101 lines
3.3 KiB
Plaintext
101 lines
3.3 KiB
Plaintext
menu "Bootloader config"
|
|
choice LOG_BOOTLOADER_LEVEL
|
|
bool "Bootloader log verbosity"
|
|
default LOG_BOOTLOADER_LEVEL_WARN
|
|
help
|
|
Specify how much output to see in bootloader logs.
|
|
|
|
config LOG_BOOTLOADER_LEVEL_NONE
|
|
bool "No output"
|
|
config LOG_BOOTLOADER_LEVEL_ERROR
|
|
bool "Error"
|
|
config LOG_BOOTLOADER_LEVEL_WARN
|
|
bool "Warning"
|
|
config LOG_BOOTLOADER_LEVEL_INFO
|
|
bool "Info"
|
|
config LOG_BOOTLOADER_LEVEL_DEBUG
|
|
bool "Debug"
|
|
config LOG_BOOTLOADER_LEVEL_VERBOSE
|
|
bool "Verbose"
|
|
endchoice
|
|
|
|
config LOG_BOOTLOADER_LEVEL
|
|
int
|
|
default 0 if LOG_BOOTLOADER_LEVEL_NONE
|
|
default 1 if LOG_BOOTLOADER_LEVEL_ERROR
|
|
default 2 if LOG_BOOTLOADER_LEVEL_WARN
|
|
default 3 if LOG_BOOTLOADER_LEVEL_INFO
|
|
default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
|
|
default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE
|
|
|
|
choice SECURE_BOOTLOADER
|
|
bool "Secure bootloader"
|
|
default SECURE_BOOTLOADER_DISABLED
|
|
help
|
|
Build a bootloader with the secure boot flag enabled.
|
|
|
|
Secure bootloader can be one-time-flash (chip will only ever
|
|
boot that particular bootloader), or a digest key can be used
|
|
to allow the secure bootloader to be re-flashed with
|
|
modifications. Secure boot also permanently disables JTAG.
|
|
|
|
See docs/security/secure-boot.rst for details.
|
|
|
|
config SECURE_BOOTLOADER_DISABLED
|
|
bool "Disabled"
|
|
|
|
config SECURE_BOOTLOADER_ONE_TIME_FLASH
|
|
bool "One-time flash"
|
|
help
|
|
On first boot, the bootloader will generate a key which is not readable externally or by software. A digest is generated from the bootloader image itself. This digest will be verified on each subsequent boot.
|
|
|
|
Enabling this option means that the bootloader cannot be changed after the first time it is booted.
|
|
|
|
config SECURE_BOOTLOADER_REFLASHABLE
|
|
bool "Reflashable"
|
|
help
|
|
Generate the bootloader digest key on the computer instead of inside
|
|
the chip. Allows the secure bootloader to be re-flashed by using the
|
|
same key.
|
|
|
|
This option is less secure than one-time flash, because a leak of the digest key allows reflashing of any device that uses it.
|
|
|
|
endchoice
|
|
|
|
config SECURE_BOOTLOADER_KEY_FILE
|
|
string "Secure bootloader key file"
|
|
depends on SECURE_BOOTLOADER_REFLASHABLE
|
|
default secure_boot_key.bin
|
|
help
|
|
Path to the key file for a reflashable secure bootloader digest.
|
|
File must contain 32 randomly generated bytes.
|
|
|
|
Path is evaluated relative to the project directory.
|
|
|
|
You can generate a new key by running the following command:
|
|
espsecure.py generate_key secure_boot_key.bin
|
|
|
|
See docs/security/secure-boot.rst for details.
|
|
|
|
config SECURE_BOOT_SIGNING_KEY
|
|
string "Secure boot signing key"
|
|
depends on SECURE_BOOTLOADER_ENABLED
|
|
default secure_boot_signing_key.pem
|
|
help
|
|
Path to the key file used to sign partition tables and app images for secure boot.
|
|
|
|
Key file is an ECDSA private key (NIST256p curve) in PEM format.
|
|
|
|
Path is evaluated relative to the project directory.
|
|
|
|
You can generate a new signing key by running the following command:
|
|
espsecure.py generate_signing_key secure_boot_signing_key.pem
|
|
|
|
See docs/security/secure-boot.rst for details.
|
|
|
|
config SECURE_BOOTLOADER_ENABLED
|
|
bool
|
|
default SECURE_BOOTLOADER_ONE_TIME_FLASH || SECURE_BOOTLOADER_REFLASHABLE
|
|
|
|
endmenu
|