kconfig: Separate MCUboot options to Kconfig.mcuboot
Move Kconfig options related to MCUboot to Kconfig.mcuboot Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This commit is contained in:
parent
87efe30b3a
commit
865f801470
130
Kconfig.mcuboot
Normal file
130
Kconfig.mcuboot
Normal file
|
@ -0,0 +1,130 @@
|
||||||
|
# General configuration options
|
||||||
|
|
||||||
|
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
||||||
|
# Copyright (c) 2016 Intel Corporation
|
||||||
|
# Copyright (c) 2023 Nordic Semiconductor ASA
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
config MCUBOOT
|
||||||
|
bool
|
||||||
|
help
|
||||||
|
Hidden option used to indicate that the current image is MCUBoot
|
||||||
|
|
||||||
|
config BOOTLOADER_MCUBOOT
|
||||||
|
bool "MCUboot bootloader support"
|
||||||
|
select USE_DT_CODE_PARTITION
|
||||||
|
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
|
||||||
|
depends on !MCUBOOT
|
||||||
|
help
|
||||||
|
This option signifies that the target uses MCUboot as a bootloader,
|
||||||
|
or in other words that the image is to be chain-loaded by MCUboot.
|
||||||
|
This sets several required build system and Device Tree options in
|
||||||
|
order for the image generated to be bootable using the MCUboot open
|
||||||
|
source bootloader. Currently this includes:
|
||||||
|
|
||||||
|
* Setting ROM_START_OFFSET to a default value that allows space
|
||||||
|
for the MCUboot image header
|
||||||
|
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
|
||||||
|
(or Armv8-M baseline) targets with no built-in vector relocation
|
||||||
|
mechanisms
|
||||||
|
|
||||||
|
By default, this option instructs Zephyr to initialize the core
|
||||||
|
architecture HW registers during boot, when this is supported by
|
||||||
|
the application. This removes the need by MCUboot to reset
|
||||||
|
the core registers' state itself.
|
||||||
|
|
||||||
|
if BOOTLOADER_MCUBOOT
|
||||||
|
|
||||||
|
config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
|
||||||
|
string "Extra parameters to west sign"
|
||||||
|
default "--quiet"
|
||||||
|
help
|
||||||
|
Parameters that are passed by cmake to west sign, just after
|
||||||
|
the command, before all other parameters needed for image
|
||||||
|
signing.
|
||||||
|
By default this is set to "--quiet" to prevent extra, non-error,
|
||||||
|
diagnostic messages from west sign. This does not affect signing
|
||||||
|
tool for which extra parameters are passed with
|
||||||
|
MCUBOOT_EXTRA_IMGTOOL_ARGS.
|
||||||
|
|
||||||
|
config MCUBOOT_SIGNATURE_KEY_FILE
|
||||||
|
string "Path to the mcuboot signing key file"
|
||||||
|
default ""
|
||||||
|
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
||||||
|
help
|
||||||
|
The file contains a key pair whose public half is verified
|
||||||
|
by your target's MCUboot image. The file is in PEM format.
|
||||||
|
|
||||||
|
If set to a non-empty value, the build system tries to
|
||||||
|
sign the final binaries using a 'west sign -t imgtool' command.
|
||||||
|
The signed binaries are placed in the build directory
|
||||||
|
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
|
||||||
|
|
||||||
|
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||||
|
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||||
|
and CONFIG_BUILD_OUTPUT_HEX.
|
||||||
|
|
||||||
|
This option should contain a path to the same file as the
|
||||||
|
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
|
||||||
|
may be absolute or relative to the west workspace topdir. (The MCUboot
|
||||||
|
config option is used for the MCUboot bootloader image; this option is
|
||||||
|
for your application which is to be loaded by MCUboot. The MCUboot
|
||||||
|
config option can be a relative path from the MCUboot repository
|
||||||
|
root.)
|
||||||
|
|
||||||
|
If left empty, you must sign the Zephyr binaries manually.
|
||||||
|
|
||||||
|
config MCUBOOT_ENCRYPTION_KEY_FILE
|
||||||
|
string "Path to the mcuboot encryption key file"
|
||||||
|
default ""
|
||||||
|
depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
|
||||||
|
help
|
||||||
|
The file contains the public key that is used to encrypt the
|
||||||
|
ephemeral key that encrypts the image. The corresponding
|
||||||
|
private key is hard coded in the MCUboot source code and is
|
||||||
|
used to decrypt the ephemeral key that is embedded in the
|
||||||
|
image. The file is in PEM format.
