Kconfig: Add BL1 and BL2 Kconfig configs
bl1/Kconfig and bl2/ext/mcuboot/Kconfig are based on related
CMAKE config files. As these two modules join into the Kconfig
menu, CMAKE include process in kconfig.cmake can be dropped.
Signed-off-by: Jianliang Shen <jianliang.shen@arm.com>
Change-Id: I288fabab9adb66028125fa0b7065e2e39e2420a5
diff --git a/Kconfig b/Kconfig
index 63d1845..05d8f27 100644
--- a/Kconfig
+++ b/Kconfig
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2022, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,6 +10,10 @@
# Load platform Kconfig file if exists
osource "$(PLATFORM_PATH)/Kconfig"
+################################# Bootloader ###################################
+
+rsource "Kconfig.bl"
+
################################# SPM ##########################################
rsource "secure_fw/spm/Kconfig"
diff --git a/Kconfig.bl b/Kconfig.bl
new file mode 100644
index 0000000..d4495cc
--- /dev/null
+++ b/Kconfig.bl
@@ -0,0 +1,33 @@
+
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+rsource "bl1/Kconfig"
+rsource "bl2/ext/mcuboot/Kconfig"
+
+menu "BL options"
+
+config CONFIG_TFM_BOOT_STORE_MEASUREMENTS
+ bool "Store measurement values from all the boot stages"
+ default y
+ help
+ Used for initial attestation token.
+
+config CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS
+ bool "Enable storing of encoded measurements in boot"
+ default y
+
+config MCUBOOT_DATA_SHARING
+ bool
+ default y if TFM_PARTITION_FIRMWARE_UPDATE || \
+ (BL2 && CONFIG_TFM_BOOT_STORE_MEASUREMENTS && \
+ !CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS)
+ default n
+ help
+ Add sharing of application specific data using the same shared data area
+ as for the measured boot
+endmenu
diff --git a/bl1/Kconfig b/bl1/Kconfig
new file mode 100644
index 0000000..885b699
--- /dev/null
+++ b/bl1/Kconfig
@@ -0,0 +1,99 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+menuconfig BL1
+ bool "BL1"
+ default n
+
+if BL1 && PLATFORM_DEFAULT_BL1
+
+config TFM_BL2_ENCRYPTION_KEY_PATH
+ string
+ default "$(TFM_SOURCE_DIR)/bl1/bl1_2/bl2_dummy_encryption_key.bin"
+ help
+ Path to binary key to use for encrypting BL2
+
+config TFM_GUK_PATH
+ string
+ default "$(TFM_SOURCE_DIR)/bl1/bl1_1/dummy_guk.bin"
+ help
+ Path to binary GUK key file to provision
+
+config TFM_BL2_IMAGE_FLASH_AREA_NUM
+ int "Which flash area BL2 is stored in"
+ default 0
+
+config TFM_BL2_SIGNING_KEY_PATH
+ string
+ default "$(TFM_SOURCE_DIR)/bl1/bl1_2/bl1_dummy_rotpk"
+ help
+ Path to binary BL2 signing private key
+
+config TFM_BL1_MEMORY_MAPPED_FLASH
+ bool "BL1 Access flash content"
+ default y
+
+config TFM_BL1_LOGGING
+ bool "BL1 log to uart"
+ default y
+
+config TFM_BL1_DEFAULT_OTP
+ bool
+ default y
+ help
+ Whether BL1_1 will use default OTP memory
+
+config TFM_BL1_DEFAULT_PROVISIONING
+ bool
+ default y
+ help
+ Whether BL1_1 will use default provisioning
+
+config TFM_BL1_SOFTWARE_CRYPTO
+ bool
+ default y
+ help
+ Whether BL1_1 will use software crypto
+
+config TFM_BL1_DUMMY_TRNG
+ bool
+ default y
+ help
+ Whether BL1_1 will use dummy TRNG
+
+config TFM_BL1_PQ_CRYPTO
+ bool "Enable LMS PQ crypto for BL2 verification."
