You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
341 lines
14 KiB
341 lines
14 KiB
# General configuration options |
|
|
|
# Copyright (c) 2014-2015 Wind River Systems, Inc. |
|
# Copyright (c) 2016 Intel Corporation |
|
# Copyright (c) 2023 Nordic Semiconductor ASA |
|
# SPDX-License-Identifier: Apache-2.0 |
|
|
|
config MCUBOOT |
|
bool |
|
help |
|
Hidden option used to indicate that the current image is MCUBoot |
|
|
|
config BOOTLOADER_MCUBOOT |
|
bool "MCUboot bootloader support" |
|
select USE_DT_CODE_PARTITION if !MCUBOOT_BOOTLOADER_MODE_RAM_LOAD |
|
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT |
|
depends on !MCUBOOT |
|
help |
|
This option signifies that the target uses MCUboot as a bootloader, |
|
or in other words that the image is to be chain-loaded by MCUboot. |
|
This sets several required build system and Device Tree options in |
|
order for the image generated to be bootable using the MCUboot open |
|
source bootloader. Currently this includes: |
|
|
|
* Setting ROM_START_OFFSET to a default value that allows space |
|
for the MCUboot image header |
|
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0 |
|
(or Armv8-M baseline) targets with no built-in vector relocation |
|
mechanisms |
|
|
|
By default, this option instructs Zephyr to initialize the core |
|
architecture HW registers during boot, when this is supported by |
|
the application. This removes the need by MCUboot to reset |
|
the core registers' state itself. |
|
|
|
if BOOTLOADER_MCUBOOT |
|
|
|
config MCUBOOT_SIGNATURE_KEY_FILE |
|
string "Path to the mcuboot signing key file" |
|
default "" |
|
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE |
|
help |
|
The file contains a key pair whose public half is verified |
|
by your target's MCUboot image. The file is in PEM format. |
|
|
|
If set to a non-empty value, the build system tries to |
|
sign the final binaries using a 'west sign -t imgtool' command. |
|
The signed binaries are placed in the build directory |
|
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex. |
|
|
|
The file names can be customized with CONFIG_KERNEL_BIN_NAME. |
|
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN |
|
and CONFIG_BUILD_OUTPUT_HEX. |
|
|
|
This option should contain a path to the same file as the |
|
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path |
|
may be absolute or relative to the west workspace topdir. (The MCUboot |
|
config option is used for the MCUboot bootloader image; this option is |
|
for your application which is to be loaded by MCUboot. The MCUboot |
|
config option can be a relative path from the MCUboot repository |
|
root.) |
|
|
|
If left empty, you must sign the Zephyr binaries manually. |
|
|
|
config MCUBOOT_ENCRYPTION_KEY_FILE |
|
string "Path to the mcuboot encryption key file" |
|
default "" |
|
depends on MCUBOOT_SIGNATURE_KEY_FILE != "" |
|
help |
|
The file contains the public key that is used to encrypt the |
|
ephemeral key that encrypts the image. The corresponding |
|
private key is hard coded in the MCUboot source code and is |
|
used to decrypt the ephemeral key that is embedded in the |
|
image. The file is in PEM format. |
|
|
|
If set to a non-empty value, the build system tries to |
|
sign and encrypt the final binaries using a 'west sign -t imgtool' |
|
command. The binaries are placed in the build directory at |
|
zephyr/zephyr.signed.encrypted.bin and |
|
zephyr/zephyr.signed.encrypted.hex. |
|
|
|
The file names can be customized with CONFIG_KERNEL_BIN_NAME. |
|
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN |
|
and CONFIG_BUILD_OUTPUT_HEX. |
|
|
|
This option should either be an absolute path or a path relative to |
|
the west workspace topdir. |
|
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem' |
|
|
|
If left empty, you must encrypt the Zephyr binaries manually. |
|
|
|
config MCUBOOT_IMGTOOL_SIGN_VERSION |
|
string "Version to pass to imgtool when signing" |
|
default "$(APP_VERSION_TWEAK_STRING)" if "$(VERSION_MAJOR)" != "" |
|
default "0.0.0+0" |
|
help |
|
When signing with imgtool then this setting will be passed as version |
|
argument to the tool. |
|
The format is major.minor.revision+build. |
|
|
|
config MCUBOOT_IMGTOOL_OVERWRITE_ONLY |
|
bool "Use overwrite-only instead of swap upgrades" |
|
help |
|
If enabled, --overwrite-only option passed to imgtool to avoid |
|
adding the swap status area size when calculating overflow. |
|
|
|
config MCUBOOT_EXTRA_IMGTOOL_ARGS |
|
string "Extra arguments to pass to imgtool when signing" |
|
default "" |
|
help |
|
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty |
|
string) you can use this option to pass extra options to |
|
imgtool. For example, you could set this to "--version 1.2". |
|
|
|
config MCUBOOT_GENERATE_UNSIGNED_IMAGE |
|
bool "Generate unsigned binary image bootable with MCUboot" |
|
help |
|
Enabling this configuration allows automatic unsigned binary image |
|
generation when MCUboot signing key is not provided, |
|
