kconfig: Separate MCUboot options to Kconfig.mcuboot

Move Kconfig options related to MCUboot to Kconfig.mcuboot

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This commit is contained in:
Dominik Ermel 2023-05-11 11:47:21 +00:00 committed by Carles Cufí
parent 87efe30b3a
commit 865f801470
2 changed files with 132 additions and 123 deletions

130
Kconfig.mcuboot Normal file
View file

@ -0,0 +1,130 @@
# General configuration options
# Copyright (c) 2014-2015 Wind River Systems, Inc.
# Copyright (c) 2016 Intel Corporation
# Copyright (c) 2023 Nordic Semiconductor ASA
# SPDX-License-Identifier: Apache-2.0
config MCUBOOT
bool
help
Hidden option used to indicate that the current image is MCUBoot
config BOOTLOADER_MCUBOOT
bool "MCUboot bootloader support"
select USE_DT_CODE_PARTITION
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
depends on !MCUBOOT
help
This option signifies that the target uses MCUboot as a bootloader,
or in other words that the image is to be chain-loaded by MCUboot.
This sets several required build system and Device Tree options in
order for the image generated to be bootable using the MCUboot open
source bootloader. Currently this includes:
* Setting ROM_START_OFFSET to a default value that allows space
for the MCUboot image header
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
(or Armv8-M baseline) targets with no built-in vector relocation
mechanisms
By default, this option instructs Zephyr to initialize the core
architecture HW registers during boot, when this is supported by
the application. This removes the need by MCUboot to reset
the core registers' state itself.
if BOOTLOADER_MCUBOOT
config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
string "Extra parameters to west sign"
default "--quiet"
help
Parameters that are passed by cmake to west sign, just after
the command, before all other parameters needed for image
signing.
By default this is set to "--quiet" to prevent extra, non-error,
diagnostic messages from west sign. This does not affect signing
tool for which extra parameters are passed with
MCUBOOT_EXTRA_IMGTOOL_ARGS.
config MCUBOOT_SIGNATURE_KEY_FILE
string "Path to the mcuboot signing key file"
default ""
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
help
The file contains a key pair whose public half is verified
by your target's MCUboot image. The file is in PEM format.
If set to a non-empty value, the build system tries to
sign the final binaries using a 'west sign -t imgtool' command.
The signed binaries are placed in the build directory
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
This option should contain a path to the same file as the
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
may be absolute or relative to the west workspace topdir. (The MCUboot
config option is used for the MCUboot bootloader image; this option is
for your application which is to be loaded by MCUboot. The MCUboot
config option can be a relative path from the MCUboot repository
root.)
If left empty, you must sign the Zephyr binaries manually.
config MCUBOOT_ENCRYPTION_KEY_FILE
string "Path to the mcuboot encryption key file"
default ""
depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
help
The file contains the public key that is used to encrypt the
ephemeral key that encrypts the image. The corresponding
private key is hard coded in the MCUboot source code and is
used to decrypt the ephemeral key that is embedded in the
image. The file is in PEM format.
If set to a non-empty value, the build system tries to
sign and encrypt the final binaries using a 'west sign -t imgtool'
command. The binaries are placed in the build directory at
zephyr/zephyr.signed.encrypted.bin and
zephyr/zephyr.signed.encrypted.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
This option should either be an absolute path or a path relative to
the west workspace topdir.
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
If left empty, you must encrypt the Zephyr binaries manually.
config MCUBOOT_EXTRA_IMGTOOL_ARGS
string "Extra arguments to pass to imgtool when signing"
default ""
help
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
string) you can use this option to pass extra options to
imgtool. For example, you could set this to "--version 1.2".
config MCUBOOT_GENERATE_UNSIGNED_IMAGE
bool "Generate unsigned binary image bootable with MCUboot"
help
Enabling this configuration allows automatic unsigned binary image
generation when MCUboot signing key is not provided,
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
bool "Also generate a padded, confirmed image"
help
The signed, padded, and confirmed binaries are placed in the build
directory at zephyr/zephyr.signed.confirmed.bin and
zephyr/zephyr.signed.confirmed.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
endif # BOOTLOADER_MCUBOOT