+ default n
+ help
+ Enable LMS PQ crypto for BL2 verification. This is experimental and should
+ not yet be used in production
+
+config TFM_BL1_IMAGE_VERSION_BL2
+ string "Image version of BL2 image"
+ default "1.9.0+0"
+
+config TFM_BL1_IMAGE_SECURITY_COUNTER_BL2
+ int "Security counter value to include with BL2 image"
+ default 1
+
+config TFM_BL1_2_IN_OTP
+ bool "Whether BL1_2 is stored in OTP"
+ default y
+
+config BL1_HEADER_SIZE
+ hex "BL1 Header size"
+ default 0x800
+
+config BL1_TRAILER_SIZE
+ hex "BL1 Trailer size"
+ default 0x000
+
+config TFM_BL1_LOGGING
+ bool "Enable BL1 Logging"
+ default y
+
+endif
diff --git a/bl2/ext/mcuboot/Kconfig b/bl2/ext/mcuboot/Kconfig
new file mode 100644
index 0000000..e475b6a
--- /dev/null
+++ b/bl2/ext/mcuboot/Kconfig
@@ -0,0 +1,247 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+menuconfig BL2
+ bool "BL2"
+ default y
+
+if BL2
+
+config DEFAULT_MCUBOOT_SECURITY_COUNTERS
+ bool "Use the default security counter configuration"
+ default y
+ help
+ Use the default security counter configuration defined by TF-M project
+
+config DEFAULT_MCUBOOT_FLASH_MAP
+ bool "Use the default flash map"
+ default y
+ help
+ Whether to use the default flash map defined by TF-M project
+
+config MCUBOOT_S_IMAGE_FLASH_AREA_NUM
+ int "ID of the flash area containing the primary Secure image"
+ default 0
+ help
+ ID of the flash area containing the primary Secure image
+
+config MCUBOOT_NS_IMAGE_FLASH_AREA_NUM
+ int "ID of the flash area containing the primary Non-Secure image"
+ default 1
+
+config MCUBOOT_IMAGE_NUMBER
+ int "Whether to combine S and NS into either 1 image, or sign each seperately"
+ default 2
+ range 1 4
+
+config MCUBOOT_EXECUTION_SLOT
+ int "Slot from which to execute the image, used for XIP mode"
+ default 1
+
+config MCUBOOT_HW_KEY
+ bool "Embed the entire public key"
+ default y
+ help
+ Whether to embed the entire public key in the image metadata instead of
+ the hash only
+
+choice
+ prompt "Upgrade strategy for images"
+ default MCUBOOT_UPGRADE_STRATEGY_OVERWRITE_ONLY
+
+ config MCUBOOT_UPGRADE_STRATEGY_OVERWRITE_ONLY
+ bool "Overwrite only"
+
+ config MCUBOOT_UPGRADE_STRATEGY_SWAP_USING_SCRATCH
+ bool "Swap using scratch"
+
+ config MCUBOOT_UPGRADE_STRATEGY_SWAP_USING_MOVE
+ bool "Swap using move"
+
+ config MCUBOOT_UPGRADE_STRATEGY_DIRECT_XIP
+ bool "Direct xip"
+ depends on !TFM_PARTITION_FIRMWARE_UPDATE
+
+ config MCUBOOT_UPGRADE_STRATEGY_RAM_LOAD
+ bool "Ram load"
+ depends on !TFM_PARTITION_FIRMWARE_UPDATE
+endchoice
+
+config MCUBOOT_UPGRADE_STRATEGY
+ string "Upgrade strategy for images"
