1 /*
2  * Copyright (c) 2023 Espressif Systems (Shanghai) Co., Ltd.
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #ifndef __MCUBOOT_CONFIG_H__
8 #define __MCUBOOT_CONFIG_H__
9 
10 /*
11  * Signature types
12  *
13  * You must choose exactly one signature type - check bootloader.conf
14  * configuration file
15  */
16 
17 /* Uncomment for RSA signature support */
18 #if defined(CONFIG_ESP_SIGN_RSA)
19 #define MCUBOOT_SIGN_RSA
20 #  if (CONFIG_ESP_SIGN_RSA_LEN != 2048 && \
21        CONFIG_ESP_SIGN_RSA_LEN != 3072)
22 #    error "Invalid RSA key size (must be 2048 or 3072)"
23 #  else
24 #    define MCUBOOT_SIGN_RSA_LEN CONFIG_ESP_SIGN_RSA_LEN
25 #  endif
26 #elif defined(CONFIG_ESP_SIGN_EC256)
27 #define MCUBOOT_SIGN_EC256
28 #elif defined(CONFIG_ESP_SIGN_ED25519)
29 #define MCUBOOT_SIGN_ED25519
30 #endif
31 
32 #if defined(CONFIG_SECURE_FLASH_ENC_ENABLED)
33 #define MCUBOOT_BOOT_MAX_ALIGN 32
34 #endif
35 
36 /*
37  * Upgrade mode
38  *
39  * The default is to support A/B image swapping with rollback.  Other modes
40  * with simpler code path, which only supports overwriting the existing image
41  * with the update image or running the newest image directly from its flash
42  * partition, are also available.
43  *
44  * You can enable only one mode at a time from the list below to override
45  * the default upgrade mode.
46  */
47 
48 /* Uncomment to enable the overwrite-only code path. */
49 /* #define MCUBOOT_OVERWRITE_ONLY */
50 
51 #ifdef MCUBOOT_OVERWRITE_ONLY
52 /* Uncomment to only erase and overwrite those primary slot sectors needed
53  * to install the new image, rather than the entire image slot. */
54 /* #define MCUBOOT_OVERWRITE_ONLY_FAST */
55 #endif
56 
57 /* Uncomment to enable the direct-xip code path. */
58 /* #define MCUBOOT_DIRECT_XIP */
59 
60 /* Uncomment to enable the ram-load code path. */
61 /* #define MCUBOOT_RAM_LOAD */
62 
63 /*
64  * Cryptographic settings
65  *
66  * You must choose between Mbed TLS and Tinycrypt as source of
67  * cryptographic primitives. Other cryptographic settings are also
68  * available.
69  */
70 
71 /* Uncomment to use Mbed TLS cryptographic primitives */
72 #if defined(CONFIG_ESP_USE_MBEDTLS)
73 #define MCUBOOT_USE_MBED_TLS
74 #else
75 /* MCUboot requires the definition of a crypto lib,
76  * using Tinycrypt as default */
77 #define MCUBOOT_USE_TINYCRYPT
78 #endif
79 
80 /*
81  * Always check the signature of the image in the primary slot before booting,
82  * even if no upgrade was performed. This is recommended if the boot
83  * time penalty is acceptable.
84  */
85 #define MCUBOOT_VALIDATE_PRIMARY_SLOT
86 
87 #ifdef CONFIG_ESP_DOWNGRADE_PREVENTION
88 #define MCUBOOT_DOWNGRADE_PREVENTION 1
89 /* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is
90  * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in
91  * preprocessor condition and my be not defined) */
92 #  ifdef CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER
93 #    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1
94 #  else
95 #    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0
96 #  endif
97 #endif
98 
99 /*
100  * Flash abstraction
101  */
102 
103 /* Uncomment if your flash map API supports flash_area_get_sectors().
104  * See the flash APIs for more details. */
105 #define MCUBOOT_USE_FLASH_AREA_GET_SECTORS
106 
107 /* Default maximum number of flash sectors per image slot; change
108  * as desirable. */
109 #define MCUBOOT_MAX_IMG_SECTORS 512
110 
111 /* Default number of separately updateable images; change in case of
112  * multiple images. */
113 #if defined(CONFIG_ESP_IMAGE_NUMBER)
114 #define MCUBOOT_IMAGE_NUMBER CONFIG_ESP_IMAGE_NUMBER
115 #else
116 #define MCUBOOT_IMAGE_NUMBER 1
117 #endif
118 
119 /*
120  * Logging
121  */
122 
123 /*
124  * If logging is enabled the following functions must be defined by the
125  * platform:
126  *
127  *    MCUBOOT_LOG_MODULE_REGISTER(domain)
128  *      Register a new log module and add the current C file to it.
129  *
130  *    MCUBOOT_LOG_MODULE_DECLARE(domain)
131  *      Add the current C file to an existing log module.
132  *
133  *    MCUBOOT_LOG_ERR(...)
134  *    MCUBOOT_LOG_WRN(...)
135  *    MCUBOOT_LOG_INF(...)
136  *    MCUBOOT_LOG_DBG(...)
137  *
138  * The function priority is:
139  *
140  *    MCUBOOT_LOG_ERR > MCUBOOT_LOG_WRN > MCUBOOT_LOG_INF > MCUBOOT_LOG_DBG
141  */
142 #define MCUBOOT_HAVE_LOGGING 1
143 /* #define MCUBOOT_LOG_LEVEL MCUBOOT_LOG_LEVEL_INFO */
144 
145 /*
146  * Assertions
147  */
148 
149 /* Uncomment if your platform has its own mcuboot_config/mcuboot_assert.h.
150  * If so, it must provide an ASSERT macro for use by bootutil. Otherwise,
151  * "assert" is used. */
152 #define MCUBOOT_HAVE_ASSERT_H 1
153 
154 #ifdef CONFIG_ESP_MCUBOOT_SERIAL
155 #define CONFIG_MCUBOOT_SERIAL
156 #endif
157 
158 /*
159  * When a serial recovery process is receiving the image data, this option
160  * enables it to erase flash progressively (by sectors) instead of the
161  * default behavior that is erasing whole image size of flash area after
162  * receiving first frame.
163  * Enabling this options prevents stalling the beginning of transfer
164  * for the time needed to erase large chunk of flash.
165  */
166 #ifdef CONFIG_ESP_MCUBOOT_ERASE_PROGRESSIVELY
167 #define MCUBOOT_ERASE_PROGRESSIVELY
168 #endif
169 
170 /* Serial extensions are not implemented
171  */
172 #define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0
173 
174 /*
175  * Watchdog feeding
176  */
177 
178 /* This macro might be implemented if the OS / HW watchdog is enabled while
179  * doing a swap upgrade and the time it takes for a swapping is long enough
180  * to cause an unwanted reset. If implementing this, the OS main.c must also
181  * enable the watchdog (if required)!
182  */
183 #include <bootloader_wdt.h>
184   #define MCUBOOT_WATCHDOG_FEED() \
185       do { \
186           bootloader_wdt_feed(); \
187       } while (0)
188 
189 #define MCUBOOT_CPU_IDLE() \
190     do {                   \
191     } while (0)
192 
193 #endif /* __MCUBOOT_CONFIG_H__ */
194