Ana Sayfa Keşfet Yardım
Giriş Yap
RT-Thread-packages
/
esp-idf
şunun yansıması https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Ağaç: b3f6cd08db
Dallar Biçim İmleri
esp-idf
/
components
/
bootloader
/
Kconfig.projbuild

Kconfig.projbuild 4.0 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 
  1. menu "Bootloader config"
    2. 

  2. choice LOG_BOOTLOADER_LEVEL
    3. 

  3.    bool "Bootloader log verbosity"
    4. 

  4.    default LOG_BOOTLOADER_LEVEL_WARN
    5. 

  5.    help
    6. 

  6.        Specify how much output to see in bootloader logs.
    7. 

  7. 

  8. config LOG_BOOTLOADER_LEVEL_NONE
    9. 

  9.    bool "No output"
    10. 

  10. config LOG_BOOTLOADER_LEVEL_ERROR
    11. 

  11.    bool "Error"
    12. 

  12. config LOG_BOOTLOADER_LEVEL_WARN
    13. 

  13.    bool "Warning"
    14. 

  14. config LOG_BOOTLOADER_LEVEL_INFO
    15. 

  15.    bool "Info"
    16. 

  16. config LOG_BOOTLOADER_LEVEL_DEBUG
    17. 

  17.    bool "Debug"
    18. 

  18. config LOG_BOOTLOADER_LEVEL_VERBOSE
    19. 

  19.    bool "Verbose"
    20. 

  20. endchoice
    21. 

  21. 

  22. config LOG_BOOTLOADER_LEVEL
    23. 

  23.     int
    24. 

  24.     default 0 if LOG_BOOTLOADER_LEVEL_NONE
    25. 

  25.     default 1 if LOG_BOOTLOADER_LEVEL_ERROR
    26. 

  26.     default 2 if LOG_BOOTLOADER_LEVEL_WARN
    27. 

  27.     default 3 if LOG_BOOTLOADER_LEVEL_INFO
    28. 

  28.     default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
    29. 

  29.     default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE
    30. 

  30. 

  31. endmenu
    32. 

  32. 

  33. 

  34. 

  35. menu "Secure boot configuration"
    36. 

  36. 

  37. choice SECURE_BOOTLOADER
    38. 

  38.     bool "Secure bootloader"
    39. 

  39.     default SECURE_BOOTLOADER_DISABLED
    40. 

  40.     help
    41. 

  41.         Build a bootloader with the secure boot flag enabled.
    42. 

  42. 

  43.         Secure bootloader can be one-time-flash (chip will only ever
    44. 

  44.         boot that particular bootloader), or a digest key can be used
    45. 

  45.         to allow the secure bootloader to be re-flashed with
    46. 

  46.         modifications. Secure boot also permanently disables JTAG.
    47. 

  47. 

  48.         See docs/security/secure-boot.rst for details.
    49. 

  49. 

  50. config SECURE_BOOTLOADER_DISABLED
    51. 

  51.        bool "Disabled"
    52. 

  52. 

  53. config SECURE_BOOTLOADER_ONE_TIME_FLASH
    54. 

  54.        bool "One-time flash"
    55. 

  55.        help
    56. 

  56.            On first boot, the bootloader will generate a key which is not readable externally or by software. A digest is generated from the bootloader image itself. This digest will be verified on each subsequent boot.
    57. 

  57. 

  58.            Enabling this option means that the bootloader cannot be changed after the first time it is booted.
    59. 

  59. 

  60. config SECURE_BOOTLOADER_REFLASHABLE
    61. 

  61.     bool "Reflashable"
    62. 

  62.     help
    63. 

  63.         Generate a reusable secure bootloader key, derived (via SHA-256) from the secure boot signing key.
    64. 

  64. 

  65. 		This allows the secure bootloader to be re-flashed by anyone with access to the secure boot signing key.
    66. 

  66. 

  67.         This option is less secure than one-time flash, because a leak of the digest key from one device allows reflashing of any device that uses it.
    68. 

  68. 

  69. endchoice
    70. 

  70. 

  71. config SECURE_BOOT_SIGNING_KEY
    72. 

  72.      string "Secure boot signing key"
    73. 

  73. 	 depends on SECURE_BOOTLOADER_ENABLED
    74. 

  74. 	 default secure_boot_signing_key.pem
    75. 

  75.      help
    76. 

  76.         Path to the key file used to sign partition tables and app images for secure boot.
    77. 

  77. 

  78.         Key file is an ECDSA private key (NIST256p curve) in PEM format.
    79. 

  79. 

  80.         Path is evaluated relative to the project directory.
    81. 

  81. 

  82.         You can generate a new signing key by running the following command:
    83. 

  83.         espsecure.py generate_signing_key secure_boot_signing_key.pem
    84. 

  84. 

  85.         See docs/security/secure-boot.rst for details.
    86. 

  86. 

  87. config SECURE_BOOT_DISABLE_JTAG
    88. 

  88.        bool "First boot: Permanently disable JTAG"
    89. 

  89.        depends on SECURE_BOOTLOADER_ENABLED
    90. 

  90.        default Y
    91. 

  91.        help
    92. 

  92.           Bootloader permanently disable JTAG (across entire chip) when enabling secure boot. This happens on first boot of the bootloader.
    93. 

  93. 

  94.           It is recommended this option remains set for production environments.
    95. 

  95. 

  96. config SECURE_BOOT_DISABLE_ROM_BASIC
    97. 

  97.        bool "First boot: Permanently disable ROM BASIC fallback"
    98. 

  98.        depends on SECURE_BOOTLOADER_ENABLED
    99. 

  99.        default Y
    100. 

  100.        help
    101. 

  101.           Bootloader permanently disables ROM BASIC (on UART console) as a fallback if the bootloader image becomes invalid. This happens on first boot.
    102. 

  102. 

  103.           It is recommended this option remains set in production environments.
    104. 

  104. 

  105. config SECURE_BOOT_TEST_MODE
    106. 

  106.        bool "Test mode: don't actually enable secure boot"
    107. 

  107.        depends on SECURE_BOOTLOADER_ENABLED
    108. 

  108.        default N
    109. 

  109.        help
    110. 

  110.           If this option is set, all permanent secure boot changes (via Efuse) are disabled.
    111. 

  111. 

  112.           This option is for testing purposes only - it effectively completely disables secure boot protection.
    113. 

  113. 

  114. config SECURE_BOOTLOADER_ENABLED
    115. 

  115.     bool
    116. 

  116.     default SECURE_BOOTLOADER_ONE_TIME_FLASH || SECURE_BOOTLOADER_REFLASHABLE
    117. 

  117. 

  118. endmenu
    119.