+ default "OVERWRITE_ONLY" if MCUBOOT_UPGRADE_STRATEGY_OVERWRITE_ONLY
+ default "SWAP_USING_SCRATCH" if MCUBOOT_UPGRADE_STRATEGY_SWAP_USING_SCRATCH
+ default "SWAP_USING_MOVE" if MCUBOOT_UPGRADE_STRATEGY_SWAP_USING_MOVE
+ default "DIRECT_XIP" if MCUBOOT_UPGRADE_STRATEGY_DIRECT_XIP
+ default "RAM_LOAD" if MCUBOOT_UPGRADE_STRATEGY_RAM_LOAD
+
+config BL2_HEADER_SIZE
+ hex "BL2 Header size"
+ default 0x400
+
+config BL2_TRAILER_SIZE
+ hex "BL2 Trailer size"
+ default 0x400
+
+choice
+ prompt "Align option for mcuboot and build image with imgtool"
+ config MCUBOOT_ALIGN_VAL_1
+ bool "1"
+ config MCUBOOT_ALIGN_VAL_2
+ bool "2"
+ config MCUBOOT_ALIGN_VAL_4
+ bool "4"
+ config MCUBOOT_ALIGN_VAL_8
+ bool "8"
+ config MCUBOOT_ALIGN_VAL_16
+ bool "16"
+ config MCUBOOT_ALIGN_VAL_32
+ bool "32"
+endchoice
+
+config MCUBOOT_ALIGN_VAL
+ int
+ default 1 if MCUBOOT_ALIGN_VAL_1
+ default 2 if MCUBOOT_ALIGN_VAL_2
+ default 4 if MCUBOOT_ALIGN_VAL_4
+ default 8 if MCUBOOT_ALIGN_VAL_8
+ default 16 if MCUBOOT_ALIGN_VAL_16
+ default 32 if MCUBOOT_ALIGN_VAL_32
+
+config MCUBOOT_CONFIRM_IMAGE
+ bool "Whether to confirm the image if REVERT is supported in MCUboot"
+ default n
+
+config MCUBOOT_DIRECT_XIP_REVERT
+ bool "Enable the revert mechanism in direct-xip mode"
+ default y
+
+config MCUBOOT_HW_ROLLBACK_PROT
+ bool "Enable security counter validation against non-volatile HW counters"
+ default y
+
+config MCUBOOT_ENC_IMAGES
+ bool "Enable encrypted image upgrade support"
+ default n
+
+config MCUBOOT_BOOTSTRAP
+ bool "Support initial state with empty primary slot and images installed from secondary slots"
+ default n
+
+config MCUBOOT_ENCRYPT_RSA
+ bool "Use RSA for encrypted image upgrade support"
+ default n
+
+choice
+ prompt "Fault injection hardening profile"
+ default MCUBOOT_FIH_PROFILE_OFF
+
+ config MCUBOOT_FIH_PROFILE_OFF
+ bool "OFF"
+
+ config MCUBOOT_FIH_PROFILE_LOW
+ bool "LOW"
+
+ config MCUBOOT_FIH_PROFILE_MEDIUM
+ bool "MEDIUM"
+
+ config MCUBOOT_FIH_PROFILE_HIGH
+ bool "HIGH"
+endchoice
+
+config MCUBOOT_FIH_PROFILE
+ string
+ default "OFF" if MCUBOOT_FIH_PROFILE_OFF
+ default "LOW" if MCUBOOT_FIH_PROFILE_LOW
+ default "MEDIUM" if MCUBOOT_FIH_PROFILE_MEDIUM
+ default "HIGH" if MCUBOOT_FIH_PROFILE_HIGH
+
+config MCUBOOT_SIGNATURE_TYPE
+ string "Algorithm to use for signature validation"
+ default "RSA"
+ help
+ Note - If either SIGNATURE_TYPE or KEY_LEN are changed, the entries for KEY_S
+ and KEY_NS will either have to be updated manually or removed from the cache.
+ `cmake .. -UMCUBOOT_KEY_S -UMCUBOOT_KEY_NS`. Once removed from the cache it
+ will be set to default again.