|
||||||
|
|
||||||
|
If set to a non-empty value, the build system tries to
|
||||||
|
sign and encrypt the final binaries using a 'west sign -t imgtool'
|
||||||
|
command. The binaries are placed in the build directory at
|
||||||
|
zephyr/zephyr.signed.encrypted.bin and
|
||||||
|
zephyr/zephyr.signed.encrypted.hex.
|
||||||
|
|
||||||
|
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||||
|
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||||
|
and CONFIG_BUILD_OUTPUT_HEX.
|
||||||
|
|
||||||
|
This option should either be an absolute path or a path relative to
|
||||||
|
the west workspace topdir.
|
||||||
|
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
|
||||||
|
|
||||||
|
If left empty, you must encrypt the Zephyr binaries manually.
|
||||||
|
|
||||||
|
config MCUBOOT_EXTRA_IMGTOOL_ARGS
|
||||||
|
string "Extra arguments to pass to imgtool when signing"
|
||||||
|
default ""
|
||||||
|
help
|
||||||
|
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
|
||||||
|
string) you can use this option to pass extra options to
|
||||||
|
imgtool. For example, you could set this to "--version 1.2".
|
||||||
|
|
||||||
|
config MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
||||||
|
bool "Generate unsigned binary image bootable with MCUboot"
|
||||||
|
help
|
||||||
|
Enabling this configuration allows automatic unsigned binary image
|
||||||
|
generation when MCUboot signing key is not provided,
|
||||||
|
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
|
||||||
|
|
||||||
|
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
|
||||||
|
bool "Also generate a padded, confirmed image"
|
||||||
|
help
|
||||||
|
The signed, padded, and confirmed binaries are placed in the build
|
||||||
|
directory at zephyr/zephyr.signed.confirmed.bin and
|
||||||
|
zephyr/zephyr.signed.confirmed.hex.
|
||||||
|
|
||||||
|
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||||
|
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||||
|
and CONFIG_BUILD_OUTPUT_HEX.
|
||||||
|
|
||||||
|
endif # BOOTLOADER_MCUBOOT
|
125
Kconfig.zephyr
125
Kconfig.zephyr
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
# Copyright (c) 2014-2015 Wind River Systems, Inc.
|
||||||
# Copyright (c) 2016 Intel Corporation
|
# Copyright (c) 2016 Intel Corporation
|
||||||
|
# Copyright (c) 2023 Nordic Semiconductor ASA
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
|
||||||
|
@ -793,129 +794,7 @@ config BOOTLOADER_SRAM_SIZE
|
||||||
- Zephyr is a !XIP image, which implicitly assumes existence of a
|
- Zephyr is a !XIP image, which implicitly assumes existence of a
|
||||||
bootloader that loads the Zephyr !XIP image onto SRAM.
|
bootloader that loads the Zephyr !XIP image onto SRAM.
|
||||||
|
|
||||||
config MCUBOOT
|
source "Kconfig.mcuboot"
|
||||||
bool
|
|
||||||
help
|
|
||||||
Hidden option used to indicate that the current image is MCUBoot
|
|
||||||
|
|
||||||
config BOOTLOADER_MCUBOOT
|
|
||||||
bool "MCUboot bootloader support"
|
|
||||||
select USE_DT_CODE_PARTITION
|
|
||||||
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
|
|
||||||
depends on !MCUBOOT
|
|
||||||
help
|
|
||||||
This option signifies that the target uses MCUboot as a bootloader,
|
|
||||||
or in other words that the image is to be chain-loaded by MCUboot.
|
|
||||||
This sets several required build system and Device Tree options in
|
|
||||||
order for the image generated to be bootable using the MCUboot open
|
|
||||||
source bootloader. Currently this includes:
|
|
||||||
|
|
||||||
* Setting ROM_START_OFFSET to a default value that allows space
|
|
||||||
for the MCUboot image header
|
|
||||||
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
|
|
||||||
(or Armv8-M baseline) targets with no built-in vector relocation
|
|
||||||
mechanisms
|
|
||||||
|
|
||||||
By default, this option instructs Zephyr to initialize the core
|
|
||||||
architecture HW registers during boot, when this is supported by
|
|
||||||
the application. This removes the need by MCUboot to reset
|
|
||||||
the core registers' state itself.
|
|
||||||
|
|
||||||
if BOOTLOADER_MCUBOOT
|
|
||||||
|
|
||||||
config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
|
|
||||||
string "Extra parameters to west sign"
|
|
||||||
default "--quiet"
|
|
||||||
help
|
|
||||||
Parameters that are passed by cmake to west sign, just after
|
|
||||||
the command, before all other parameters needed for image
|
|
||||||
signing.
