kconfig: Separate MCUboot options to Kconfig.mcuboot
Move Kconfig options related to MCUboot to Kconfig.mcuboot Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This commit is contained in:
Dominik Ermel
Carles Cufí
parent
87efe30b3a
commit
865f801470
130
Kconfig.mcuboot
Normal file
130
Kconfig.mcuboot
Normal file
|
|
@ -0,0 +1,130 @@
|
|||
# General configuration options
|
||||
|
||||
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
||||
# Copyright (c) 2016 Intel Corporation
|
||||
# Copyright (c) 2023 Nordic Semiconductor ASA
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
config MCUBOOT
|
||||
bool
|
||||
help
|
||||
Hidden option used to indicate that the current image is MCUBoot
|
||||
|
||||
config BOOTLOADER_MCUBOOT
|
||||
bool "MCUboot bootloader support"
|
||||
select USE_DT_CODE_PARTITION
|
||||
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
|
||||
depends on !MCUBOOT
|
||||
help
|
||||
This option signifies that the target uses MCUboot as a bootloader,
|
||||
or in other words that the image is to be chain-loaded by MCUboot.
|
||||
This sets several required build system and Device Tree options in
|
||||
order for the image generated to be bootable using the MCUboot open
|
||||
source bootloader. Currently this includes:
|
||||
|
||||
* Setting ROM_START_OFFSET to a default value that allows space
|
||||
for the MCUboot image header
|
||||
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
|
||||
(or Armv8-M baseline) targets with no built-in vector relocation
|
||||
mechanisms
|
||||
|
||||
By default, this option instructs Zephyr to initialize the core
|
||||
architecture HW registers during boot, when this is supported by
|
||||
the application. This removes the need by MCUboot to reset
|
||||
the core registers' state itself.
|
||||
|
||||
if BOOTLOADER_MCUBOOT
|
||||
|
||||
config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
|
||||
string "Extra parameters to west sign"
|
||||
default "--quiet"
|
||||
help
|
||||
Parameters that are passed by cmake to west sign, just after
|
||||
the command, before all other parameters needed for image
|
||||
signing.
|
||||
By default this is set to "--quiet" to prevent extra, non-error,
|
||||
diagnostic messages from west sign. This does not affect signing
|
||||
tool for which extra parameters are passed with
|
||||
MCUBOOT_EXTRA_IMGTOOL_ARGS.
|
||||
|
||||
config MCUBOOT_SIGNATURE_KEY_FILE
|
||||
string "Path to the mcuboot signing key file"
|
||||
default ""
|
||||
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
||||
help
|
||||
The file contains a key pair whose public half is verified
|
||||
by your target's MCUboot image. The file is in PEM format.
|
||||
|
||||
If set to a non-empty value, the build system tries to
|
||||
sign the final binaries using a 'west sign -t imgtool' command.
|
||||
The signed binaries are placed in the build directory
|
||||
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
This option should contain a path to the same file as the
|
||||
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
|
||||
may be absolute or relative to the west workspace topdir. (The MCUboot
|
||||
config option is used for the MCUboot bootloader image; this option is
|
||||
for your application which is to be loaded by MCUboot. The MCUboot
|
||||
config option can be a relative path from the MCUboot repository
|
||||
root.)
|
||||
|
||||
If left empty, you must sign the Zephyr binaries manually.
|
||||
|
||||
config MCUBOOT_ENCRYPTION_KEY_FILE
|
||||
string "Path to the mcuboot encryption key file"
|
||||
default ""
|
||||
depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
|
||||
help
|
||||
The file contains the public key that is used to encrypt the
|
||||
ephemeral key that encrypts the image. The corresponding
|
||||
private key is hard coded in the MCUboot source code and is
|
||||
used to decrypt the ephemeral key that is embedded in the
|
||||
image. The file is in PEM format.
|
||||
|
||||
If set to a non-empty value, the build system tries to
|
||||
sign and encrypt the final binaries using a 'west sign -t imgtool'
|
||||
command. The binaries are placed in the build directory at
|
||||
zephyr/zephyr.signed.encrypted.bin and
|
||||
zephyr/zephyr.signed.encrypted.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
This option should either be an absolute path or a path relative to
|
||||
the west workspace topdir.
|
||||
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
|
||||
|
||||
If left empty, you must encrypt the Zephyr binaries manually.
|
||||
|
||||
config MCUBOOT_EXTRA_IMGTOOL_ARGS
|
||||
string "Extra arguments to pass to imgtool when signing"
|
||||
default ""
|
||||
help
|
||||
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
|
||||
string) you can use this option to pass extra options to
|
||||
imgtool. For example, you could set this to "--version 1.2".
|
||||
|
||||
config MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
||||
bool "Generate unsigned binary image bootable with MCUboot"
|
||||
help
|
||||
Enabling this configuration allows automatic unsigned binary image
|
||||
generation when MCUboot signing key is not provided,
|
||||
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
|
||||
|
||||
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
|
||||
bool "Also generate a padded, confirmed image"
|
||||
help
|
||||
The signed, padded, and confirmed binaries are placed in the build
|
||||
directory at zephyr/zephyr.signed.confirmed.bin and
|
||||
zephyr/zephyr.signed.confirmed.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
endif # BOOTLOADER_MCUBOOT
|
||||
125
Kconfig.zephyr
125
Kconfig.zephyr
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
||||
# Copyright (c) 2016 Intel Corporation
|
||||
# Copyright (c) 2023 Nordic Semiconductor ASA
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
|
||||
|
|
@ -793,129 +794,7 @@ config BOOTLOADER_SRAM_SIZE
|
|||
- Zephyr is a !XIP image, which implicitly assumes existence of a
|
||||
bootloader that loads the Zephyr !XIP image onto SRAM.
