-
Notifications
You must be signed in to change notification settings - Fork 3
/
Kconfig
178 lines (147 loc) · 5.49 KB
/
Kconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
menu "Bootloader configuration"
config LOADER_SERIAL
bool "Loader serial interface activated (debug mode)"
default n
---help---
This option activates the loader serial interface (mainly
for debugging purpose).
The loader usart interface is activated.
Userspace applications printf content will be printed by
the loader.
This should be disabled in production mode.
if LOADER_SERIAL
choice
prompt "loader console USART identifier"
default LOADER_CONSOLE_USART1
config LOADER_CONSOLE_USART1
bool "loader uses USART1 for its console"
---help---
In Discovery board, PB6(TX)/PB7(RX) pins are linked to UART1, if
using motherboard DM-STF4BB, the RS232 connector is linked
to USART6.
config LOADER_CONSOLE_USART4
bool "loader uses USART4 for its console"
---help---
In Discovery board, PB6(TX)/PB7(RX) pins are linked to UART1, if
using motherboard DM-STF4BB, the RS232 connector is linked
to USART4.
config LOADER_CONSOLE_USART6
bool "loader uses USART6 for its console"
---help---
In Discovery board, PB6(TX)/PB7(RX) pins are linked to UART1, if
using motherboard DM-STF4BB, the RS232 connector is linked
to USART6.
endchoice
config LOADER_USART
int
default 1 if LOADER_CONSOLE_USART1
default 4 if LOADER_CONSOLE_USART4
default 6 if LOADER_CONSOLE_USART6
config LOADER_EXTRA_DEBUG
bool "Enable extra debugging informations"
default n
---help---
Print extra debugging information on the serial console, like
automaton states and transitions
config LOADER_ALLOW_SERIAL_RX
bool "Enable loader RX line IRQ (debug purpose)"
default n
---help---
Allow the RX line to be used in the loader. This is by default
disabled for security reasons: you can activate it for debug
purposes.
endif
config LOADER_MOCKUP
bool "Enable bootloader mockup mode"
if LOADER_MOCKUP
config LOADER_MOCKUP_DFU
bool "Start in DFU mode"
---help---
Boot in DFU mode of the eligible firmware automatically. This
behavor replace a manual push on the DFU button at boot time.
The loader boots the DFU mode of the currently eligible firmware
endif
config LOADER_FW_HASH_CHECK
bool "Check firmware integrity at boot"
---help---
Check that the Firmware image that is going to be booted is
checked for integrity, using the hash data of the firmware header to
compare with.
This does not deactivate the CRC32 check of the firmware
header structure
config LOADER_FLASH_LOCK
bool "Lock flash banks at boot time"
default y
---help---
Lock current flash bank write access in DFU mode (allowing other
bank update) and all banks write access in nominal mode.
config LOADER_FLASH_RDP_CHECK
bool "Check that RDP protection is active at boot time"
default n
---help---
Check if the RDP protection flag is active at boot.
If RDP protection is not active, then reset the board.
config LOADER_ERASE_ON_SECBREACH
bool "Erase flash on Security breach detection"
default y
---help---
If the bootloader detect a security breach (SECBREACH state), the flash
is erased to protect assets. In RDP2 mode, the device is broken.
if LOADER_ERASE_ON_SECBREACH
config LOADER_ERASE_WITH_RECOVERY
bool "Handle reset while erasing"
default n
---help---
If the device resets while the bootloader is in security erase mode, handle
flash erase continuation at bootup, using One Time Programable flash blocks
to handle current erase state.
if LOADER_ERASE_WITH_RECOVERY
config LOADER_EMULATE_OTP
bool "Emulate OTP"
depends on !LOADER_BSRAM_KEYBAG_AUTH && !LOADER_BSRAM_KEYBAG_DFU && !LOADER_BSRAM_FLASH_KEY
depends on !FIRMWARE_BUILD_MODE_PROD
default n
---help---
OTP in emulation mode, meaning that they are never "locked". This is useful to
"debug" the mass erase feature, but this must not be selected in production mode!
endif
endif
config LOADER_BSRAM_KEYBAG_AUTH
bool "Use Backup SRAM for AUTH keybag (security enhanced mechanism)"
default y
---help---
Use the Backup SRAM to copy the AUTH keybag. This improves security
over keeping plain keys in the firmware update.
config LOADER_BSRAM_KEYBAG_DFU
bool "Use Backup SRAM for DFU keybag (security enhanced mechanism)"
default y
---help---
Use the Backup SRAM to copy the DFU keybag. This improves security
over keeping plain keys in the firmware update.
config LOADER_BSRAM_FLASH_KEY
bool "Use Backup SRAM for DFU flash over-encryption key (security enhanced mechanism)"
default y
---help---
Use the Backup SRAM to copy the flash over-encryption key in DFU mode.
This improves security over keeping plain keys in the firmware update.
config LOADER_USE_PVD
bool "Use PVD (Power Voltage Detection) as defense in depth against glitches"
default y
---help---
Use the STM32 Power Voltage Detection to try to detect voltage or EM
glitches.
choice
prompt "loader behavior on invalid control flow detection"
default LOADER_INVAL_CFLOW_GOTO_ERROR
config LOADER_INVAL_CFLOW_GOTO_ERROR
bool "Error state on invalid control flow"
---help---
Goto error state on invalid control flow detection.
Usually generates a reset or hang the execution.
config LOADER_INVAL_CFLOW_GOTO_SECBREACH
bool "Security breach state on invalid control flow"
---help---
Goto secbreach state on invalid control flow detection.
May generate upto the flash memory erase.
endchoice
endmenu