEPRECATED
173	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
174	help
175	  This Kconfig is deprecated, use MCUBOOT_BOOTLOADER_MODE_SWAP_USING_MOVE instead.
176
177config MCUBOOT_BOOTLOADER_MODE_SWAP_SCRATCH
178	bool "MCUboot has been configured for swap using scratch operation"
179	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
180	help
181	  MCUboot expects slot0_partition, slot1_partition and scratch_partition
182	  to be present in DT, and application will boot from slot0_partition.
183	  In this mode scratch_partition is used as temporary storage when
184	  MCUboot swaps application from the secondary slot to the primary
185	  slot.
186	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected
187	  if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION.
188
189config MCUBOOT_BOOTLOADER_MODE_OVERWRITE_ONLY
190	bool "MCUboot has been configured to just overwrite primary slot"
191	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
192	select MCUBOOT_IMGTOOL_OVERWRITE_ONLY
193	help
194	  MCUboot will take contents of secondary slot of an image and will
195	  overwrite primary slot with it.
196	  In this mode it is not possible to revert back to previous version
197	  as it is not stored in the secondary slot.
198	  This mode supports MCUBOOT_BOOTLOADER_NO_DOWNGRADE which means
199	  that the overwrite will not happen unless the version of secondary
200	  slot is higher than the version in primary slot.
201
202config MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
203	bool "MCUboot has been configured for RAM LOAD operation"
204	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
205	select MCUBOOT_BOOTLOADER_NO_DOWNGRADE
206	help
207	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot
208	  will select the image with the higher version number, copy it to RAM and begin execution
209	  from there. The image must be linked to execute from RAM, the address that it is copied
210	  to is specified using the load-addr argument when running imgtool.
211	  This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
212	  to swap back to older version of the application.
213
214config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
215	bool "MCUboot has been configured for DirectXIP operation"
216	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
217	select MCUBOOT_BOOTLOADER_NO_DOWNGRADE
218	help
219	  MCUboot expects slot0_partition and slot1_partition to exist in DT.
220	  In this mode MCUboot can boot from either partition and will
221	  select one with higher application image version, which usually
222	  means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER
223	  is also selected that enables comparison of build number.
224	  This option automatically selectes
225	  MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
226	  to swap back to older version of application.
227
228config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT
229	bool "MCUboot has been configured for DirectXIP with revert"
230	select MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
231	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
232	select MCUBOOT_BOOTLOADER_NO_DOWNGRADE
233	help
234	  MCUboot expects slot0_partition and slot1_partition to exist in DT.
235	  In this mode MCUboot will boot the application with the higher version
236	  from either slot, as long as it has been marked to be boot
237	  next time for test or permanently. In case when application is marked
238	  for test it needs to confirm itself, on the first boot, or it will
239	  be removed and MCUboot will revert to booting previously approved
240	  application.
241	  This mode does not allow freely switching between application
242	  versions, as, once higher version application is approved, it is
243	  not possible to select lower version for boot.
244	  This mode selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
245	  to downgrade running application, but note that MCUboot may do that
246	  if application with higher version will not get confirmed.
247
248config MCUBOOT_BOOTLOADER_MODE_FIRMWARE_UPDATER
249	bool "MCUboot has been configured in firmware updater mode"
250	select MCUBOOT_IMGTOOL_OVERWRITE_ONLY
251	help
252	  MCUboot will only boot slot0_partition for the main application but has
253	  an entrance mechanism defined for entering the slot1_partition which is
254	  a dedicated firmware updater application used to update the slot0_partition
255	  application.
256
257endchoice # MCUBOOT_BOOTLOADER_MODE
258
259config MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
260	bool
261	help
262	  Selected mode supports downgrade prevention, where you cannot switch to
263	  an application with lower version than the currently running application.
264
265if MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
266config MCUBOOT_BOOTLOADER_NO_DOWNGRADE
267	bool "MCUboot mode has downgrade prevention enabled"
268	help
269	  Selected MCUboot mode has downgrade prevention enabled, where you are not
270	  able to change back to image with lower version number.
271	  This options should be selected when MCUboot has been built with
272	  MCUBOOT_DOWNGRADE_PREVENTION option enabled.
273endif
274
275config MCUBOOT_APPLICATION_FIRMWARE_UPDATER
276	bool "Application is firmware updater image"
277	depends on MCUBOOT_BOOTLOADER_MODE_FIRMWARE_UPDATER
278	help
279	  Select this if the current image is the firmware updater image. This will use slot 1
280	  information when signing the image.
281
282	  Note that the zephyr chosen node ``zephyr,code-partition`` should be set to
283	  ``slot1_partition`` for this image.
284
285endmenu # On board MCUboot operation mode
286
287endif # BOOTLOADER_MCUBOOT
288
289menuconfig MCUBOOT_BOOTUTIL_LIB
290	bool "MCUboot utility library"
291	help
292	  Enable MCUboot utility library which implements functions
293	  required by the chain-loaded application and the MCUboot.
294
295if MCUBOOT_BOOTUTIL_LIB
296
297# hidden option for disabling module-own log configuration
298# while building MCUboot bootloader
299config MCUBOOT_BOOTUTIL_LIB_OWN_LOG
300	bool
301	default y
302
303if MCUBOOT_BOOTUTIL_LIB_OWN_LOG
304module = MCUBOOT_UTIL
305module-str = MCUboot bootutil
306source "subsys/logging/Kconfig.template.log_config"
307endif
308
309config BOOT_IMAGE_ACCESS_HOOKS
310	bool "Hooks for overriding MCUboot's bootutil native routines"
311	help
312	  Allow to provide procedures for override or extend native
313	  MCUboot's routines required for access the image data.
314	  It is up to the application project to add source file which
315	  implements hooks to the build.
316
317if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT
318
319config MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
320	bool
321	help
322	  Adds support for setting for test and confirming images
323	  when bootloader is in DirectXIP-revert mode.
324endif
325
326endif # MCUBOOT_BOOTUTIL_LIB
327