menu "Bootloader config"
choice LOG_BOOTLOADER_LEVEL
   bool "Bootloader log verbosity"
   default LOG_BOOTLOADER_LEVEL_WARN
   help
       Specify how much output to see in bootloader logs.

config LOG_BOOTLOADER_LEVEL_NONE
   bool "No output"
config LOG_BOOTLOADER_LEVEL_ERROR
   bool "Error"
config LOG_BOOTLOADER_LEVEL_WARN
   bool "Warning"
config LOG_BOOTLOADER_LEVEL_INFO
   bool "Info"
config LOG_BOOTLOADER_LEVEL_DEBUG
   bool "Debug"
config LOG_BOOTLOADER_LEVEL_VERBOSE
   bool "Verbose"
endchoice

config LOG_BOOTLOADER_LEVEL
    int
    default 0 if LOG_BOOTLOADER_LEVEL_NONE
    default 1 if LOG_BOOTLOADER_LEVEL_ERROR
    default 2 if LOG_BOOTLOADER_LEVEL_WARN
    default 3 if LOG_BOOTLOADER_LEVEL_INFO
    default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
    default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE

choice SECURE_BOOTLOADER
    bool "Secure bootloader"
    default SECURE_BOOTLOADER_DISABLED
    help
        Build a bootloader with the secure boot flag enabled.

        Secure bootloader can be one-time-flash (chip will only ever
        boot that particular bootloader), or a digest key can be used
        to allow the secure bootloader to be re-flashed with
        modifications. Secure boot also permanently disables JTAG.

        See docs/security/secure-boot.rst for details.

config SECURE_BOOTLOADER_DISABLED
       bool "Disabled"

config SECURE_BOOTLOADER_ONE_TIME_FLASH
       bool "One-time flash"
       help
           On first boot, the bootloader will generate a key which is not readable externally or by software. A digest is generated from the bootloader image itself. This digest will be verified on each subsequent boot.

           Enabling this option means that the bootloader cannot be changed after the first time it is booted.

config SECURE_BOOTLOADER_REFLASHABLE
    bool "Reflashable"
    help
        Generate a reusable secure bootloader key, derived (via SHA-256) from the secure boot signing key.

		This allows the secure bootloader to be re-flashed by anyone with access to the secure boot signing key.

        This option is less secure than one-time flash, because a leak of the digest key from one device allows reflashing of any device that uses it.

endchoice

config SECURE_BOOT_SIGNING_KEY
     string "Secure boot signing key"
	 depends on SECURE_BOOTLOADER_ENABLED
	 default secure_boot_signing_key.pem
     help
        Path to the key file used to sign partition tables and app images for secure boot.

        Key file is an ECDSA private key (NIST256p curve) in PEM format.

        Path is evaluated relative to the project directory.

        You can generate a new signing key by running the following command:
        espsecure.py generate_signing_key secure_boot_signing_key.pem

        See docs/security/secure-boot.rst for details.

config SECURE_BOOTLOADER_ENABLED
    bool
    default SECURE_BOOTLOADER_ONE_TIME_FLASH || SECURE_BOOTLOADER_REFLASHABLE

endmenu