+
+config MCUBOOT_SIGNATURE_KEY_LEN
+ int "Key length to use for signature validation"
+ default 3072
+
+config MCUBOOT_KEY_S
+ string "Path to key with which to sign secure binary"
+ default "$(TFM_SOURCE_DIR)/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}.pem"
+
+config MCUBOOT_KEY_NS
+ string "Path to key with which to sign non-secure binary"
+ default "$(TFM_SOURCE_DIR)/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}_1.pem"
+
+config MCUBOOT_IMAGE_VERSION_S
+ string "Version number of S image"
+ default "$(TFM_VERSION)"
+
+config MCUBOOT_IMAGE_VERSION_NS
+ string "Version number of NS image"
+ default "0.0.0"
+
+config MCUBOOT_SECURITY_COUNTER_S
+ int "Security counter for S image. auto sets it to IMAGE_VERSION_S"
+ default 1
+
+config MCUBOOT_SECURITY_COUNTER_NS
+ int "Security counter for NS image. auto sets it to IMAGE_VERSION_NS"
+ default 1
+
+config MCUBOOT_S_IMAGE_MIN_VER
+ string "Minimum version of secure image"
+ default "0.0.0+0"
+ help
+ Minimum version of secure image required by the non-secure image for
+ upgrade to this non-secure image. If MCUBOOT_IMAGE_NUMBER == 1 this
+ option has no effect
+
+config MCUBOOT_NS_IMAGE_MIN_VER
+ string "Minimum version of non-secure image"
+ default "0.0.0+0"
+ help
+ Minimum version of non-secure image required by the secure image for
+ upgrade to this secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option
+ has no effect
+
+config MCUBOOT_ENC_KEY_LEN
+ int "Length of the AES key for encrypting images"
+ default 128
+
+config MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH
+ string "Mbedtls config file to use with MCUboot"
+ default "$(TFM_SOURCE_DIR)/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h"
+
+choice
+ prompt "MCUBoot Log Level"
+ default MCUBOOT_LOG_LEVEL_INFO
+
+ config MCUBOOT_LOG_LEVEL_DEBUG
+ bool "Debug"
+ config MCUBOOT_LOG_LEVEL_INFO
+ bool "Info"
+ config MCUBOOT_LOG_LEVEL_WARNING
+ bool "Warning"
+ config MCUBOOT_LOG_LEVEL_ERROR
+ bool "Error"
+ config MCUBOOT_LOG_LEVEL_OFF
+ bool "Off"
+endchoice
+
+config MCUBOOT_LOG_LEVEL
+ string
+ default "DEBUG" if MCUBOOT_LOG_LEVEL_DEBUG
+ default "INFO" if MCUBOOT_LOG_LEVEL_INFO
+ default "WARNING" if MCUBOOT_LOG_LEVEL_WARNING
+ default "ERROR" if MCUBOOT_LOG_LEVEL_ERROR
+ default "OFF" if MCUBOOT_LOG_LEVEL_OFF
+endif
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 3b3be77..482236f 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -52,7 +52,7 @@
########################## BL2 #################################################
get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS)
-tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST))
+tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST) AND NOT USE_KCONFIG_TOOL)
# Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs
tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 4)
@@ -61,7 +61,7 @@
tfm_invalid_config((NOT (TFM_PARTITION_FIRMWARE_UPDATE OR CONFIG_TFM_BOOT_STORE_MEASUREMENTS)) AND MCUBOOT_DATA_SHARING)
get_property(MCUBOOT_ALIGN_VAL_LIST CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS)
-tfm_invalid_config(BL2 AND (NOT MCUBOOT_ALIGN_VAL IN_LIST MCUBOOT_ALIGN_VAL_LIST))
+tfm_invalid_config(BL2 AND (NOT MCUBOOT_ALIGN_VAL IN_LIST MCUBOOT_ALIGN_VAL_LIST) AND NOT USE_KCONFIG_TOOL)
####################### Code sharing ###########################################
diff --git a/config/kconfig.cmake b/config/kconfig.cmake
index 8dde3d3..54a9318 100644
--- a/config/kconfig.cmake
+++ b/config/kconfig.cmake
@@ -278,16 +278,6 @@
include(${CMAKE_SOURCE_DIR}/config/build_type/${CMAKE_BUILD_TYPE_LOWERCASE}.cmake)
endif()
-# Load bl1 config
-if(BL1 AND PLATFORM_DEFAULT_BL1)
- include(${CMAKE_SOURCE_DIR}/bl1/config/bl1_config_default.cmake)
-endif()
-
-# Load MCUboot specific default.cmake
-if(NOT DEFINED BL2 OR BL2)
- include(${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/mcuboot_default_config.cmake)
-endif()
