1# General configuration options
2
3# Copyright (c) 2014-2015 Wind River Systems, Inc.
4# Copyright (c) 2016 Intel Corporation
5# Copyright (c) 2023 Nordic Semiconductor ASA
6# SPDX-License-Identifier: Apache-2.0
7
8config MCUBOOT
9	bool
10	help
11	  Hidden option used to indicate that the current image is MCUBoot
12
13config BOOTLOADER_MCUBOOT
14	bool "MCUboot bootloader support"
15	select USE_DT_CODE_PARTITION
16	imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
17	depends on !MCUBOOT
18	help
19	  This option signifies that the target uses MCUboot as a bootloader,
20	  or in other words that the image is to be chain-loaded by MCUboot.
21	  This sets several required build system and Device Tree options in
22	  order for the image generated to be bootable using the MCUboot open
23	  source bootloader. Currently this includes:
24
25	    * Setting ROM_START_OFFSET to a default value that allows space
26	      for the MCUboot image header
27	    * Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
28	      (or Armv8-M baseline) targets with no built-in vector relocation
29	      mechanisms
30
31	  By default, this option instructs Zephyr to initialize the core
32	  architecture HW registers during boot, when this is supported by
33	  the application. This removes the need by MCUboot to reset
34	  the core registers' state itself.
35
36if BOOTLOADER_MCUBOOT
37
38config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
39	string "Extra parameters to west sign"
40	default "--quiet"
41	help
42	  Parameters that are passed by cmake to west sign, just after
43	  the command, before all other parameters needed for image
44	  signing.
45	  By default this is set to "--quiet" to prevent extra, non-error,
46	  diagnostic messages from west sign. This does not affect signing
47	  tool for which extra parameters are passed with
48	  MCUBOOT_EXTRA_IMGTOOL_ARGS.
49
50config MCUBOOT_SIGNATURE_KEY_FILE
51	string "Path to the mcuboot signing key file"
52	default ""
53	depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
54	help
55	  The file contains a key pair whose public half is verified
56	  by your target's MCUboot image. The file is in PEM format.
57
58	  If set to a non-empty value, the build system tries to
59	  sign the final binaries using a 'west sign -t imgtool' command.
60	  The signed binaries are placed in the build directory
61	  at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
62
63	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
64	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
65	  and CONFIG_BUILD_OUTPUT_HEX.
66
67	  This option should contain a path to the same file as the
68	  BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
69	  may be absolute or relative to the west workspace topdir. (The MCUboot
70	  config option is used for the MCUboot bootloader image; this option is
71	  for your application which is to be loaded by MCUboot. The MCUboot
72	  config option can be a relative path from the MCUboot repository
73	  root.)
74
75	  If left empty, you must sign the Zephyr binaries manually.
76
77config MCUBOOT_ENCRYPTION_KEY_FILE
78	string "Path to the mcuboot encryption key file"
79	default ""
80	depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
81	help
82	  The file contains the public key that is used to encrypt the
83	  ephemeral key that encrypts the image. The corresponding
84	  private key is hard coded in the MCUboot source code and is
85	  used to decrypt the ephemeral key that is embedded in the
86	  image. The file is in PEM format.
87
88	  If set to a non-empty value, the build system tries to
89	  sign and encrypt the final binaries using a 'west sign -t imgtool'
90	  command. The binaries are placed in the build directory at
91	  zephyr/zephyr.signed.encrypted.bin and
92	  zephyr/zephyr.signed.encrypted.hex.
93
94	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
95	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
96	  and CONFIG_BUILD_OUTPUT_HEX.
97
98	  This option should either be an absolute path or a path relative to
99	  the west workspace topdir.
100	  Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
101
102	  If left empty, you must encrypt the Zephyr binaries manually.
103
104config MCUBOOT_IMGTOOL_SIGN_VERSION
105	string "Version to pass to imgtool when signing"
106	default "$(VERSION_MAJOR).$(VERSION_MINOR).$(PATCHLEVEL)" if "$(VERSION_MAJOR)" != ""
107	default "0.0.0+0"
108	help
109	  When signing with imgtool then this setting will be passed as version
110	  argument to the tool.