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty. |
|
|
|
config MCUBOOT_GENERATE_CONFIRMED_IMAGE |
|
bool "Also generate a padded, confirmed image" |
|
help |
|
The signed, padded, and confirmed binaries are placed in the build |
|
directory at zephyr/zephyr.signed.confirmed.bin and |
|
zephyr/zephyr.signed.confirmed.hex. |
|
|
|
The file names can be customized with CONFIG_KERNEL_BIN_NAME. |
|
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN |
|
and CONFIG_BUILD_OUTPUT_HEX. |
|
|
|
menu "On board MCUboot operation mode" |
|
|
|
choice MCUBOOT_BOOTLOADER_MODE |
|
prompt "Application assumed MCUboot mode of operation" |
|
default MCUBOOT_BOOTLOADER_MODE_SWAP_USING_MOVE |
|
help |
|
Informs application build on assumed MCUboot mode of operation. |
|
This is important for validataing application against DT configuration, |
|
which is done by west sign. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_SINGLE_APP |
|
bool "MCUboot has been configured for single slot execution" |
|
select MCUBOOT_IMGTOOL_OVERWRITE_ONLY |
|
help |
|
MCUboot will only boot slot0_partition placed application and does |
|
not care about other slots. In this mode application is not able |
|
to DFU its own update to secondary slot and all updates need to |
|
be performed using MCUboot serial recovery. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_SWAP_USING_OFFSET |
|
bool "MCUboot has been configured for swap using offset operation" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
help |
|
MCUboot expects slot0_partition and slot1_partition to be present |
|
in DT and application will boot from slot0_partition. |
|
MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected |
|
if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_SWAP_USING_MOVE |
|
bool "MCUboot has been configured for swap using move operation" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
help |
|
MCUboot expects slot0_partition and slot1_partition to be present |
|
in DT and application will boot from slot0_partition. |
|
MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected |
|
if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_SWAP_WITHOUT_SCRATCH |
|
bool "MCUboot has been configured for swap without scratch operation [DEPRECATED]" |
|
select DEPRECATED |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
help |
|
This Kconfig is deprecated, use MCUBOOT_BOOTLOADER_MODE_SWAP_USING_MOVE instead. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_SWAP_SCRATCH |
|
bool "MCUboot has been configured for swap using scratch operation" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
help |
|
MCUboot expects slot0_partition, slot1_partition and scratch_partition |
|
to be present in DT, and application will boot from slot0_partition. |
|
In this mode scratch_partition is used as temporary storage when |
|
MCUboot swaps application from the secondary slot to the primary |
|
slot. |
|
MCUBOOT_BOOTLOADER_NO_DOWNGRADE should also be selected |
|
if MCUboot has been built with MCUBOOT_DOWNGRADE_PREVENTION. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_OVERWRITE_ONLY |
|
bool "MCUboot has been configured to just overwrite primary slot" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
select MCUBOOT_IMGTOOL_OVERWRITE_ONLY |
|
help |
|
MCUboot will take contents of secondary slot of an image and will |
|
overwrite primary slot with it. |
|
In this mode it is not possible to revert back to previous version |
|
as it is not stored in the secondary slot. |
|
This mode supports MCUBOOT_BOOTLOADER_NO_DOWNGRADE which means |
|
that the overwrite will not happen unless the version of secondary |
|
slot is higher than the version in primary slot. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_RAM_LOAD |
|
bool "MCUboot has been configured for RAM LOAD operation" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
select MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
|
help |
|
MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot |
|
will select the image with the higher version number, copy it to RAM and begin execution |
|
from there. The image must be linked to execute from RAM, the address that it is copied |
|
to is specified using the load-addr argument when running imgtool. |
|
This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible |
|
to swap back to older version of the application. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP |
|
bool "MCUboot has been configured for DirectXIP operation" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
select MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
|
help |
|
MCUboot expects slot0_partition and slot1_partition to exist in DT. |
|
In this mode MCUboot can boot from either partition and will |
|
select one with higher application image version, which usually |
|
means major.minor.patch triple, unless BOOT_VERSION_CMP_USE_BUILD_NUMBER |
|
is also selected that enables comparison of build number. |
|
This option automatically selectes |
|
MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible |
|
to swap back to older version of application. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT |
|
bool "MCUboot has been configured for DirectXIP with revert" |
|
select MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
select MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
|
help |
|
MCUboot expects slot0_partition and slot1_partition to exist in DT. |
|
In this mode MCUboot will boot the application with the higher version |
|
from either slot, as long as it has been marked to be boot |
|
next time for test or permanently. In case when application is marked |
|
for test it needs to confirm itself, on the first boot, or it will |
|
be removed and MCUboot will revert to booting previously approved |
|
application. |
|
This mode does not allow freely switching between application |
|
versions, as, once higher version application is approved, it is |
|
not possible to select lower version for boot. |
|
This mode selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible |
|
to downgrade running application, but note that MCUboot may do that |
|
if application with higher version will not get confirmed. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_FIRMWARE_UPDATER |
|
bool "MCUboot has been configured in firmware updater mode" |
|
select MCUBOOT_IMGTOOL_OVERWRITE_ONLY |
|
help |
|
MCUboot will only boot slot0_partition for the main application but has |
|
an entrance mechanism defined for entering the slot1_partition which is |
|
a dedicated firmware updater application used to update the slot0_partition |
|
application. |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_SINGLE_APP_RAM_LOAD |
|
bool "MCUboot has been configured in single app RAM load mode" |
|
select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
select MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
|
help |
|
MCUboot can load the image to RAM from an arbitrary location. In this mode, |
|
MCUboot will copy the image to RAM and begin execution from there. The image |
|
must be linked to execute from RAM, the address that it is copied to is |
|
specified using the load-addr argument when running imgtool. |
|
Note that while not used directly, a slot0_partition must be defined in the |
|
DT, as it is used to get information about size of the image to be loaded. |
|
This option automatically selects MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is |
|
not possible to swap back to older version of the application. In fact, none |
|
of the swap operations are supported in this mode. |
|
|
|
endchoice # MCUBOOT_BOOTLOADER_MODE |
|
|
|
config MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
bool |
|
help |
|
Selected mode supports downgrade prevention, where you cannot switch to |
|
an application with lower version than the currently running application. |
|
|
|
if MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE |
|
config MCUBOOT_BOOTLOADER_NO_DOWNGRADE |
|
bool "MCUboot mode has downgrade prevention enabled" |
|
help |
|
Selected MCUboot mode has downgrade prevention enabled, where you are not |
|
able to change back to image with lower version number. |
|
This options should be selected when MCUboot has been built with |
|
MCUBOOT_DOWNGRADE_PREVENTION option enabled. |
|
endif |
|
|
|
config MCUBOOT_APPLICATION_FIRMWARE_UPDATER |
|
bool "Application is firmware updater image" |
|
depends on MCUBOOT_BOOTLOADER_MODE_FIRMWARE_UPDATER |
|
help |
|
Select this if the current image is the firmware updater image. This will use slot 1 |
|
information when signing the image. |
|
|
|
Note that the zephyr chosen node ``zephyr,code-partition`` should be set to |
|
``slot1_partition`` for this image. |
|
|
|
endmenu # On board MCUboot operation mode |
|
|
|
endif # BOOTLOADER_MCUBOOT |
|
|
|
menuconfig MCUBOOT_BOOTUTIL_LIB |
|
bool "MCUboot utility library" |
|
help |
|
Enable MCUboot utility library which implements functions |
|
required by the chain-loaded application and the MCUboot. |
|
|
|
if MCUBOOT_BOOTUTIL_LIB |
|
|
|
# hidden option for disabling module-own log configuration |
|
# while building MCUboot bootloader |
|
config MCUBOOT_BOOTUTIL_LIB_OWN_LOG |
|
bool |
|
default y |
|
|
|
if MCUBOOT_BOOTUTIL_LIB_OWN_LOG |
|
module = MCUBOOT_UTIL |
|
module-str = MCUboot bootutil |
|
source "subsys/logging/Kconfig.template.log_config" |
|
endif |
|
|
|
config BOOT_IMAGE_ACCESS_HOOKS |
|
bool "Hooks for overriding MCUboot's bootutil native routines" |
|
help |
|
Allow to provide procedures for override or extend native |
|
MCUboot's routines required for access the image data. |
|
It is up to the application project to add source file which |
|
implements hooks to the build. |
|
|
|
if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT |
|
|
|
config MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP |
|
bool |
|
help |
|
Adds support for setting for test and confirming images |
|
when bootloader is in DirectXIP-revert mode. |
|
endif |
|
|
|
endif # MCUBOOT_BOOTUTIL_LIB
|
|
|