1# Copyright (c) 2017-2020 Linaro Limited 2# Copyright (c) 2020 Arm Limited 3# Copyright (c) 2023 Nordic Semiconductor ASA 4# 5# SPDX-License-Identifier: Apache-2.0 6# 7 8mainmenu "MCUboot configuration" 9 10comment "MCUboot-specific configuration options" 11 12# Hidden option to mark a project as MCUboot 13config MCUBOOT 14 default y 15 bool 16 select MPU_ALLOW_FLASH_WRITE if ARM_MPU 17 select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET 18 select MCUBOOT_BOOTUTIL_LIB 19 20config BOOT_USE_MBEDTLS 21 bool 22 # Hidden option 23 default n 24 help 25 Use mbedTLS for crypto primitives. 26 27config BOOT_USE_TINYCRYPT 28 bool 29 # Hidden option 30 default n 31 # When building for ECDSA, we use our own copy of mbedTLS, so the 32 # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros 33 # will collide. 34 select MBEDTLS_PROMPTLESS if ZEPHYR_MBEDTLS_MODULE 35 help 36 Use TinyCrypt for crypto primitives. 37 38config BOOT_USE_CC310 39 bool 40 # Hidden option 41 default n 42 # When building for ECDSA, we use our own copy of mbedTLS, so the 43 # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros 44 # will collide. 45 help 46 Use cc310 for crypto primitives. 47 48config BOOT_USE_NRF_CC310_BL 49 bool 50 default n 51 52config NRFXLIB_CRYPTO 53 bool 54 default n 55 56config NRF_CC310_BL 57 bool 58 default n 59 60menu "MCUBoot settings" 61 62config SINGLE_APPLICATION_SLOT 63 bool "Single slot bootloader" 64 default n 65 help 66 Single image area is used for application which means that 67 uploading a new application overwrites the one that previously 68 occupied the area. 69 70choice BOOT_SIGNATURE_TYPE 71 prompt "Signature type" 72 default BOOT_SIGNATURE_TYPE_RSA 73 74config BOOT_SIGNATURE_TYPE_NONE 75 bool "No signature; use only hash check" 76 select BOOT_USE_TINYCRYPT 77 78config BOOT_SIGNATURE_TYPE_RSA 79 bool "RSA signatures" 80 select BOOT_USE_MBEDTLS 81 select MBEDTLS 82 select BOOT_ENCRYPTION_SUPPORT 83 84if BOOT_SIGNATURE_TYPE_RSA 85config BOOT_SIGNATURE_TYPE_RSA_LEN 86 int "RSA signature length" 87 range 2048 3072 88 default 2048 89endif 90 91config BOOT_SIGNATURE_TYPE_ECDSA_P256 92 bool "Elliptic curve digital signatures with curve P-256" 93 select BOOT_ENCRYPTION_SUPPORT 94 95if BOOT_SIGNATURE_TYPE_ECDSA_P256 96choice BOOT_ECDSA_IMPLEMENTATION 97 prompt "Ecdsa implementation" 98 default BOOT_ECDSA_TINYCRYPT 99 100config BOOT_ECDSA_TINYCRYPT 101 bool "Use tinycrypt" 102 select BOOT_USE_TINYCRYPT 103 104config BOOT_ECDSA_CC310 105 bool "Use CC310" 106 depends on HAS_HW_NRF_CC310 107 select BOOT_USE_NRF_CC310_BL 108 select NRF_CC310_BL 109 select NRFXLIB_CRYPTO 110 select BOOT_USE_CC310 111endchoice # Ecdsa implementation 112endif 113 114config BOOT_SIGNATURE_TYPE_ED25519 115 bool "Edwards curve digital signatures using ed25519" 116 select BOOT_ENCRYPTION_SUPPORT 117 118if BOOT_SIGNATURE_TYPE_ED25519 119choice BOOT_ED25519_IMPLEMENTATION 120 prompt "Ecdsa implementation" 121 default BOOT_ED25519_TINYCRYPT 122config BOOT_ED25519_TINYCRYPT 123 bool "Use tinycrypt" 124 select BOOT_USE_TINYCRYPT 125config BOOT_ED25519_MBEDTLS 126 bool "Use mbedTLS" 127 select BOOT_USE_MBEDTLS 128 select MBEDTLS 129endchoice 130endif 131 132endchoice 133 134config BOOT_SIGNATURE_KEY_FILE 135 string "PEM key file" 136 default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 137 default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 138 default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 139 default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 140 default "" 141 help 142 You can use either absolute or relative path. 143 In case relative path is used, the build system assumes that it starts 144 from the directory where the MCUBoot KConfig configuration file is 145 located. If the key file is not there, the build system uses relative 146 path that starts from the MCUBoot repository root directory. 147 The key file will be parsed by imgtool's getpub command and a .c source 148 with the public key information will be written in a format expected by 149 MCUboot. 