| # General configuration options |
| |
| # Copyright (c) 2014-2015 Wind River Systems, Inc. |
| # Copyright (c) 2016 Intel Corporation |
| # Copyright (c) 2023 Nordic Semiconductor ASA |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| config MCUBOOT |
| bool |
| help |
| Hidden option used to indicate that the current image is MCUBoot |
| |
| config BOOTLOADER_MCUBOOT |
| bool "MCUboot bootloader support" |
| select USE_DT_CODE_PARTITION |
| imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT |
| depends on !MCUBOOT |
| help |
| This option signifies that the target uses MCUboot as a bootloader, |
| or in other words that the image is to be chain-loaded by MCUboot. |
| This sets several required build system and Device Tree options in |
| order for the image generated to be bootable using the MCUboot open |
| source bootloader. Currently this includes: |
| |
| * Setting ROM_START_OFFSET to a default value that allows space |
| for the MCUboot image header |
| * Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0 |
| (or Armv8-M baseline) targets with no built-in vector relocation |
| mechanisms |
| |
| By default, this option instructs Zephyr to initialize the core |
| architecture HW registers during boot, when this is supported by |
| the application. This removes the need by MCUboot to reset |
| the core registers' state itself. |
| |
| if BOOTLOADER_MCUBOOT |
| |
| config MCUBOOT_CMAKE_WEST_SIGN_PARAMS |
| string "Extra parameters to west sign" |
| default "--quiet" |
| help |
| Parameters that are passed by cmake to west sign, just after |
| the command, before all other parameters needed for image |
| signing. |
| By default this is set to "--quiet" to prevent extra, non-error, |
| diagnostic messages from west sign. This does not affect signing |
| tool for which extra parameters are passed with |
| MCUBOOT_EXTRA_IMGTOOL_ARGS. |
| |
| config MCUBOOT_SIGNATURE_KEY_FILE |
| string "Path to the mcuboot signing key file" |
| default "" |
| depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE |
| help |
| The file contains a key pair whose public half is verified |
| by your target's MCUboot image. The file is in PEM format. |
| |
| If set to a non-empty value, the build system tries to |
| sign the final binaries using a 'west sign -t imgtool' command. |
| The signed binaries are placed in the build directory |
| at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex. |
| |
| The file names can be customized with CONFIG_KERNEL_BIN_NAME. |
| The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN |
| and CONFIG_BUILD_OUTPUT_HEX. |
| |
| This option should contain a path to the same file as the |
| BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path |
| may be absolute or relative to the west workspace topdir. (The MCUboot |
| config option is used for the MCUboot bootloader image; this option is |
| for your application which is to be loaded by MCUboot. The MCUboot |
| config option can be a relative path from the MCUboot repository |
| root.) |
| |
| If left empty, you must sign the Zephyr binaries manually. |
| |
| config MCUBOOT_ENCRYPTION_KEY_FILE |
| string "Path to the mcuboot encryption key file" |
| default "" |
| depends on MCUBOOT_SIGNATURE_KEY_FILE != "" |
| help |
| The file contains the public key that is used to encrypt the |
| ephemeral key that encrypts the image. The corresponding |
| private key is hard coded in the MCUboot source code and is |
| used to decrypt the ephemeral key that is embedded in the |
| image. The file is in PEM format. |
| |
| If set to a non-empty value, the build system tries to |
| sign and encrypt the final binaries using a 'west sign -t imgtool' |
| command. The binaries are placed in the build directory at |
| zephyr/zephyr.signed.encrypted.bin and |
| zephyr/zephyr.signed.encrypted.hex. |
| |
| The file names can be customized with CONFIG_KERNEL_BIN_NAME. |
| The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN |
| and CONFIG_BUILD_OUTPUT_HEX. |
| |
| This option should either be an absolute path or a path relative to |
| the west workspace topdir. |
| Example: './bootloader/mcuboot/enc-rsa2048-pub.pem' |
| |
| If left empty, you must encrypt the Zephyr binaries manually. |
| |
| config MCUBOOT_IMGTOOL_SIGN_VERSION |
| string "Version to pass to imgtool when signing" |
| default "$(VERSION_MAJOR).$(VERSION_MINOR).$(PATCHLEVEL)+$(VERSION_TWEAK)" if "$(VERSION_MAJOR)" != "" |
| default "0.0.0+0" |
| help |
| When signing with imgtool then this setting will be passed as version |
| argument to the tool. |
| The format is major.minor.revision+build. |
| |
| config MCUBOOT_EXTRA_IMGTOOL_ARGS |
| string "Extra arguments to pass to imgtool when signing" |
| default "" |
| help |
| When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty |
| string) you can use this option to pass extra options to |
| imgtool. For example, you could set this to "--version 1.2". |
| |
| config MCUBOOT_GENERATE_UNSIGNED_IMAGE |
| bool "Generate unsigned binary image bootable with MCUboot" |
| help |
| Enabling this configuration allows automatic unsigned binary image |
| generation when MCUboot signing key is not provided, |
| i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty. |
| |
| config MCUBOOT_GENERATE_CONFIRMED_IMAGE |
| bool "Also generate a padded, confirmed image" |
| help |
| The signed, padded, and confirmed binaries are placed in the build |
| directory at zephyr/zephyr.signed.confirmed.bin and |
| zephyr/zephyr.signed.confirmed.hex. |
| |
| The file names can be customized with CONFIG_KERNEL_BIN_NAME. |
| The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN |
| and CONFIG_BUILD_OUTPUT_HEX. |
| |
| menu "On board MCUboot operation mode" |
| |
| choice MCUBOOT_BOOTLOADER_MODE |
| prompt "Application assumed MCUboot mode of operation" |
| default MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH # MCUBOOT_BOOTLOADER_MODE |
| help |
| Informs application build on assumed MCUboot mode of operation. |
| This is important for validataing application against DT configuration, |
