TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 4da4a72cb15f0e90cf7c2de24a48f54721e86ded / . / boot / espressif / port / esp32s2 / bootloader.conf
blob: 485ba77e1a8d08b579cd6dad2cd312e56c3d85ce [file] [log] [blame]
Gustavo Henrique Nihei523ef3f2021-11-12 17:53:18 -0300[diff] [blame]1# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
Almir Okatoeb6b7bf2021-09-07 17:06:35 -0300[diff] [blame]2#
3# SPDX-License-Identifier: Apache-2.0
4
Almir Okatofa173df2022-04-19 01:10:30 -0300[diff] [blame]5CONFIG_ESP_FLASH_SIZE=4MB
Shubham Kulkarni052561d2021-07-20 11:42:44 +0530[diff] [blame]6CONFIG_ESP_BOOTLOADER_SIZE=0xF000
Almir Okatofa173df2022-04-19 01:10:30 -0300[diff] [blame]7CONFIG_ESP_BOOTLOADER_OFFSET=0x1000
Almir Okatoa1d641d2022-02-21 19:31:46 -0300[diff] [blame]8CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000
Shubham Kulkarni052561d2021-07-20 11:42:44 +0530[diff] [blame]9CONFIG_ESP_APPLICATION_SIZE=0x100000
Almir Okatoa1d641d2022-02-21 19:31:46 -0300[diff] [blame]10CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000
Shubham Kulkarni052561d2021-07-20 11:42:44 +0530[diff] [blame]11CONFIG_ESP_MCUBOOT_WDT_ENABLE=y
12CONFIG_ESP_SCRATCH_OFFSET=0x210000
13CONFIG_ESP_SCRATCH_SIZE=0x40000
Almir Okatoeb6b7bf2021-09-07 17:06:35 -0300[diff] [blame]14
Almir Okato84da51b2022-11-25 01:25:41 -0300[diff] [blame]15# When enabled, prevents updating image to an older version
16# CONFIG_ESP_DOWNGRADE_PREVENTION=y
17# This option makes downgrade prevention rely also on security
18# counter (defined using imgtool) instead of only image version
19# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y
20
Almir Okato40995832022-10-20 12:52:25 -0300[diff] [blame]21# Enables the MCUboot Serial Recovery, that allows the use of
22# MCUMGR to upload a firmware through the serial port
23# CONFIG_ESP_MCUBOOT_SERIAL=y
24# Use sector erasing (recommended) instead of entire image size
25# erasing when uploading through Serial Recovery
26# CONFIG_ESP_MCUBOOT_ERASE_PROGRESSIVELY=y
27
28# GPIO used to boot on Serial Recovery
29# CONFIG_ESP_SERIAL_BOOT_GPIO_DETECT=5
30# GPIO input type (0 for Pull-down, 1 for Pull-up)
31# CONFIG_ESP_SERIAL_BOOT_GPIO_INPUT_TYPE=0
32# GPIO signal value
33# CONFIG_ESP_SERIAL_BOOT_GPIO_DETECT_VAL=1
34# Delay time for identify the GPIO signal
35# CONFIG_ESP_SERIAL_BOOT_DETECT_DELAY_S=5
36# UART port used for serial communication (not needed when using USB)
37# CONFIG_ESP_SERIAL_BOOT_UART_NUM=1
38# GPIO for Serial RX signal
39# CONFIG_ESP_SERIAL_BOOT_GPIO_RX=18
40# GPIO for Serial TX signal
41# CONFIG_ESP_SERIAL_BOOT_GPIO_TX=17
42
43# Use UART0 for console printing (use either UART or USB alone)
44CONFIG_ESP_CONSOLE_UART=y
45CONFIG_ESP_CONSOLE_UART_NUM=0
46# Configures alternative UART port for console printing
47# (UART_NUM=0 must not be changed)
48# CONFIG_ESP_CONSOLE_UART_CUSTOM=y
49# CONFIG_ESP_CONSOLE_UART_TX_GPIO=17
50# CONFIG_ESP_CONSOLE_UART_RX_GPIO=18
51
Almir Okatoeb6b7bf2021-09-07 17:06:35 -0300[diff] [blame]52# CONFIG_ESP_SIGN_EC256=y
53# CONFIG_ESP_SIGN_ED25519=n
54# CONFIG_ESP_SIGN_RSA=n
55# CONFIG_ESP_SIGN_RSA_LEN=2048
56
57# Use Tinycrypt lib for EC256 or ED25519 signing
58# CONFIG_ESP_USE_TINYCRYPT=y
59# Use Mbed TLS lib for RSA image signing
60# CONFIG_ESP_USE_MBEDTLS=n
61
62# It is strongly recommended to generate a new signing key
63# using imgtool instead of use the existent sample
64# CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem
Gustavo Henrique Nihei523ef3f2021-11-12 17:53:18 -0300[diff] [blame]65
66# Hardware Secure Boot related options
67# CONFIG_SECURE_SIGNED_ON_BOOT=1
68# CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1
69# CONFIG_SECURE_BOOT=1
70# CONFIG_SECURE_BOOT_V2_ENABLED=1
71# CONFIG_SECURE_BOOT_SUPPORTS_RSA=1
72
Almir Okato14763b12021-11-25 00:45:26 -0300[diff] [blame]73# Hardware Flash Encryption related options
74# CONFIG_SECURE_FLASH_ENC_ENABLED=1
75# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1
76# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=1
77# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=1
78# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=1
79# CONFIG_SECURE_BOOT_ALLOW_JTAG=1
80# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1
81
Gustavo Henrique Nihei523ef3f2021-11-12 17:53:18 -0300[diff] [blame]82# Options for enabling eFuse emulation in Flash
83# CONFIG_EFUSE_VIRTUAL=1
84# CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1