150 151config MCUBOOT_CLEANUP_ARM_CORE 152 bool "Perform core cleanup before chain-load the application" 153 depends on CPU_CORTEX_M 154 default y 155 help 156 This option instructs MCUboot to perform a clean-up of a set of 157 architecture core HW registers before jumping to the application 158 firmware. The clean-up sets these registers to their warm-reset 159 values as specified by the architecture. 160 161 This option is enabled by default to prevent possible problems when 162 booting zephyr (or other) applications whereby e.g. a MPU stack guard 163 may be initialised in RAM which is then used by the application 164 start-up code which can cause a module fault and potentially make the 165 module irrecoverable. 166 167config MBEDTLS_CFG_FILE 168 default "mcuboot-mbedtls-cfg.h" 169 170config BOOT_HW_KEY 171 bool "Use HW key for image verification" 172 default n 173 help 174 Use HW key for image verification, otherwise the public key is embedded 175 in MCUBoot. If enabled the public key is appended to the signed image 176 and requires the hash of the public key to be provisioned to the device 177 beforehand. 178 179config BOOT_VALIDATE_SLOT0 180 bool "Validate image in the primary slot on every boot" 181 default y 182 help 183 If y, the bootloader attempts to validate the signature of the 184 primary slot every boot. This adds the signature check time to 185 every boot, but can mitigate against some changes that are 186 able to modify the flash image itself. 187 188config BOOT_VALIDATE_SLOT0_ONCE 189 bool "Validate image in the primary slot just once after after upgrade" 190 depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT 191 default n 192 help 193 If y, the bootloader attempts to validate the signature of the 194 primary slot only once after an upgrade of the main slot. 195 It caches the result in the magic area, which makes it an unsecure 196 method. This option is usefull for lowering the boot up time for 197 low end devices with as a compromise lowering the security level. 198 If unsure, leave at the default value. 199 200config BOOT_PREFER_SWAP_MOVE 201 bool "Prefer the newer swap move algorithm" 202 default y if SOC_FAMILY_NORDIC_NRF 203 default y if !$(dt_nodelabel_enabled,scratch_partition) 204 help 205 If y, the BOOT_IMAGE_UPGRADE_MODE will default to using 206 "move" instead of "scratch". This is a separate bool config 207 option, because Kconfig doesn't allow defaults to be 208 overridden in choice options. Most devices should be using 209 swap move. 210 211if !SINGLE_APPLICATION_SLOT 212choice BOOT_IMAGE_UPGRADE_MODE 213 prompt "Image upgrade modes" 214 default BOOT_SWAP_USING_MOVE if BOOT_PREFER_SWAP_MOVE 215 default BOOT_SWAP_USING_SCRATCH 216 217config BOOT_SWAP_USING_SCRATCH 218 bool "Swap mode that run with the scratch partition" 219 help 220 This is the most conservative swap mode but it can work even on 221 devices with heterogeneous flash page layout. 222 223config BOOT_UPGRADE_ONLY 224 bool "Overwrite image updates instead of swapping" 225 help 226 If y, overwrite the primary slot with the upgrade image instead 227 of swapping them. This prevents the fallback recovery, but 228 uses a much simpler code path. 229 230config BOOT_SWAP_USING_MOVE 231 bool "Swap mode that can run without a scratch partition" 232 help 233 If y, the swap upgrade is done in two steps, where first every 234 sector of the primary slot is moved up one sector, then for 235 each sector X in the secondary slot, it is moved to index X in 236 the primary slot, then the sector at X+1 in the primary is 237 moved to index X in the secondary. 