-
Notifications
You must be signed in to change notification settings - Fork 227
/
Copy pathmcuboot_config.h
391 lines (321 loc) · 10.5 KB
/
mcuboot_config.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
/*
* Copyright (c) 2018 Open Source Foundries Limited
* Copyright (c) 2019-2020 Arm Limited
* Copyright (c) 2019-2020 Linaro Limited
* Copyright (c) 2023 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef __MCUBOOT_CONFIG_H__
#define __MCUBOOT_CONFIG_H__
#include <zephyr/devicetree.h>
#ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define MCUBOOT_SIGN_RSA
# if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 2048 && \
CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN != 3072)
# error "Invalid RSA key size (must be 2048 or 3072)"
# else
# define MCUBOOT_SIGN_RSA_LEN CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN
# endif
#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
#define MCUBOOT_SIGN_EC256
#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
#define MCUBOOT_SIGN_ED25519
#endif
#if defined(CONFIG_BOOT_USE_TINYCRYPT)
# if defined(CONFIG_MBEDTLS) || defined(CONFIG_BOOT_USE_CC310)
# error "One crypto library implementation allowed at a time."
# endif
#elif defined(CONFIG_MBEDTLS) && defined(CONFIG_BOOT_USE_CC310)
# error "One crypto library implementation allowed at a time."
#endif
#ifdef CONFIG_BOOT_USE_MBEDTLS
#define MCUBOOT_USE_MBED_TLS
#elif defined(CONFIG_BOOT_USE_TINYCRYPT)
#define MCUBOOT_USE_TINYCRYPT
#elif defined(CONFIG_BOOT_USE_CC310)
#define MCUBOOT_USE_CC310
#elif defined(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO)
#define MCUBOOT_USE_NRF_EXTERNAL_CRYPTO
#endif
/* Zephyr, regardless of C library used, provides snprintf */
#define MCUBOOT_USE_SNPRINTF 1
#ifdef CONFIG_BOOT_HW_KEY
#define MCUBOOT_HW_KEY
#endif
#ifdef CONFIG_BOOT_VALIDATE_SLOT0
#define MCUBOOT_VALIDATE_PRIMARY_SLOT
#endif
#ifdef CONFIG_BOOT_VALIDATE_SLOT0_ONCE
#define MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE
#endif
#ifdef CONFIG_BOOT_UPGRADE_ONLY
#define MCUBOOT_OVERWRITE_ONLY
#define MCUBOOT_OVERWRITE_ONLY_FAST
#endif
#ifdef CONFIG_SINGLE_APPLICATION_SLOT
#define MCUBOOT_SINGLE_APPLICATION_SLOT 1
#define MCUBOOT_IMAGE_NUMBER 1
#else
#ifdef CONFIG_BOOT_SWAP_USING_MOVE
#define MCUBOOT_SWAP_USING_MOVE 1
#endif
#ifdef CONFIG_BOOT_DIRECT_XIP
#define MCUBOOT_DIRECT_XIP
#endif
#ifdef CONFIG_BOOT_DIRECT_XIP_REVERT
#define MCUBOOT_DIRECT_XIP_REVERT
#endif
#ifdef CONFIG_BOOT_RAM_LOAD
#define MCUBOOT_RAM_LOAD 1
#define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START
#define IMAGE_EXECUTABLE_RAM_SIZE CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE
#endif
#ifdef CONFIG_BOOT_FIRMWARE_LOADER
#define MCUBOOT_FIRMWARE_LOADER
#endif
#ifdef CONFIG_UPDATEABLE_IMAGE_NUMBER
#define MCUBOOT_IMAGE_NUMBER CONFIG_UPDATEABLE_IMAGE_NUMBER
#else
#define MCUBOOT_IMAGE_NUMBER 1
#endif
#ifdef CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER
#define MCUBOOT_VERSION_CMP_USE_BUILD_NUMBER
#endif
#ifdef CONFIG_BOOT_SWAP_SAVE_ENCTLV
#define MCUBOOT_SWAP_SAVE_ENCTLV 1
#endif
#endif /* CONFIG_SINGLE_APPLICATION_SLOT */
#ifdef CONFIG_LOG
#define MCUBOOT_HAVE_LOGGING 1
#endif
#ifdef CONFIG_BOOT_ENCRYPT_RSA
#define MCUBOOT_ENC_IMAGES
#define MCUBOOT_ENCRYPT_RSA
#endif
#ifdef CONFIG_BOOT_ENCRYPT_EC256
#define MCUBOOT_ENC_IMAGES
#define MCUBOOT_ENCRYPT_EC256
#endif
#ifdef CONFIG_BOOT_ENCRYPT_X25519
