Add config option for caching of validation state of an image in primary slot for single loader
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
diff --git a/docs/design.md b/docs/design.md
index 06b4764..548580b 100755
--- a/docs/design.md
+++ b/docs/design.md
@@ -1147,6 +1147,15 @@
keys will then be iterated over looking for the matching key, which then
will then be used to verify the image contents.
+For low performance MCU's where the validation is a heavy process at boot
+(~1-2 seconds on a arm-cortex-M0), the `MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE`
+could be used. This option will cache the validation result as described above
+into the magic area of the primary slot. The next boot, the validation will be
+skipped if the previous validation was succesfull. This option is reducing the
+security level since if an attacker could modify the contents of the flash after
+a good image has been validated, the attacker could run his own image without
+running validation again. Enabling this option should be done with care.
+
## [Security](#security)
As indicated above, the final step of the integrity check is signature