238 This allows a swap upgrade without using a scratch partition, 239 but is currently limited to all sectors in both slots being of 240 the same size. 241 242config BOOT_DIRECT_XIP 243 bool "Run the latest image directly from its slot" 244 help 245 If y, mcuboot selects the newest valid image based on the image version 246 numbers, thereafter the selected image can run directly from its slot 247 without having to move/copy it into the primary slot. For this reason the 248 images must be linked to be executed from the given image slot. Using this 249 mode results in a simpler code path and smaller code size. 250 251config BOOT_RAM_LOAD 252 bool "RAM load" 253 help 254 If y, mcuboot selects the newest valid image based on the image version 255 numbers, thereafter the selected image is copied to RAM and executed from 256 there. For this reason, the image has to be linked to be executed from RAM. 257 The address that the image is copied to is specified using the load-addr 258 argument to the imgtool.py script which writes it to the image header. 259 260config BOOT_FIRMWARE_LOADER 261 bool "Firmware loader" 262 help 263 If y, mcuboot will have a single application slot, and the secondary 264 slot will be for a non-upgradeable firmware loaded image (e.g. for 265 loading firmware via Bluetooth). The main application will boot by 266 default unless there is an error with it or the boot mode has been 267 forced to the firmware loader. 268 269 Note: The firmware loader image must be signed with the same signing 270 key as the primary image. 271 272endchoice 273 274# Workaround for not being able to have commas in macro arguments 275DT_CHOSEN_Z_SRAM := zephyr,sram 276 277if BOOT_RAM_LOAD 278config BOOT_IMAGE_EXECUTABLE_RAM_START 279 hex "Boot image executable ram start" 280 default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM)) 281 282config BOOT_IMAGE_EXECUTABLE_RAM_SIZE 283 int "Boot image executable base size" 284 default $(dt_chosen_reg_size_int,$(DT_CHOSEN_Z_SRAM),0) 285endif 286 287config BOOT_DIRECT_XIP_REVERT 288 bool "Enable the revert mechanism in direct-xip mode" 289 depends on BOOT_DIRECT_XIP 290 default n 291 help 292 If y, enables the revert mechanism in direct-xip similar to the one in 293 swap mode. It requires the trailer magic to be added to the signed image. 294 When a reboot happens without the image being confirmed at runtime, the 295 bootloader considers the image faulty and erases it. After this it will 296 attempt to boot the previous image. The images can also be made permanent 297 (marked as confirmed in advance) just like in swap mode. 298 299config BOOT_BOOTSTRAP 300 bool "Bootstrap erased the primary slot from the secondary slot" 301 default n 302 help 303 If y, enables bootstraping support. Bootstrapping allows an erased 304 primary slot to be initialized from a valid image in the secondary slot. 305 If unsure, leave at the default value. 306 307config BOOT_SWAP_SAVE_ENCTLV 308 bool "Save encrypted key TLVs instead of plaintext keys in swap metadata" 309 default n 310 depends on BOOT_ENCRYPT_IMAGE 311 help 312 If y, instead of saving the encrypted image keys in plaintext in the 313 swap resume metadata, save the encrypted image TLVs. This should be used 314 when there is no security mechanism protecting the data in the primary 315 slot from being dumped. If n is selected (default), the keys are written 316 after being decrypted from the image TLVs and could be read by an 317 attacker who has access to the flash contents of the primary slot (eg 318 JTAG/SWD or primary slot in external flash). 319 If unsure, leave at the default value. 320 321endif # !SINGLE_APPLICATION_SLOT 322 323config BOOT_ENCRYPTION_SUPPORT 324 bool 325 help 326 Hidden option used to check if image encryption is supported. 327 328config BOOT_ENCRYPT_IMAGE 329 bool "Support for encrypted image updates" 330 depends on BOOT_ENCRYPTION_SUPPORT 331 select BOOT_ENCRYPT_RSA if BOOT_SIGNATURE_TYPE_RSA 332 select BOOT_ENCRYPT_EC256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 333 select BOOT_ENCRYPT_X25519 if BOOT_SIGNATURE_TYPE_ED25519 334 depends on !SINGLE_APPLICATION_SLOT || MCUBOOT_SERIAL 335 help 336 If y, images in the secondary slot can be encrypted and are decrypted 337 on the fly when upgrading to the primary slot, as well as encrypted 338 back when swapping from the primary slot to the secondary slot. The 339 encryption mechanism must match the same type as the signature type, 340 supported types include: 341 - RSA-OAEP (2048 bits). 