#define MCUBOOT_ENC_IMAGES
#define MCUBOOT_ENCRYPT_X25519
#endif
#ifdef CONFIG_BOOT_BOOTSTRAP
#define MCUBOOT_BOOTSTRAP 1
#endif
#ifdef CONFIG_BOOT_USE_BENCH
#define MCUBOOT_USE_BENCH 1
#endif
#ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION
#define MCUBOOT_DOWNGRADE_PREVENTION 1
/* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is
* always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in
* preprocessor condition and my be not defined) */
# ifdef CONFIG_MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER
# define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1
# else
# define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0
# endif
#endif
#ifdef CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION
#define MCUBOOT_HW_ROLLBACK_PROT
#endif
#ifdef CONFIG_MEASURED_BOOT
#define MCUBOOT_MEASURED_BOOT
#endif
#ifdef CONFIG_BOOT_SHARE_DATA
#define MCUBOOT_DATA_SHARING
#endif
#ifdef CONFIG_BOOT_SHARE_BACKEND_RETENTION
#define MCUBOOT_CUSTOM_DATA_SHARING_FUNCTION
#endif
#ifdef CONFIG_BOOT_SHARE_DATA_BOOTINFO
#define MCUBOOT_DATA_SHARING_BOOTINFO
#endif
#ifdef CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE
#define MAX_BOOT_RECORD_SZ CONFIG_MEASURED_BOOT_MAX_CBOR_SIZE
#endif
#ifdef CONFIG_BOOT_FIH_PROFILE_OFF
#define MCUBOOT_FIH_PROFILE_OFF
#endif
#ifdef CONFIG_BOOT_FIH_PROFILE_LOW
#define MCUBOOT_FIH_PROFILE_LOW
#endif
#ifdef CONFIG_BOOT_FIH_PROFILE_MEDIUM
#define MCUBOOT_FIH_PROFILE_MEDIUM
#endif
#ifdef CONFIG_BOOT_FIH_PROFILE_HIGH
#define MCUBOOT_FIH_PROFILE_HIGH
#endif
#ifdef CONFIG_ENABLE_MGMT_PERUSER
#define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 1
#else
#define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0
#endif
#ifdef CONFIG_BOOT_MGMT_CUSTOM_IMG_LIST
#define MCUBOOT_MGMT_CUSTOM_IMG_LIST
#endif
#ifdef CONFIG_BOOT_MGMT_ECHO
#define MCUBOOT_BOOT_MGMT_ECHO
#endif
#ifdef CONFIG_BOOT_IMAGE_ACCESS_HOOKS
#define MCUBOOT_IMAGE_ACCESS_HOOKS
#endif
#ifdef CONFIG_MCUBOOT_VERIFY_IMG_ADDRESS
#define MCUBOOT_VERIFY_IMG_ADDRESS
#endif
#ifdef CONFIG_MCUBOOT_SERIAL
#define MCUBOOT_SERIAL
#endif
/*
* The configuration option enables direct image upload with the
* serial recovery.
*/
#ifdef CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD
#define MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD
#endif
#ifdef CONFIG_BOOT_SERIAL_WAIT_FOR_DFU
#define MCUBOOT_SERIAL_WAIT_FOR_DFU
#endif
#ifdef CONFIG_BOOT_SERIAL_IMG_GRP_HASH
#define MCUBOOT_SERIAL_IMG_GRP_HASH
#endif
#ifdef CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE
#define MCUBOOT_SERIAL_IMG_GRP_IMAGE_STATE
#endif
#ifdef CONFIG_MCUBOOT_SERIAL
#define MCUBOOT_SERIAL_RECOVERY
#endif
#if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \
defined(CONFIG_BOOT_USB_DFU_GPIO))
#define MCUBOOT_USB_DFU
#endif
/*
* The option enables code, currently in boot_serial, that attempts
* to erase flash progressively, as update fragments are received,
* instead of erasing whole image size of flash area after receiving
* first frame.
* Enabling this options prevents stalling the beginning of transfer
* for the time needed to erase large chunk of flash.
*/
#ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY
#define MCUBOOT_ERASE_PROGRESSIVELY
#endif
/*
* Enabling this option uses newer flash map APIs. This saves RAM and
* avoids deprecated API usage.
*
* (This can be deleted when flash_area_to_sectors() is removed instead
* of simply deprecated.)
