1# Copyright (c) 2018-2023 O.S.Systems
2# SPDX-License-Identifier: Apache-2.0
3
4menuconfig UPDATEHUB
5	bool "UpdateHub Firmware Over-the-Air support"
6	depends on FLASH
7	depends on REBOOT
8	depends on IMG_MANAGER
9	depends on BOOTLOADER_MCUBOOT
10	depends on NETWORKING
11	depends on NET_UDP
12	depends on NET_SOCKETS
13	depends on COAP
14	depends on DNS_RESOLVER
15	depends on JSON_LIBRARY
16	depends on HWINFO
17	select REQUIRES_FULL_LIBC
18	select IMG_ENABLE_IMAGE_CHECK
19	select MPU_ALLOW_FLASH_WRITE
20	select MBEDTLS if !BUILD_WITH_TFM
21	select MBEDTLS_SHA256 if !PSA_CRYPTO_CLIENT
22	help
23	  UpdateHub is an enterprise-grade solution which makes simple to
24	  remotely update all your embedded devices in the field. It
25	  handles all aspects related to sending Firmware Over-the-Air
26	  (FOTA) updates with maximum security and efficiency, while you
27	  focus in adding value to your product.
28
29if UPDATEHUB
30config UPDATEHUB_POLL_INTERVAL
31	int "Time to poll interval (in minutes)"
32	default 1440
33	range 0 43200
34	help
35	  Set the interval that the UpdateHub update server will be polled.
36	  This time interval is zero and 43200 minutes(30 days).
37
38config UPDATEHUB_PRODUCT_UID
39	string "Product Unique Identifier (UID)"
40	help
41	  The product unique identifier is used when communicating
42	  with the UpdateHub server.
43
44config UPDATEHUB_SUPPORTED_HARDWARE_MAX
45	int "Max number of supported hardware"
46	default 1
47	range 1 100
48	help
49	  Configure the max number of supported hardware
50	  by the same image.
51
52config UPDATEHUB_CE
53	bool "Use UpdateHub Community Edition Sever"
54	help
55	  Allow the use of UpdateHub Community
56	  Server (updatehub-ce) as alternative to the
57	  updatehub.io enterprise server.
58
59config UPDATEHUB_SERVER
60	string "User address for the updatehub-ce-server"
61	depends on UPDATEHUB_CE
62	help
63	  This configuration is default, if need to use
64	  other address, must be set on the UpdateHub shell
65
66config UPDATEHUB_SHELL
67	bool "UpdateHub shell utilities"
68	depends on SHELL
69	select KERNEL_SHELL
70	help
71	  Activate shell module that provides UpdateHub commands like
72
73config UPDATEHUB_DTLS
74	bool "Activate communication CoAPS/DTLS"
75	select MBEDTLS
76	select MBEDTLS_ENABLE_HEAP
77	select NET_SOCKETS_SOCKOPT_TLS
78	select NET_SOCKETS_ENABLE_DTLS
79	help
80	  Enables DTLS communication between the UpdateHub
81	  client and the server
82
83config UPDATEHUB_COAP_CONN_TIMEOUT
84	int "CoAP connection timeout in seconds"
85	default 10
86	range 1 360
87	help
88	  Set the CoAP connection timeout value.
89
90config UPDATEHUB_COAP_MAX_RETRY
91	int "Maximum retries attempts to download a packet"
92	default 10
93	range 3 10
94	help
95	  Set the maximum number of retries attempts to download a packet
96	  before abort a current update.
97
98config UPDATEHUB_COAP_BLOCK_SIZE_EXP
99	int "Max CoAP block size defined as 2^(4 + EXP)"
100	default 6
101	range 0 6
102	help
103	  Configure the max size of a data payload were value:
104	    0 - COAP_BLOCK_16
105	    1 - COAP_BLOCK_32
106	    2 - COAP_BLOCK_64
107	    3 - COAP_BLOCK_128
108	    4 - COAP_BLOCK_256
109	    5 - COAP_BLOCK_512
110	    6 - COAP_BLOCK_1024
111
112	  This value is mapped directly to enum coap_block_size.
113
114choice
115	prompt "Firmware verification"
116	default UPDATEHUB_DOWNLOAD_STORAGE_SHA256_VERIFICATION
117
118config UPDATEHUB_DOWNLOAD_SHA256_VERIFICATION
119	bool "SHA-256 on download"
120	help
121	  Enables SHA-256 verification of data stream while downloading.
122	  Notice that it does not check whether the image written to a
123	  storage is still valid, it only confirms that what has been
124	  downloaded matches the server side SHA.
125
126	  To check if the data written to permanent storage matches the SHA
127	  simultaneously, enable "Both download and flash verifications"
128	  option.
129
130config UPDATEHUB_STORAGE_SHA256_VERIFICATION
131	bool "SHA-256 from flash"
132	help
133	  Enables SHA-256 verification of stored data stream.  When this
134	  option is enabled, the data stream will be read back from the
135	  storage and verified with SHA to make sure that it has been
136	  correctly written.
137
138	  To check if the download data stream matches the SHA simultaneously,
139	  enable "Both download and flash verifications" option.
140
141config UPDATEHUB_DOWNLOAD_STORAGE_SHA256_VERIFICATION
142	bool "SHA-256 from both download and flash"
143	help
144	  Enables SHA-256 verification on both data stream while downloading
145	  and stored data stream on flash.
146
147	  It is advised to leave this option enabled.
148
149endchoice
150
151module = UPDATEHUB
152module-str = Log level for UpdateHub
153module-help = Enables logging for UpdateHub code.
154source "subsys/logging/Kconfig.template.log_config"
155
156endif
157