-
# Include FWU partition configs.
include(config/tfm_fwu_config.cmake)
diff --git a/lib/ext/tf-m-tests/Kconfig b/lib/ext/tf-m-tests/Kconfig
index d3d0896..b9e4d1a 100644
--- a/lib/ext/tf-m-tests/Kconfig
+++ b/lib/ext/tf-m-tests/Kconfig
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2022, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -7,6 +7,25 @@
menu "TF-M regression tests"
+################################# Bootloader test ##############################
+
+config TEST_BL1_1
+ bool "BL1_1 tests"
+ default n
+ depends on BL1
+
+config TEST_BL1_2
+ bool "BL1_2 tests"
+ default n
+ depends on BL1
+
+config TEST_BL2
+ bool "BL2 tests"
+ default n
+ depends on BL2
+
+################################# Regression test ##############################
+
config TEST_S
bool "Enable default secure test cases"
default n
diff --git a/platform/ext/target/arm/musca_b1/config.cmake b/platform/ext/target/arm/musca_b1/config.cmake
index 994ace8..63c120f 100644
--- a/platform/ext/target/arm/musca_b1/config.cmake
+++ b/platform/ext/target/arm/musca_b1/config.cmake
@@ -10,8 +10,6 @@
set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
set(PLATFORM_GPLED_ENABLED OFF CACHE BOOL "Use the general purpose LEDs on the platform board")
-set(MCUBOOT_DATA_SHARING ON CACHE BOOL "Add sharing of application specific data using the same shared data area as for the measured boot")
-
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_SOURCE_DIR}/platform/ext/target/arm/musca_b1/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
@@ -35,3 +33,4 @@
set(PLATFORM_SLIH_IRQ_TEST_SUPPORT ON)
set(PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT ON)
+set(MCUBOOT_DATA_SHARING ON)
diff --git a/platform/ext/target/arm/rss/common/config.cmake b/platform/ext/target/arm/rss/common/config.cmake
index 796653e..4e9586e 100644
--- a/platform/ext/target/arm/rss/common/config.cmake
+++ b/platform/ext/target/arm/rss/common/config.cmake
@@ -38,14 +38,12 @@
set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to use the default flash map defined by TF-M project")
set(MCUBOOT_S_IMAGE_FLASH_AREA_NUM 2 CACHE STRING "ID of the flash area containing the primary Secure image")
set(MCUBOOT_NS_IMAGE_FLASH_AREA_NUM 3 CACHE STRING "ID of the flash area containing the primary Non-Secure image")
-set(MCUBOOT_DATA_SHARING ON CACHE BOOL "Add sharing of application specific data using the same shared data area as for the measured boot")
set(CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS OFF CACHE BOOL "Enable storing of encoded measurements in boot.")
set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition")
set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition")
-set(TFM_PARTITION_MEASURED_BOOT ON CACHE BOOL "Enable Measured boot partition")
set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
set(MEASURED_BOOT_HASH_ALG PSA_ALG_SHA_256 CACHE STRING "Hash algorithm used by Measured boot services")
set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH ${CMAKE_CURRENT_LIST_DIR}/mbedtls_extra_config.h CACHE PATH "Config to append to standard Mbed Crypto config, used by platforms to cnfigure feature support")
@@ -71,3 +69,5 @@
# Platform-specific configurations
set(CONFIG_TFM_USE_TRUSTZONE OFF)
set(TFM_MULTI_CORE_TOPOLOGY ON)
+set(MCUBOOT_DATA_SHARING ON)
+set(TFM_PARTITION_MEASURED_BOOT ON)
diff --git a/platform/ext/target/stm/b_u585i_iot02a/config.cmake b/platform/ext/target/stm/b_u585i_iot02a/config.cmake
index 2a23ba4..04cbb07 100644
--- a/platform/ext/target/stm/b_u585i_iot02a/config.cmake
+++ b/platform/ext/target/stm/b_u585i_iot02a/config.cmake
@@ -14,7 +14,6 @@
set(BL2_TRAILER_SIZE 0x2000 CACHE STRING "Trailer size")
set(MCUBOOT_ALIGN_VAL 16 CACHE STRING "Align option to build image with imgtool")
set(MCUBOOT_UPGRADE_STRATEGY "SWAP_USING_SCRATCH" CACHE STRING "Upgrade strategy for images")
-set(MCUBOOT_DATA_SHARING ON CACHE BOOL "Enable Data Sharing")
set(MCUBOOT_BOOTSTRAP ON CACHE BOOL "Allow initial state with images in secondary slots(empty primary slots)")
set(MCUBOOT_ENC_IMAGES ON CACHE BOOL "Enable encrypted image upgrade support")
set(MCUBOOT_ENCRYPT_RSA ON CACHE BOOL "Use RSA for encrypted image upgrade support")
@@ -34,3 +33,4 @@
set(TFM_MULTI_CORE_TOPOLOGY OFF)
set(PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT ON)
set(STSAFEA ON CACHE BOOL "Activate ST SAFE SUPPORT")
+set(MCUBOOT_DATA_SHARING ON)