342 - ECIES using primitives described under "ECIES-P256 encryption" in 343 docs/encrypted_images.md. 344 - ECIES using primitives described under "ECIES-X25519 encryption" 345 in docs/encrypted_images.md. 346 347 Note that for single slot operation, this can still be used to allow 348 loading encrypted images via serial recovery which are then 349 decrypted on-the-fly without needing a second slot. 350 351config BOOT_ENCRYPT_RSA 352 bool 353 help 354 Hidden option selecting RSA encryption. 355 356config BOOT_ENCRYPT_EC256 357 bool 358 help 359 Hidden option selecting EC256 encryption. 360 361config BOOT_ENCRYPT_X25519 362 bool 363 help 364 Hidden option selecting x25519 encryption. 365 366config BOOT_ENCRYPTION_KEY_FILE 367 string "Encryption key file" 368 depends on BOOT_ENCRYPT_IMAGE 369 default "enc-rsa2048-priv.pem" if BOOT_ENCRYPT_RSA 370 default "enc-ec256-priv.pem" if BOOT_ENCRYPT_EC256 371 default "enc-x25519-priv.pem" if BOOT_ENCRYPT_X25519 372 default "" 373 help 374 You can use either absolute or relative path. 375 In case relative path is used, the build system assumes that it starts 376 from the directory where the MCUBoot KConfig configuration file is 377 located. If the key file is not there, the build system uses relative 378 path that starts from the MCUBoot repository root directory. 379 The key file will be parsed by imgtool's getpriv command and a .c source 380 with the public key information will be written in a format expected by 381 MCUboot. 382 383config BOOT_MAX_IMG_SECTORS 384 int "Maximum number of sectors per image slot" 385 default 128 386 help 387 This option controls the maximum number of sectors that each of 388 the two image areas can contain. Smaller values reduce MCUboot's 389 memory usage; larger values allow it to support larger images. 390 If unsure, leave at the default value. 391 392config BOOT_SHARE_BACKEND_AVAILABLE 393 bool 394 default n 395 help 396 Hidden open which indicates if there is a sharing backend available. 397 398# Workaround for not being able to have commas in macro arguments 399DT_CHOSEN_BOOTLOADER_INFO := zephyr,bootloader-info 400 401config BOOT_SHARE_BACKEND_AVAILABLE 402 bool 403 default n 404 help 405 Hidden open which indicates if there is a sharing backend available. 406 407choice BOOT_SHARE_BACKEND 408 prompt "Shared data backend" 409 default BOOT_SHARE_BACKEND_DISABLED 410 411config BOOT_SHARE_BACKEND_DISABLED 412 bool "Disabled" 413 help 414 No data sharing support. 415 416config BOOT_SHARE_BACKEND_RETENTION 417 bool "Retention" 418 depends on RETENTION 419 depends on $(dt_chosen_enabled,$(DT_CHOSEN_BOOTLOADER_INFO)) 420 select BOOT_SHARE_BACKEND_AVAILABLE 421 help 422 Use retention to share data with application. Requires: 423 - Retained memory area 424 - Retention partition of retained memory area 425 - Chosen node "zephyr,bootloader-info" to be set to the retention 426 partition 427 428config BOOT_SHARE_BACKEND_EXTERNAL 429 bool "External (user-provided code)" 430 select BOOT_SHARE_BACKEND_AVAILABLE 431 help 432 Use a custom user-specified storage. 433 434endchoice 435 436menuconfig BOOT_SHARE_DATA 437 bool "Save application specific data" 438 default n 439 depends on BOOT_SHARE_BACKEND_AVAILABLE 440 help 441 This will allow data to be shared between MCUboot and an application, 442 it does not include any informatiom by default. 443 444 Note: This requires a backend to function, see 445 BOOT_SHARE_BACKEND_RETENTION for details on using the retention 446 subsystem as a backend. 