|
||||
|
||||
config MCUBOOT
|
||||
bool
|
||||
help
|
||||
Hidden option used to indicate that the current image is MCUBoot
|
||||
|
||||
config BOOTLOADER_MCUBOOT
|
||||
bool "MCUboot bootloader support"
|
||||
select USE_DT_CODE_PARTITION
|
||||
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
|
||||
depends on !MCUBOOT
|
||||
help
|
||||
This option signifies that the target uses MCUboot as a bootloader,
|
||||
or in other words that the image is to be chain-loaded by MCUboot.
|
||||
This sets several required build system and Device Tree options in
|
||||
order for the image generated to be bootable using the MCUboot open
|
||||
source bootloader. Currently this includes:
|
||||
|
||||
* Setting ROM_START_OFFSET to a default value that allows space
|
||||
for the MCUboot image header
|
||||
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
|
||||
(or Armv8-M baseline) targets with no built-in vector relocation
|
||||
mechanisms
|
||||
|
||||
By default, this option instructs Zephyr to initialize the core
|
||||
architecture HW registers during boot, when this is supported by
|
||||
the application. This removes the need by MCUboot to reset
|
||||
the core registers' state itself.
|
||||
|
||||
if BOOTLOADER_MCUBOOT
|
||||
|
||||
config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
|
||||
string "Extra parameters to west sign"
|
||||
default "--quiet"
|
||||
help
|
||||
Parameters that are passed by cmake to west sign, just after
|
||||
the command, before all other parameters needed for image
|
||||
signing.
|
||||
By default this is set to "--quiet" to prevent extra, non-error,
|
||||
diagnostic messages from west sign. This does not affect signing
|
||||
tool for which extra parameters are passed with
|
||||
MCUBOOT_EXTRA_IMGTOOL_ARGS.
|
||||
|
||||
config MCUBOOT_SIGNATURE_KEY_FILE
|
||||
string "Path to the mcuboot signing key file"
|
||||
default ""
|
||||
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
||||
help
|
||||
The file contains a key pair whose public half is verified
|
||||
by your target's MCUboot image. The file is in PEM format.
|
||||
|
||||
If set to a non-empty value, the build system tries to
|
||||
sign the final binaries using a 'west sign -t imgtool' command.
|
||||
The signed binaries are placed in the build directory
|
||||
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
This option should contain a path to the same file as the
|
||||
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
|
||||
may be absolute or relative to the west workspace topdir. (The MCUboot
|
||||
config option is used for the MCUboot bootloader image; this option is
|
||||
for your application which is to be loaded by MCUboot. The MCUboot
|
||||
config option can be a relative path from the MCUboot repository
|
||||
root.)
|
||||
|
||||
If left empty, you must sign the Zephyr binaries manually.
|
||||
|
||||
config MCUBOOT_ENCRYPTION_KEY_FILE
|
||||
string "Path to the mcuboot encryption key file"
|
||||
default ""
|
||||
depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
|
||||
help
|
||||
The file contains the public key that is used to encrypt the
|
||||
ephemeral key that encrypts the image. The corresponding
|
||||
private key is hard coded in the MCUboot source code and is
|
||||
used to decrypt the ephemeral key that is embedded in the
|
||||
image. The file is in PEM format.
|
||||
|
||||
If set to a non-empty value, the build system tries to
|
||||
sign and encrypt the final binaries using a 'west sign -t imgtool'
|
||||
command. The binaries are placed in the build directory at
|
||||
zephyr/zephyr.signed.encrypted.bin and
|
||||
zephyr/zephyr.signed.encrypted.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
This option should either be an absolute path or a path relative to
|
||||
the west workspace topdir.
|
||||
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
|
||||
|
||||
If left empty, you must encrypt the Zephyr binaries manually.
|
||||
|
||||
config MCUBOOT_EXTRA_IMGTOOL_ARGS
|
||||
string "Extra arguments to pass to imgtool when signing"
|
||||
default ""
|
||||
help
|
||||
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
|
||||
string) you can use this option to pass extra options to
|
||||
imgtool. For example, you could set this to "--version 1.2".
|
||||
|
||||
config MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
||||
bool "Generate unsigned binary image bootable with MCUboot"
|
||||
help
|
||||
Enabling this configuration allows automatic unsigned binary image
|
||||
generation when MCUboot signing key is not provided,
|
||||
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
|
||||
|
||||
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
|
||||
bool "Also generate a padded, confirmed image"
|
||||
help
|
||||
The signed, padded, and confirmed binaries are placed in the build
|
||||
directory at zephyr/zephyr.signed.confirmed.bin and
|
||||
zephyr/zephyr.signed.confirmed.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
endif # BOOTLOADER_MCUBOOT
|
||||
source "Kconfig.mcuboot"
|
||||
|
||||
config BOOTLOADER_ESP_IDF
|
||||
bool "ESP-IDF bootloader support"
|
||||
|
|
|
|||
Loading…
Reference in a new issue