esp-idf/components/bootloader/Kconfig.projbuild

menu "Bootloader config"
choice LOG_BOOTLOADER_LEVEL
   bool "Bootloader log verbosity"
   default LOG_BOOTLOADER_LEVEL_WARN
   help
       Specify how much output to see in bootloader logs.

config LOG_BOOTLOADER_LEVEL_NONE
   bool "No output"
config LOG_BOOTLOADER_LEVEL_ERROR
   bool "Error"
config LOG_BOOTLOADER_LEVEL_WARN
   bool "Warning"
config LOG_BOOTLOADER_LEVEL_INFO
   bool "Info"
config LOG_BOOTLOADER_LEVEL_DEBUG
   bool "Debug"
config LOG_BOOTLOADER_LEVEL_VERBOSE
   bool "Verbose"
endchoice

config LOG_BOOTLOADER_LEVEL
    int
    default 0 if LOG_BOOTLOADER_LEVEL_NONE
    default 1 if LOG_BOOTLOADER_LEVEL_ERROR
    default 2 if LOG_BOOTLOADER_LEVEL_WARN
    default 3 if LOG_BOOTLOADER_LEVEL_INFO
    default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
    default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE

choice SECURE_BOOTLOADER
    bool "Secure bootloader"
    default SECURE_BOOTLOADER_DISABLED
    help
        Build a bootloader with the secure boot flag enabled.

        Secure bootloader can be one-time-flash (chip will only ever
        boot that particular bootloader), or a digest key can be used
        to allow the secure bootloader to be re-flashed with
        modifications. Secure boot also permanently disables JTAG.

        See docs/security/secure-boot.rst for details.

config SECURE_BOOTLOADER_DISABLED
       bool "Disabled"

config SECURE_BOOTLOADER_ONE_TIME_FLASH
       bool "One-time flash"
       help
           On first boot, the bootloader will generate a key which is not readable externally or by software. A digest is generated from the bootloader image itself. This digest will be verified on each subsequent boot.

           Enabling this option means that the bootloader cannot be changed after the first time it is booted.

config SECURE_BOOTLOADER_REFLASHABLE
    bool "Reflashable"
    help
        Generate the bootloader digest key on the computer instead of inside
        the chip. Allows the secure bootloader to be re-flashed by using the
        same key.

        This option is less secure than one-time flash, because a leak of the digest key allows reflashing of any device that uses it.

endchoice

config SECURE_BOOTLOADER_KEY_FILE
    string "Secure bootloader key file"
    depends on SECURE_BOOTLOADER_REFLASHABLE
    default secure_boot_key.bin
    help
       Path to the key file for a reflashable secure bootloader digest.
       File must contain 32 randomly generated bytes.

       Path is evaluated relative to the project directory.

       You can generate a new key by running the following command:
       espsecure.py generate_key secure_boot_key.bin

       See docs/security/secure-boot.rst for details.

config SECURE_BOOTLOADER_ENABLED
    bool
    default SECURE_BOOTLOADER_ONE_TIME_FLASH || SECURE_BOOTLOADER_REFLASHABLE

endmenu
bootloader: Add bootloader Kconfig Allow debug level & colour highlighting to be configured 2016-09-12 23:46:51 -04:00			`menu "Bootloader config"`
components/log: fix bugs, add options to override log level for files, components, and bootloader 2016-09-18 08:24:31 -04:00			`choice LOG_BOOTLOADER_LEVEL`
			`bool "Bootloader log verbosity"`
			`default LOG_BOOTLOADER_LEVEL_WARN`
			`help`
			`Specify how much output to see in bootloader logs.`

			`config LOG_BOOTLOADER_LEVEL_NONE`
			`bool "No output"`
			`config LOG_BOOTLOADER_LEVEL_ERROR`
			`bool "Error"`
			`config LOG_BOOTLOADER_LEVEL_WARN`
			`bool "Warning"`
			`config LOG_BOOTLOADER_LEVEL_INFO`
			`bool "Info"`
			`config LOG_BOOTLOADER_LEVEL_DEBUG`
			`bool "Debug"`
			`config LOG_BOOTLOADER_LEVEL_VERBOSE`
			`bool "Verbose"`
			`endchoice`

			`config LOG_BOOTLOADER_LEVEL`
build system: Add espefuse/espsecure support for secure boot 2016-10-31 19:50:16 -04:00			`int`
			`default 0 if LOG_BOOTLOADER_LEVEL_NONE`
			`default 1 if LOG_BOOTLOADER_LEVEL_ERROR`
			`default 2 if LOG_BOOTLOADER_LEVEL_WARN`
			`default 3 if LOG_BOOTLOADER_LEVEL_INFO`
			`default 4 if LOG_BOOTLOADER_LEVEL_DEBUG`
			`default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE`

			`choice SECURE_BOOTLOADER`
			`bool "Secure bootloader"`
			`default SECURE_BOOTLOADER_DISABLED`
			`help`
			`Build a bootloader with the secure boot flag enabled.`

			`Secure bootloader can be one-time-flash (chip will only ever`
			`boot that particular bootloader), or a digest key can be used`
			`to allow the secure bootloader to be re-flashed with`
			`modifications. Secure boot also permanently disables JTAG.`

			`See docs/security/secure-boot.rst for details.`

			`config SECURE_BOOTLOADER_DISABLED`
			`bool "Disabled"`

			`config SECURE_BOOTLOADER_ONE_TIME_FLASH`
			`bool "One-time flash"`
			`help`
			`On first boot, the bootloader will generate a key which is not readable externally or by software. A digest is generated from the bootloader image itself. This digest will be verified on each subsequent boot.`

			`Enabling this option means that the bootloader cannot be changed after the first time it is booted.`

			`config SECURE_BOOTLOADER_REFLASHABLE`
			`bool "Reflashable"`
			`help`
			`Generate the bootloader digest key on the computer instead of inside`
			`the chip. Allows the secure bootloader to be re-flashed by using the`
			`same key.`

			`This option is less secure than one-time flash, because a leak of the digest key allows reflashing of any device that uses it.`

			`endchoice`

			`config SECURE_BOOTLOADER_KEY_FILE`
Add documentation for bootloader secure boot stage 2016-11-01 02:41:27 -04:00			`string "Secure bootloader key file"`
build system: Add espefuse/espsecure support for secure boot 2016-10-31 19:50:16 -04:00			`depends on SECURE_BOOTLOADER_REFLASHABLE`
			`default secure_boot_key.bin`
			`help`
Add documentation for bootloader secure boot stage 2016-11-01 02:41:27 -04:00			`Path to the key file for a reflashable secure bootloader digest.`
build system: Add espefuse/espsecure support for secure boot 2016-10-31 19:50:16 -04:00			`File must contain 32 randomly generated bytes.`

			`Path is evaluated relative to the project directory.`

			`You can generate a new key by running the following command:`
			`espsecure.py generate_key secure_boot_key.bin`

			`See docs/security/secure-boot.rst for details.`

			`config SECURE_BOOTLOADER_ENABLED`
			`bool`
			`default SECURE_BOOTLOADER_ONE_TIME_FLASH \|\| SECURE_BOOTLOADER_REFLASHABLE`
bootloader: Add bootloader Kconfig Allow debug level & colour highlighting to be configured 2016-09-12 23:46:51 -04:00
			`endmenu`