View file

@ -2,6 +2,7 @@
# Copyright (c) 2014-2015 Wind River Systems, Inc. # Copyright (c) 2014-2015 Wind River Systems, Inc.
# Copyright (c) 2016 Intel Corporation # Copyright (c) 2016 Intel Corporation
# Copyright (c) 2023 Nordic Semiconductor ASA
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
@ -793,129 +794,7 @@ config BOOTLOADER_SRAM_SIZE
- Zephyr is a !XIP image, which implicitly assumes existence of a - Zephyr is a !XIP image, which implicitly assumes existence of a
bootloader that loads the Zephyr !XIP image onto SRAM. bootloader that loads the Zephyr !XIP image onto SRAM.
config MCUBOOT source "Kconfig.mcuboot"
bool
help
Hidden option used to indicate that the current image is MCUBoot
config BOOTLOADER_MCUBOOT
bool "MCUboot bootloader support"
select USE_DT_CODE_PARTITION
imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
depends on !MCUBOOT
help
This option signifies that the target uses MCUboot as a bootloader,
or in other words that the image is to be chain-loaded by MCUboot.
This sets several required build system and Device Tree options in
order for the image generated to be bootable using the MCUboot open
source bootloader. Currently this includes:
* Setting ROM_START_OFFSET to a default value that allows space
for the MCUboot image header
* Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
(or Armv8-M baseline) targets with no built-in vector relocation
mechanisms
By default, this option instructs Zephyr to initialize the core
architecture HW registers during boot, when this is supported by
the application. This removes the need by MCUboot to reset
the core registers' state itself.
if BOOTLOADER_MCUBOOT
config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
string "Extra parameters to west sign"
default "--quiet"
help
Parameters that are passed by cmake to west sign, just after
the command, before all other parameters needed for image
signing.
By default this is set to "--quiet" to prevent extra, non-error,
diagnostic messages from west sign. This does not affect signing
tool for which extra parameters are passed with
MCUBOOT_EXTRA_IMGTOOL_ARGS.
config MCUBOOT_SIGNATURE_KEY_FILE
string "Path to the mcuboot signing key file"
default ""
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
help
The file contains a key pair whose public half is verified
by your target's MCUboot image. The file is in PEM format.
If set to a non-empty value, the build system tries to
sign the final binaries using a 'west sign -t imgtool' command.
The signed binaries are placed in the build directory
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
This option should contain a path to the same file as the
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
may be absolute or relative to the west workspace topdir. (The MCUboot
config option is used for the MCUboot bootloader image; this option is
for your application which is to be loaded by MCUboot. The MCUboot
config option can be a relative path from the MCUboot repository
root.)
If left empty, you must sign the Zephyr binaries manually.
config MCUBOOT_ENCRYPTION_KEY_FILE
string "Path to the mcuboot encryption key file"
default ""
depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
help
The file contains the public key that is used to encrypt the
ephemeral key that encrypts the image. The corresponding
private key is hard coded in the MCUboot source code and is
used to decrypt the ephemeral key that is embedded in the
image. The file is in PEM format.
If set to a non-empty value, the build system tries to
sign and encrypt the final binaries using a 'west sign -t imgtool'
command. The binaries are placed in the build directory at
zephyr/zephyr.signed.encrypted.bin and
zephyr/zephyr.signed.encrypted.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
This option should either be an absolute path or a path relative to
the west workspace topdir.
Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
If left empty, you must encrypt the Zephyr binaries manually.
config MCUBOOT_EXTRA_IMGTOOL_ARGS
string "Extra arguments to pass to imgtool when signing"
default ""
help
When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
string) you can use this option to pass extra options to
imgtool. For example, you could set this to "--version 1.2".
config MCUBOOT_GENERATE_UNSIGNED_IMAGE
bool "Generate unsigned binary image bootable with MCUboot"
help
Enabling this configuration allows automatic unsigned binary image
generation when MCUboot signing key is not provided,
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
bool "Also generate a padded, confirmed image"
help
The signed, padded, and confirmed binaries are placed in the build
directory at zephyr/zephyr.signed.confirmed.bin and
zephyr/zephyr.signed.confirmed.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
endif # BOOTLOADER_MCUBOOT
config BOOTLOADER_ESP_IDF config BOOTLOADER_ESP_IDF
bool "ESP-IDF bootloader support" bool "ESP-IDF bootloader support"