447 448config BOOT_SHARE_DATA_BOOTINFO 449 bool "Save boot information data" 450 default n 451 depends on BOOT_SHARE_DATA 452 help 453 This will place information about the MCUboot configuration and 454 running application into a shared memory area. 455 456menuconfig MEASURED_BOOT 457 bool "Store the boot state/measurements in shared memory area" 458 default n 459 depends on BOOT_SHARE_BACKEND_AVAILABLE 460 help 461 If enabled, the bootloader will store certain boot measurements such as 462 the hash of the firmware image in a shared memory area. This data can 463 be used later by runtime services (e.g. by a device attestation service). 464 465 Note: This requires a backend to function, see 466 BOOT_SHARE_BACKEND_RETENTION for details on using the retention 467 subsystem as a backend. 468 469config MEASURED_BOOT_MAX_CBOR_SIZE 470 int "Maximum CBOR size of boot state/measurements" 471 default 64 472 range 0 256 473 depends on MEASURED_BOOT 474 help 475 The maximum size of the CBOR message which stores boot 476 state/measurements. 477 478choice BOOT_FAULT_INJECTION_HARDENING_PROFILE 479 prompt "Fault injection hardening profile" 480 default BOOT_FIH_PROFILE_OFF 481 482config BOOT_FIH_PROFILE_OFF 483 bool "No hardening against hardware level fault injection" 484 help 485 No hardening in SW against hardware level fault injection: power or 486 clock glitching, etc. 487 488config BOOT_FIH_PROFILE_LOW 489 bool "Moderate level hardening against hardware level fault injection" 490 help 491 Moderate level hardening: Long global fail loop to avoid break out, 492 control flow integrity check to discover discrepancy in expected code 493 flow. 494 495config BOOT_FIH_PROFILE_MEDIUM 496 bool "Medium level hardening against hardware level fault injection" 497 help 498 Medium level hardening: Long global fail loop to avoid break out, 499 control flow integrity check to discover discrepancy in expected code 500 flow, double variables to discover register or memory corruption. 501 502config BOOT_FIH_PROFILE_HIGH 503 bool "Maximum level hardening against hardware level fault injection" 504 select MBEDTLS 505 help 506 Maximum level hardening: Long global fail loop to avoid break out, 507 control flow integrity check to discover discrepancy in expected code 508 flow, double variables to discover register or memory corruption, random 509 delays to make code execution less predictable. Random delays requires an 510 entropy source. 511 512endchoice 513 514choice BOOT_USB_DFU 515 prompt "USB DFU" 516 default BOOT_USB_DFU_NO 517 518config BOOT_USB_DFU_NO 519 prompt "Disabled" 520 521config BOOT_USB_DFU_WAIT 522 bool "Wait for a prescribed duration to see if USB DFU is invoked" 523 select USB_DEVICE_STACK 524 select USB_DFU_CLASS 525 select IMG_MANAGER 526 select STREAM_FLASH 527 select MULTITHREADING 528 help 529 If y, MCUboot waits for a prescribed duration of time to allow 530 for USB DFU to be invoked. Please note DFU always updates the 531 slot1 image. 532 533config BOOT_USB_DFU_GPIO 534 bool "Use GPIO to detect whether to trigger DFU mode" 535 select USB_DEVICE_STACK 536 select USB_DFU_CLASS 537 select IMG_MANAGER 538 select STREAM_FLASH 539 select MULTITHREADING 540 help 541 If y, MCUboot uses GPIO to detect whether to invoke USB DFU. 542 543endchoice 544 545config BOOT_USB_DFU_WAIT_DELAY_MS 546 int "USB DFU wait duration" 547 depends on BOOT_USB_DFU_WAIT 548 default 12000 549 help 550 Milliseconds to wait for USB DFU to be invoked. 551 552if BOOT_USB_DFU_GPIO 553 554config BOOT_USB_DFU_DETECT_DELAY 555 int "Serial detect pin detection delay time [ms]" 556 default 0 557 help 558 Used to prevent the bootloader from loading on button press. 559 Useful for powering on when using the same button as 560 the one used to place the device in bootloader mode. 561 562endif # BOOT_USB_DFU_GPIO 563 564config BOOT_USE_BENCH 565 bool "Enable benchmark code" 566 default n 567 help 568 If y, adds support for simple benchmarking that can record 569 time intervals between two calls. The time printed depends 570 on the particular Zephyr target, and is generally ticks of a 571 specific board-specific timer. 