| which is done by west sign. |
| |
| config MCUBOOT_BOOTLOADER_MODE_SINGLE_APP |
| bool "MCUboot has been configured for single slot execution" |
| help |
| MCUboot will only boot slot0_partition placed application and does |
| not care about other slots. In this mode application is not able |
| to DFU its own update to secondary slot and all updates need to |
| be performed using MCUboot serial recovery. |
| |
| config MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH |
| bool "MCUboot has been configured for swap without scratch operation" |
| select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| help |
| MCUboot expects slot0_partition and slot1_partition to be present |
| in DT and application will boot from slot0_partition. |
| MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected |
| if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION. |
| |
| config MCUBOOT_BOOTLOADER_MODE_SWAP_SCRATCH |
| bool "MCUboot has been configured for swap using scratch operation" |
| select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| help |
| MCUboot expects slot0_partition, slot1_partition and scratch_partition |
| to be present in DT, and application will boot from slot0_partition. |
| In this mode scratch_partition is used as temporary storage when |
| MCUboot swaps application from the secondary slot to the primary |
| slot. |
| MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected |
| if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION. |
| |
| config MCUBOOT_BOOTLOADER_MODE_OVERWRITE_ONLY |
| bool "MCUboot has been configured to just overwrite primary slot" |
| select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| help |
| MCUboot will take contents of secondary slot of an image and will |
| overwrite primary slot with it. |
| In this mode it is not possible to revert back to previous version |
| as it is not stored in the secondary slot. |
| This mode supports MCUBOOT_BOOTLOADER_NO_DOWNGRADE which means |
| that the overwrite will not happen unless the version of secondary |
| slot is higher than the version in primary slot. |
| |
| config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP |
| bool "MCUboot has been configured for DirectXIP operation" |
| select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| select MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
| help |
| MCUboot expects slot0_partition and slot1_partition to exist in DT. |
| In this mode MCUboot can boot from either partition and will |
| select one with higher application image version, which usually |
| means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER |
| is also selected that enables comparison of build number. |
| This option automatically selectes |
| MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible |
| to swap back to older version of application. |
| |
| config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT |
| bool "MCUboot has been configured for DirectXIP with revert" |
| select MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP |
| select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| select MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
| help |
| MCUboot expects slot0_partition and slot1_partition to exist in DT. |
| In this mode MCUboot will boot the application with the higher version |
| from either slot, as long as it has been marked to be boot |
| next time for test or permanently. In case when application is marked |
| for test it needs to confirm itself, on the first boot, or it will |
| be removed and MCUboot will revert to booting previously approved |
| application. |
| This mode does not allow freely switching between application |
| versions, as, once higher version application is approved, it is |
| not possible to select lower version for boot. |
| This mode selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible |
| to downgrade running application, but note that MCUboot may do that |
| if application with higher version will not get confirmed. |
| |
| endchoice # MCUBOOT_BOOTLOADER_MODE |
| |
| config MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| bool |
| help |
| Selected mode supports downgrade prevention, where you cannot switch to |
| an application with lower version than the currently running application. |
| |
| if MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
| config MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
| bool "MCUboot mode has downgrade prevention enabled" |
| help |
| Selected MCUboot mode has downgrade prevention enabled, where you are not |
| able to change back to image with lower version number. |
| This options should be selected when MCUboot has been built with |
| MCUBOOT_DOWNGRADE_PREVENTION option enabled. |
| endif |
| |
| endmenu # On board MCUboot operation mode |
| |
| endif # BOOTLOADER_MCUBOOT |
| |
| menuconfig MCUBOOT_BOOTUTIL_LIB |
| bool "MCUboot utility library" |
| help |
| Enable MCUboot utility library which implements functions |
| required by the chain-loaded application and the MCUboot. |
| |
| if MCUBOOT_BOOTUTIL_LIB |
| |
| # hidden option for disabling module-own log configuration |
| # while building MCUboot bootloader |
| config MCUBOOT_BOOTUTIL_LIB_OWN_LOG |
| bool |
| default y |
| |
| if MCUBOOT_BOOTUTIL_LIB_OWN_LOG |
| module = MCUBOOT_UTIL |
| module-str = MCUboot bootutil |
| source "subsys/logging/Kconfig.template.log_config" |
| endif |
| |
| config BOOT_IMAGE_ACCESS_HOOKS |
| bool "Hooks for overriding MCUboot's bootutil native routines" |
| help |
| Allow to provide procedures for override or extend native |
| MCUboot's routines required for access the image data. |
| It is up to the application project to add source file which |
| implements hooks to the build. |
| |
| if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT |
| |
| config MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP |
| bool |
| help |
| Adds support for setting for test and confirming images |
| when bootloader is in DirectXIP-revert mode. |
| endif |
| |
| endif # MCUBOOT_BOOTUTIL_LIB |