|
|
||||||
By default this is set to "--quiet" to prevent extra, non-error,
|
|
||||||
diagnostic messages from west sign. This does not affect signing
|
|
||||||
tool for which extra parameters are passed with
|
|
||||||
MCUBOOT_EXTRA_IMGTOOL_ARGS.
|
|
||||||
|
|
||||||
config MCUBOOT_SIGNATURE_KEY_FILE
|
|
||||||
string "Path to the mcuboot signing key file"
|
|
||||||
default ""
|
|
||||||
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
|
||||||
help
|
|
||||||
The file contains a key pair whose public half is verified
|
|
||||||
by your target's MCUboot image. The file is in PEM format.
|
|
||||||
|
|
||||||
If set to a non-empty value, the build system tries to
|
|
||||||
sign the final binaries using a 'west sign -t imgtool' command.
|
|
||||||
The signed binaries are placed in the build directory
|
|
||||||
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
|
|
||||||
|
|
||||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
|
||||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
|
||||||
and CONFIG_BUILD_OUTPUT_HEX.
|
|
||||||
|
|
||||||
This option should contain a path to the same file as the
|
|
||||||
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
|
|
||||||
may be absolute or relative to the west workspace topdir. (The MCUboot
|
|
||||||
config option is used for the MCUboot bootloader image; this option is
|
|
||||||
for your application which is to be loaded by MCUboot. The MCUboot
|
|
||||||
config option can be a relative path from the MCUboot repository
|
|
||||||
root.)
|
|
||||||
|
|
||||||
If left empty, you must sign the Zephyr binaries manually.
|
|
||||||
|
|
||||||
config MCUBOOT_ENCRYPTION_KEY_FILE
|
|
||||||
string "Path to the mcuboot encryption key file"
|
|
||||||
default ""
|
|
||||||
depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
|
|
||||||
help
|
|
||||||
The file contains the public key that is used to encrypt the
|
|
||||||
ephemeral key that encrypts the image. The corresponding
|
|
||||||
private key is hard coded in the MCUboot source code and is
|
|
||||||
used to decrypt the ephemeral key that is embedded in the
|
|
||||||
image. The file is in PEM format.
|
|
||||||
|
|
||||||
If set to a non-empty value, the build system tries to
|
|
||||||
sign and encrypt the final binaries using a 'west sign -t imgtool'
|
|
||||||
command. The binaries are placed in the build directory at
|
|
||||||
zephyr/zephyr.signed.encrypted.bin and
|
|
||||||
zephyr/zephyr.signed.encrypted.hex.
|
|
||||||
|
|
||||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
|
||||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
|
||||||
and CONFIG_BUILD_OUTPUT_HEX.
|
|
||||||
|
|
||||||
This option should either be an absolute path or a path relative to
|
|
||||||
the west workspace topdir.
|
|
||||||
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
|
|
||||||
|
|
||||||
If left empty, you must encrypt the Zephyr binaries manually.
|
|
||||||
|
|
||||||
config MCUBOOT_EXTRA_IMGTOOL_ARGS
|
|
||||||
string "Extra arguments to pass to imgtool when signing"
|
|
||||||
default ""
|
|
||||||
help
|
|
||||||
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
|
|
||||||
string) you can use this option to pass extra options to
|
|
||||||
imgtool. For example, you could set this to "--version 1.2".
|
|
||||||
|
|
||||||
config MCUBOOT_GENERATE_UNSIGNED_IMAGE
|
|
||||||
bool "Generate unsigned binary image bootable with MCUboot"
|
|
||||||
help
|
|
||||||
Enabling this configuration allows automatic unsigned binary image
|
|
||||||
generation when MCUboot signing key is not provided,
|
|
||||||
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
|
|
||||||
|
|
||||||
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
|
|
||||||
bool "Also generate a padded, confirmed image"
|
|
||||||
help
|
|
||||||
The signed, padded, and confirmed binaries are placed in the build
|
|
||||||
directory at zephyr/zephyr.signed.confirmed.bin and
|
|
||||||
zephyr/zephyr.signed.confirmed.hex.
|
|
||||||
|
|
||||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
|
||||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
|
||||||
and CONFIG_BUILD_OUTPUT_HEX.
|
|
||||||
|
|
||||||
endif # BOOTLOADER_MCUBOOT
|
|
||||||
|
|
||||||
config BOOTLOADER_ESP_IDF
|
config BOOTLOADER_ESP_IDF
|
||||||
bool "ESP-IDF bootloader support"
|
bool "ESP-IDF bootloader support"
|
||||||
|
|
Loading…
Reference in a new issue