From 595fb49314be2672fdcf040475265929e24ef457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Wed, 10 Nov 2021 08:02:53 +0000 Subject: [PATCH] [nrf noup] kconfig: reduce downstream patch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit squash! [nrf noup] treewide: add NCS partition manager support Source the file 'Kconfig.mcuboot' from sdk-nrf to reduce the amount of downstream patches in boot/zephyr/Kconfig. NOTE TO UPMERGE AUTHOR: This commit removes all but one downstream patches to the file boot/zephyr/Kconfig. The only remaining patch should be the sourcing of the Kconfig file in the mcuboot module in the nrf repo. Hence there should be no modification to this file by any of the [nrf noup] commits (except one) noup commits with modifications that should be discarded: [nrf noup] treewide: add NCS partition manager support 4eba7803b69e0cb72f5d8d35584b1673df008851 ! With the exception of the one line added by squashing this ! commit. [nrf noup] kconfig: use cc310 for ecdsa by default a2422d91c88aa3415d471e6b213ac069d5ccf178 [nrf noup] boot: bootutil: Add shared crypto for ECDSA and SHA 8ac5bd1f44a55968149721023c08ea83fef5790b [nrf noup] boot: add 'minimal' configuration files 2b23edc81b74f33fd2df0ece588d9ec73e5697b9 [nrf noup] boot: zephyr: add support for Thingy:91 39fe200993fbf133e5023995d1bad3a140514540 [nrf noup] do_boot: clean peripherals state before boot 9a3853b344f378cc6f03495cd8631815643506ed Ref: NCSDK-11177 Signed-off-by: Håkon Øye Amundsen --- boot/zephyr/Kconfig | 76 +++++++-------------------------------------- 1 file changed, 12 insertions(+), 64 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index dce4b05bc..500dcb5bd 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -8,6 +8,8 @@ mainmenu "MCUboot configuration" comment "MCUboot-specific configuration options" +source "$(ZEPHYR_NRF_MODULE_DIR)/modules/mcuboot/boot/zephyr/Kconfig" + # Hidden option to mark a project as MCUboot config MCUBOOT default y @@ -16,35 +18,6 @@ config MCUBOOT select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET select MCUBOOT_BOOTUTIL_LIB -config BOOT_USE_MIN_PARTITION_SIZE - bool "Build for a minimal image size" - -partition=MCUBOOT_SCRATCH -partition-size=0x1e000 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - -partition=MCUBOOT_PAD -partition-size=0x200 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - -config PM_PARTITION_SIZE_MCUBOOT - hex - default FPROTECT_BLOCK_SIZE if (SOC_NRF5340_CPUAPP || SOC_NRF9160) - default 0x3e00 - depends on (BOOT_NRF_EXTERNAL_CRYPTO && BOOT_USE_MIN_PARTITION_SIZE) - -config PM_PARTITION_SIZE_MCUBOOT - hex - default FPROTECT_BLOCK_SIZE if SOC_NRF9160 - default 0x7c00 - depends on BOOT_USE_MIN_PARTITION_SIZE - -config PM_PARTITION_SIZE_MCUBOOT - hex "Flash space allocated for the MCUboot partition." if !BOOT_USE_MIN_PARTITION_SIZE - default 0xc000 - help - Flash space set aside for the MCUboot partition. - config BOOT_USE_MBEDTLS bool # Hidden option @@ -74,18 +47,15 @@ config BOOT_USE_CC310 config BOOT_USE_NRF_CC310_BL bool - select NRF_CC310_BL + default n -config BOOT_USE_NRF_EXTERNAL_CRYPTO +config NRFXLIB_CRYPTO + bool + default n + +config NRF_CC310_BL bool - # Hidden option default n - # When building for ECDSA, we use our own copy of mbedTLS, so the - # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros - # will collide. - depends on ! MBEDTLS - help - Use Shared crypto for crypto primitives. menu "MCUBoot settings" @@ -99,7 +69,6 @@ config SINGLE_APPLICATION_SLOT choice BOOT_SIGNATURE_TYPE prompt "Signature type" - default BOOT_SIGNATURE_TYPE_ECDSA_P256 if HAS_HW_NRF_CC310 && !BOARD_THINGY91_NRF9160 && !BOARD_THINGY91_NRF52840 default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE @@ -124,11 +93,9 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice BOOT_ECDSA_IMPLEMENTATION prompt "Ecdsa implementation" - default BOOT_NRF_EXTERNAL_CRYPTO if SECURE_BOOT - default BOOT_ECDSA_CC310 if HAS_HW_NRF_CC310 - default BOOT_TINYCRYPT + default BOOT_ECDSA_TINYCRYPT -config BOOT_TINYCRYPT +config BOOT_ECDSA_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT @@ -139,14 +106,8 @@ config BOOT_ECDSA_CC310 select NRF_CC310_BL select NRFXLIB_CRYPTO select BOOT_USE_CC310 - -config BOOT_NRF_EXTERNAL_CRYPTO - bool "Use Shared Crypto from bootloader" - select BOOT_USE_NRF_EXTERNAL_CRYPTO - endchoice # Ecdsa implementation - -endif #BOOT_SIGNATURE_TYPE_ECDSA_P256 +endif config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" @@ -173,6 +134,7 @@ config BOOT_SIGNATURE_KEY_FILE default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 + default "" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts @@ -201,11 +163,6 @@ config MCUBOOT_CLEANUP_ARM_CORE by default, if they are chain-loadable by MCUboot, so MCUboot does not need to perform such a cleanup itself. -config MCUBOOT_NRF_CLEANUP_PERIPHERAL - bool "Perform peripheral cleanup before chain-load the application" - depends on SOC_FAMILY_NRF - default y - config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" @@ -341,15 +298,6 @@ config BOOT_MAX_IMG_SECTORS memory usage; larger values allow it to support larger images. If unsure, leave at the default value. -config BOOT_ERASE_PROGRESSIVELY - bool "Erase flash progressively when receiving new firmware" - default y if SOC_FAMILY_NRF - help - If enabled, flash is erased as necessary when receiving new firmware, - instead of erasing the whole image slot at once. This is necessary - on some hardware that has long erase times, to prevent long wait - times at the beginning of the DFU process. - config MEASURED_BOOT bool "Store the boot state/measurements in shared memory" default n