572 573module = MCUBOOT 574module-str = MCUBoot bootloader 575source "subsys/logging/Kconfig.template.log_config" 576 577config MCUBOOT_LOG_THREAD_STACK_SIZE 578 int "Stack size for the MCUBoot log processing thread" 579 depends on LOG && !LOG_IMMEDIATE 580 default 2048 if COVERAGE_GCOV 581 default 1024 if NO_OPTIMIZATIONS 582 default 1024 if XTENSA 583 default 4096 if (X86 && X86_64) 584 default 4096 if ARM64 585 default 768 586 help 587 Set the internal stack size for MCUBoot log processing thread. 588 589config MCUBOOT_INDICATION_LED 590 bool "Turns on LED indication when device is in DFU" 591 select GPIO 592 help 593 Device device activates the LED while in bootloader mode. 594 mcuboot-led0 alias must be set in the device's .dts 595 definitions for this to work. 596 597rsource "Kconfig.serial_recovery" 598 599rsource "Kconfig.firmware_loader" 600 601config BOOT_INTR_VEC_RELOC 602 bool "Relocate the interrupt vector to the application" 603 default n 604 depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR 605 help 606 Relocate the interrupt vector to the application before it is started. 607 Select this option if application requires vector relocation, 608 but it doesn't relocate vector in its reset handler. 609 610config UPDATEABLE_IMAGE_NUMBER 611 int "Number of updateable images" 612 default 1 613 range 1 1 if SINGLE_APPLICATION_SLOT 614 help 615 Enables support of multi image update. 616 617config BOOT_VERSION_CMP_USE_BUILD_NUMBER 618 bool "Use build number while comparing image version" 619 depends on (UPDATEABLE_IMAGE_NUMBER > 1) || BOOT_DIRECT_XIP || \ 620 BOOT_RAM_LOAD || MCUBOOT_DOWNGRADE_PREVENTION 621 help 622 By default, the image version comparison relies only on version major, 623 minor and revision. Enable this option to take into account the build 624 number as well. 625 626choice BOOT_DOWNGRADE_PREVENTION_CHOICE 627 prompt "Downgrade prevention" 628 optional 629 630config MCUBOOT_DOWNGRADE_PREVENTION 631 bool "SW based downgrade prevention" 632 depends on !BOOT_DIRECT_XIP 633 help 634 Prevent downgrades by enforcing incrementing version numbers. 635 When this option is set, any upgrade must have greater major version 636 or greater minor version with equal major version. This mechanism 637 only protects against some attacks against version downgrades (for 638 example, a JTAG could be used to write an older version). 639 640config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 641 bool "Use image security counter instead of version number" 642 depends on MCUBOOT_DOWNGRADE_PREVENTION 643 depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH) 644 help 645 Security counter is used for version eligibility check instead of pure 646 version. When this option is set, any upgrade must have greater or 647 equal security counter value. 648 Because of the acceptance of equal values it allows for software 649 downgrades to some extent. 650 651config MCUBOOT_HW_DOWNGRADE_PREVENTION 652 bool "HW based downgrade prevention" 653 help 654 Prevent undesirable/malicious software downgrades. When this option is 655 set, any upgrade must have greater or equal security counter value. 656 Because of the acceptance of equal values it allows for software 657 downgrade to some extent. 658 659endchoice 660 661config BOOT_WATCHDOG_FEED 662 bool "Feed the watchdog while doing swap" 663 default y if WATCHDOG 664 default y if SOC_FAMILY_NORDIC_NRF 665 # for nRF nrfx based implementation is available 666 imply NRFX_WDT if SOC_FAMILY_NORDIC_NRF 667 imply NRFX_WDT0 if SOC_FAMILY_NORDIC_NRF 668 imply NRFX_WDT1 if SOC_FAMILY_NORDIC_NRF 669 imply NRFX_WDT30 if SOC_FAMILY_NORDIC_NRF 670 imply NRFX_WDT31 if SOC_FAMILY_NORDIC_NRF 671 help 672 Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is 673 used to feed watchdog while doing time consuming operations. 674 675config BOOT_IMAGE_ACCESS_HOOKS 676 bool "Enable hooks for overriding MCUboot's native routines" 677 help 678 Allow to provide procedures for override or extend native 679 MCUboot's routines required for access the image data and the image 680 update. It is up to the project customization to add required source 681 files to the build. 