*/
#define MCUBOOT_USE_FLASH_AREA_GET_SECTORS
#if (defined(CONFIG_BOOT_USB_DFU_WAIT) || \
defined(CONFIG_BOOT_USB_DFU_GPIO))
# ifndef CONFIG_MULTITHREADING
# error "USB DFU Requires MULTITHREADING"
# endif
#endif
#ifdef CONFIG_BOOT_MAX_IMG_SECTORS
#define MCUBOOT_MAX_IMG_SECTORS CONFIG_BOOT_MAX_IMG_SECTORS
#else
#define MCUBOOT_MAX_IMG_SECTORS 128
#endif
#ifdef CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE
#define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE
#endif
#ifdef CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE
#define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE
#endif
#if defined(MCUBOOT_DATA_SHARING) && defined(ZEPHYR_VER_INCLUDE)
#include <app_version.h>
#define MCUBOOT_VERSION_AVAILABLE
#define MCUBOOT_VERSION_MAJOR APP_VERSION_MAJOR
#define MCUBOOT_VERSION_MINOR APP_VERSION_MINOR
#define MCUBOOT_VERSION_PATCHLEVEL APP_PATCHLEVEL
#endif
/* Support 32-byte aligned flash sizes */
#if DT_HAS_CHOSEN(zephyr_flash)
#if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8
#define MCUBOOT_BOOT_MAX_ALIGN \
DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
#endif
#endif
#ifdef CONFIG_MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
#define MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP 1
#endif
#if CONFIG_BOOT_WATCHDOG_FEED
#if CONFIG_NRFX_WDT
#include <nrfx_wdt.h>
#define FEED_WDT_INST(id) \
do { \
nrfx_wdt_t wdt_inst_##id = NRFX_WDT_INSTANCE(id); \
for (uint8_t i = 0; i < NRF_WDT_CHANNEL_NUMBER; i++) \
{ \
nrf_wdt_reload_request_set(wdt_inst_##id.p_reg, \
(nrf_wdt_rr_register_t)(NRF_WDT_RR0 + i)); \
} \
} while (0)
#if defined(CONFIG_NRFX_WDT0) && defined(CONFIG_NRFX_WDT1)
#define MCUBOOT_WATCHDOG_FEED() \
do { \
FEED_WDT_INST(0); \
FEED_WDT_INST(1); \
} while (0)
#elif defined(CONFIG_NRFX_WDT0)
#define MCUBOOT_WATCHDOG_FEED() \
FEED_WDT_INST(0);
#elif defined(CONFIG_NRFX_WDT30) && defined(CONFIG_NRFX_WDT31)
#define MCUBOOT_WATCHDOG_FEED() \
do { \
FEED_WDT_INST(30); \
FEED_WDT_INST(31); \
} while (0)
#elif defined(CONFIG_NRFX_WDT30)
#define MCUBOOT_WATCHDOG_FEED() \
FEED_WDT_INST(30);
#elif defined(CONFIG_NRFX_WDT31)
#define MCUBOOT_WATCHDOG_FEED() \
FEED_WDT_INST(31);
#else
#error "No NRFX WDT instances enabled"
#endif
#elif DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) /* CONFIG_NRFX_WDT */
#include <zephyr/device.h>
#include <zephyr/drivers/watchdog.h>
#define MCUBOOT_WATCHDOG_SETUP() \
do { \
const struct device* wdt = \
DEVICE_DT_GET(DT_ALIAS(watchdog0)); \
if (device_is_ready(wdt)) { \
wdt_setup(wdt, 0); \
} \
} while (0)
#define MCUBOOT_WATCHDOG_FEED() \
do { \
const struct device* wdt = \
DEVICE_DT_GET(DT_ALIAS(watchdog0)); \
if (device_is_ready(wdt)) { \
wdt_feed(wdt, 0); \
} \
} while (0)
#else /* DT_NODE_HAS_STATUS(DT_ALIAS(watchdog0), okay) */
/* No vendor implementation, no-op for historical reasons */
#define MCUBOOT_WATCHDOG_FEED() \
do { \
} while (0)
#endif
#else /* CONFIG_BOOT_WATCHDOG_FEED */
/* Not enabled, no feed activity */
#define MCUBOOT_WATCHDOG_FEED() \
do { \
} while (0)
#endif /* CONFIG_BOOT_WATCHDOG_FEED */
#ifndef MCUBOOT_WATCHDOG_SETUP
#define MCUBOOT_WATCHDOG_SETUP()
#endif
#define MCUBOOT_CPU_IDLE() \
if (!IS_ENABLED(CONFIG_MULTITHREADING)) { \
k_cpu_idle(); \
}
#endif /* __MCUBOOT_CONFIG_H__ */