| Roman Okhrimenko | dc0ca08 | 2023-06-21 20:49:51 +0300 | [diff] [blame] | 1 | # SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD |
| 2 | # |
| 3 | # SPDX-License-Identifier: Apache-2.0 |
| 4 | |
| 5 | CONFIG_ESP_BOOTLOADER_SIZE=0xF000 |
| 6 | CONFIG_ESP_APPLICATION_PRIMARY_START_ADDRESS=0x10000 |
| 7 | CONFIG_ESP_APPLICATION_SIZE=0x100000 |
| 8 | CONFIG_ESP_APPLICATION_SECONDARY_START_ADDRESS=0x110000 |
| 9 | CONFIG_ESP_MCUBOOT_WDT_ENABLE=y |
| 10 | CONFIG_ESP_SCRATCH_OFFSET=0x210000 |
| 11 | CONFIG_ESP_SCRATCH_SIZE=0x40000 |
| 12 | |
| 13 | # CONFIG_ESP_SIGN_EC256=y |
| 14 | # CONFIG_ESP_SIGN_ED25519=n |
| 15 | # CONFIG_ESP_SIGN_RSA=n |
| 16 | # CONFIG_ESP_SIGN_RSA_LEN=2048 |
| 17 | |
| 18 | # Use Tinycrypt lib for EC256 or ED25519 signing |
| 19 | # CONFIG_ESP_USE_TINYCRYPT=y |
| 20 | # Use Mbed TLS lib for RSA image signing |
| 21 | # CONFIG_ESP_USE_MBEDTLS=n |
| 22 | |
| 23 | # It is strongly recommended to generate a new signing key |
| 24 | # using imgtool instead of use the existent sample |
| 25 | # CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem |
| 26 | |
| 27 | # Hardware Secure Boot related options |
| 28 | # CONFIG_SECURE_SIGNED_ON_BOOT=1 |
| 29 | # CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 |
| 30 | # CONFIG_SECURE_BOOT=1 |
| 31 | # CONFIG_SECURE_BOOT_V2_ENABLED=1 |
| 32 | # CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 |
| 33 | |
| 34 | # Hardware Flash Encryption related options |
| 35 | # CONFIG_SECURE_FLASH_ENC_ENABLED=1 |
| 36 | # CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1 |
| 37 | # CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=1 |
| 38 | # CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=1 |
| 39 | # CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=1 |
| 40 | # CONFIG_SECURE_BOOT_ALLOW_JTAG=1 |
| 41 | # CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1 |
| 42 | |
| 43 | # Options for enabling eFuse emulation in Flash |
| 44 | # CONFIG_EFUSE_VIRTUAL=1 |
| 45 | # CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1 |