TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 4da4a72cb15f0e90cf7c2de24a48f54721e86ded / . / boot / espressif / port / esp32c2 / bootloader.conf
blob: 54f797e71e2e6fce52ec51fb5a07cb09e38a2061 [file] [log] [blame]
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]1# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
2#
3# SPDX-License-Identifier: Apache-2.0
4
5CONFIG_ESP_FLASH_SIZE=4MB
6CONFIG_ESP_BOOTLOADER_SIZE=0xF000
7CONFIG_ESP_BOOTLOADER_OFFSET=0x0000
8CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000
9CONFIG_ESP_APPLICATION_SIZE=0x100000
10CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000
11CONFIG_ESP_MCUBOOT_WDT_ENABLE=y
12CONFIG_ESP_SCRATCH_OFFSET=0x210000
13CONFIG_ESP_SCRATCH_SIZE=0x40000
14
15# When enabled, prevents updating image to an older version
16# CONFIG_ESP_DOWNGRADE_PREVENTION=y
17# This option makes downgrade prevention rely also on security
18# counter (defined using imgtool) instead of only image version
19# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y
20
21# Enables the MCUboot Serial Recovery, that allows the use of
22# MCUMGR to upload a firmware through the serial port
23# CONFIG_ESP_MCUBOOT_SERIAL=y
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]24# Use sector erasing (recommended) instead of entire image size
25# erasing when uploading through Serial Recovery
26# CONFIG_ESP_MCUBOOT_ERASE_PROGRESSIVELY=y
27
28# GPIO used to boot on Serial Recovery
Almir Okato68a29802023-08-02 01:01:19 -0300[diff] [blame]29# CONFIG_ESP_SERIAL_BOOT_GPIO_DETECT=18
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]30# GPIO input type (0 for Pull-down, 1 for Pull-up)
31# CONFIG_ESP_SERIAL_BOOT_GPIO_INPUT_TYPE=0
32# GPIO signal value
33# CONFIG_ESP_SERIAL_BOOT_GPIO_DETECT_VAL=1
34# Delay time for identify the GPIO signal
35# CONFIG_ESP_SERIAL_BOOT_DETECT_DELAY_S=5
36# UART port used for serial communication (not needed when using USB)
37# CONFIG_ESP_SERIAL_BOOT_UART_NUM=1
38# GPIO for Serial RX signal
Almir Okato68a29802023-08-02 01:01:19 -0300[diff] [blame]39# CONFIG_ESP_SERIAL_BOOT_GPIO_RX=2
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]40# GPIO for Serial TX signal
Almir Okato68a29802023-08-02 01:01:19 -0300[diff] [blame]41# CONFIG_ESP_SERIAL_BOOT_GPIO_TX=3
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]42
43# Use UART0 for console printing (use either UART or USB alone)
44CONFIG_ESP_CONSOLE_UART=y
45CONFIG_ESP_CONSOLE_UART_NUM=0
46# Configures alternative UART port for console printing
47# (UART_NUM=0 must not be changed)
48# CONFIG_ESP_CONSOLE_UART_CUSTOM=y
Almir Okato68a29802023-08-02 01:01:19 -0300[diff] [blame]49# CONFIG_ESP_CONSOLE_UART_TX_GPIO=3
50# CONFIG_ESP_CONSOLE_UART_RX_GPIO=2
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]51
52# CONFIG_ESP_SIGN_EC256=y
53# CONFIG_ESP_SIGN_ED25519=n
54# CONFIG_ESP_SIGN_RSA=n
55# CONFIG_ESP_SIGN_RSA_LEN=2048
56
57# Use Tinycrypt lib for EC256 or ED25519 signing
58# CONFIG_ESP_USE_TINYCRYPT=y
59# Use Mbed TLS lib for RSA image signing
60# CONFIG_ESP_USE_MBEDTLS=n
61
62# It is strongly recommended to generate a new signing key
63# using imgtool instead of use the existent sample
64# CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem
65
Almir Okatodb2024e2023-08-24 15:40:26 -0300[diff] [blame]66# Hardware Secure Boot related options
67# CONFIG_SECURE_SIGNED_ON_BOOT=1
68# CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME=1
69# CONFIG_SECURE_BOOT=1
70# CONFIG_SECURE_BOOT_V2_ENABLED=1
71
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]72# Hardware Flash Encryption related options
73# CONFIG_SECURE_FLASH_ENC_ENABLED=1
74# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1
75# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=1
76# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=1
77# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=1
78# CONFIG_SECURE_BOOT_ALLOW_JTAG=1
79# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1
80
Almir Okatodb2024e2023-08-24 15:40:26 -0300[diff] [blame]81# This option must be also enabled when enabling both Secure Boot
82# and Flash Encryption at same time
83# CONFIG_SECURE_BOOT_FLASH_ENC_KEYS_BURN_TOGETHER=1
84
Almir Okatoc3fe5162023-06-26 22:34:20 -0300[diff] [blame]85# Options for enabling eFuse emulation in Flash
86# CONFIG_EFUSE_VIRTUAL=1
87# CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1