111	  The format is major.minor.revision+build.
112
113config MCUBOOT_EXTRA_IMGTOOL_ARGS
114	string "Extra arguments to pass to imgtool when signing"
115	default ""
116	help
117	  When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
118	  string) you can use this option to pass extra options to
119	  imgtool.  For example, you could set this to "--version 1.2".
120
121config MCUBOOT_GENERATE_UNSIGNED_IMAGE
122	bool "Generate unsigned binary image bootable with MCUboot"
123	help
124	  Enabling this configuration allows automatic unsigned binary image
125	  generation when MCUboot signing key is not provided,
126	  i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
127
128config MCUBOOT_GENERATE_CONFIRMED_IMAGE
129	bool "Also generate a padded, confirmed image"
130	help
131	  The signed, padded, and confirmed binaries are placed in the build
132	  directory at zephyr/zephyr.signed.confirmed.bin and
133	  zephyr/zephyr.signed.confirmed.hex.
134
135	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
136	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
137	  and CONFIG_BUILD_OUTPUT_HEX.
138
139choice MCUBOOT_BOOTLOADER_MODE
140	prompt "Application assumed MCUboot mode of operation"
141	default MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH # MCUBOOT_BOOTLOADER_MODE
142	help
143	  Informs application build on assumed MCUboot mode of operation.
144	  This is important for validataing application against DT configuration,
145	  which is done by west sign.
146
147config MCUBOOT_BOOTLOADER_MODE_SINGLE_APP
148	bool "MCUboot has been configured for single slot execution"
149	help
150	  MCUboot will only boot slot0_partition placed application and does
151	  not care about other slots. In this mode application is not able
152	  to DFU its own update to secondary slot and all updates need to
153	  be performed using MCUboot serial recovery.
154
155config MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH
156	bool "MCUboot has been configured for swap without scratch operation"
157	help
158	  MCUboot expects slot0_partition and slot1_partition to be present
159	  in DT and application will boot from slot0_partition.
160
161config MCUBOOT_BOOTLOADER_MODE_SWAP_SCRATCH
162	bool "MCUboot has been configured for swap using scratch operation"
163	help
164	  MCUboot expects slot0_partition, slot1_partition and scratch_partition
165	  to be present in DT, and application will boot from slot0_partition.
166	  In this mode scratch_partition is used as temporary storage when
167	  MCUboot swaps application from the secondary slot to the primary
168	  slot.
169
170config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
171	bool "MCUboot has been configured for DirectXIP operation"
172	help
173	  MCUboot expects slot0_partition and slot1_partition to exist in DT.
174	  In this mode MCUboot can boot from either partition and will
175	  select one with higher application image version, which usually
176	  means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER
177	  is also selected that enables comparison of build number.
178
179endchoice # MCUBOOT_BOOTLOADER_MODE
180
181endif # BOOTLOADER_MCUBOOT
182
183menuconfig MCUBOOT_BOOTUTIL_LIB
184	bool "MCUboot utility library"
185	help
186	  Enable MCUboot utility library which implements functions
187	  required by the chain-loaded application and the MCUboot.
188
189if MCUBOOT_BOOTUTIL_LIB
190
191# hidden option for disabling module-own log configuration
192# while building MCUboot bootloader
193config MCUBOOT_BOOTUTIL_LIB_OWN_LOG
194	bool
195	default y
196
197if MCUBOOT_BOOTUTIL_LIB_OWN_LOG
198module = MCUBOOT_UTIL
199module-str = MCUboot bootutil
200source "subsys/logging/Kconfig.template.log_config"
201endif
202
203config BOOT_IMAGE_ACCESS_HOOKS
204	bool "Hooks for overriding MCUboot's bootutil native routines"
205	help
206	  Allow to provide procedures for override or extend native
207	  MCUboot's routines required for access the image data.
208	  It is up to the application project to add source file which
209	  implements hooks to the build.
210
211endif # MCUBOOT_BOOTUTIL_LIB
212