682 683config MCUBOOT_ACTION_HOOKS 684 bool "Enable hooks for responding to MCUboot status changes" 685 help 686 This will call a handler when the MCUboot status changes which allows 687 for some level of user feedback, for instance to change LED status to 688 indicate a failure, using the callback: 689 'void mcuboot_status_change(mcuboot_status_type_t status)' where 690 'mcuboot_status_type_t' is listed in 691 boot/bootutil/include/bootutil/mcuboot_status.h 692 693config BOOT_DISABLE_CACHES 694 bool "Disable I/D caches before chain-loading application" 695 depends on CPU_HAS_ICACHE || CPU_HAS_DCACHE 696 default y 697 help 698 Will flush and disable the instruction and data caches on the CPU prior to 699 booting an application, this is required on some ARM Cortex devices and 700 increases protection against data leakage from MCUboot to applications via 701 these caches. 702 703config MCUBOOT_BOOT_BANNER 704 bool "Use MCUboot boot banner" 705 depends on BOOT_BANNER 706 depends on "$(APP_VERSION_EXTENDED_STRING)" != "" 707 default y 708 help 709 Uses a MCUboot boot banner instead of the default zephyr one, which will output the 710 MCUboot name and version, followed by the zephyr name and version. 711 712 For example: 713 714 *** Booting MCUboot v2.0.0-72-g8c0e36c88663 *** 715 *** Using Zephyr OS build v3.6.0-2607-gd0be2010c31f *** 716 717config BOOT_BANNER_STRING 718 default "Using Zephyr OS build" if MCUBOOT_BOOT_BANNER 719 720endmenu 721 722config MCUBOOT_DEVICE_SETTINGS 723 # Hidden selector for device-specific settings 724 bool 725 default y 726 # CPU options 727 select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 728 # Enable flash page layout if available 729 select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT 730 # Enable flash_map module as flash I/O back-end 731 select FLASH_MAP 732 733config MCUBOOT_DEVICE_CPU_CORTEX_M0 734 # Hidden selector for Cortex-M0 settings 735 bool 736 default n 737 select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP 738 739comment "Zephyr configuration options" 740 741# Disabling MULTITHREADING provides a code size advantage, but 742# it requires peripheral drivers (particularly a flash driver) 743# that works properly with the option enabled. 744# 745# If you know for sure that your hardware will work, you can default 746# it to n here. Otherwise, having it on by default makes the most 747# hardware work. 748config MULTITHREADING 749 default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING 750 default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT 751 default n if SOC_FAMILY_NORDIC_NRF 752 default n if SOC_FAMILY_ESPRESSIF_ESP32 && MCUBOOT 753 default y 754 755config LOG_PROCESS_THREAD 756 default n # mcuboot has its own log processing thread 757 758# override USB device name 759config USB_DEVICE_PRODUCT 760 default "MCUBOOT" 761 762# use MCUboot's own log configuration 763config MCUBOOT_BOOTUTIL_LIB_OWN_LOG 764 bool 765 default n 766 767config MCUBOOT_VERIFY_IMG_ADDRESS 768 bool "Verify reset address of image in secondary slot" 769 depends on UPDATEABLE_IMAGE_NUMBER > 1 770 depends on !BOOT_ENCRYPT_IMAGE 771 depends on ARM 772 default y if BOOT_UPGRADE_ONLY 773 help 774 Verify that the reset address in the image located in the secondary slot 775 is contained within the corresponding primary slot. This is recommended 776 if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user 777 incorrectly uploads an update for image 1 to image 0's secondary slot 778 MCUboot will overwrite image 0's primary slot with this image even 779 though it will not boot. If swapping is enabled this will be handled 780 since the image will not confirm itself. If, however, swapping is not 781 enabled then the only mitigation is serial recovery. This feature can 782 also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image 783 linked at the correct address is loaded. 784 785source "Kconfig.zephyr" 786