kconfig: Separate MCUboot options to Kconfig.mcuboot

de-nordic · carlescufi · commit 865f8014701e · 2023-05-12T10:00:23.000+02:00
Move Kconfig options related to MCUboot to Kconfig.mcuboot

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/Kconfig.mcuboot b/Kconfig.mcuboot
@@ -0,0 +1,130 @@
+# General configuration options
+
+# Copyright (c) 2014-2015 Wind River Systems, Inc.
+# Copyright (c) 2016 Intel Corporation
+# Copyright (c) 2023 Nordic Semiconductor ASA
+# SPDX-License-Identifier: Apache-2.0
+
+config MCUBOOT
+	bool
+	help
+	  Hidden option used to indicate that the current image is MCUBoot
+
+config BOOTLOADER_MCUBOOT
+	bool "MCUboot bootloader support"
+	select USE_DT_CODE_PARTITION
+	imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
+	depends on !MCUBOOT
+	help
+	  This option signifies that the target uses MCUboot as a bootloader,
+	  or in other words that the image is to be chain-loaded by MCUboot.
+	  This sets several required build system and Device Tree options in
+	  order for the image generated to be bootable using the MCUboot open
+	  source bootloader. Currently this includes:
+
+	    * Setting ROM_START_OFFSET to a default value that allows space
+	      for the MCUboot image header
+	    * Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
+	      (or Armv8-M baseline) targets with no built-in vector relocation
+	      mechanisms
+
+	  By default, this option instructs Zephyr to initialize the core
+	  architecture HW registers during boot, when this is supported by
+	  the application. This removes the need by MCUboot to reset
+	  the core registers' state itself.
+
+if BOOTLOADER_MCUBOOT
+
+config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
+	string "Extra parameters to west sign"
+	default "--quiet"
+	help
+	  Parameters that are passed by cmake to west sign, just after
+	  the command, before all other parameters needed for image
+	  signing.
+	  By default this is set to "--quiet" to prevent extra, non-error,
+	  diagnostic messages from west sign. This does not affect signing
+	  tool for which extra parameters are passed with
+	  MCUBOOT_EXTRA_IMGTOOL_ARGS.
+
+config MCUBOOT_SIGNATURE_KEY_FILE
+	string "Path to the mcuboot signing key file"
+	default ""
+	depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
+	help
+	  The file contains a key pair whose public half is verified
+	  by your target's MCUboot image. The file is in PEM format.
+
+	  If set to a non-empty value, the build system tries to
+	  sign the final binaries using a 'west sign -t imgtool' command.
+	  The signed binaries are placed in the build directory
+	  at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
+
+	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
+	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
+	  and CONFIG_BUILD_OUTPUT_HEX.
+
+	  This option should contain a path to the same file as the
+	  BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
+	  may be absolute or relative to the west workspace topdir. (The MCUboot
+	  config option is used for the MCUboot bootloader image; this option is
+	  for your application which is to be loaded by MCUboot. The MCUboot
+	  config option can be a relative path from the MCUboot repository
+	  root.)
+
+	  If left empty, you must sign the Zephyr binaries manually.
+
+config MCUBOOT_ENCRYPTION_KEY_FILE
+	string "Path to the mcuboot encryption key file"
+	default ""
+	depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
+	help
+	  The file contains the public key that is used to encrypt the
+	  ephemeral key that encrypts the image. The corresponding
+	  private key is hard coded in the MCUboot source code and is
+	  used to decrypt the ephemeral key that is embedded in the
+	  image. The file is in PEM format.
+
+	  If set to a non-empty value, the build system tries to
+	  sign and encrypt the final binaries using a 'west sign -t imgtool'
+	  command. The binaries are placed in the build directory at
+	  zephyr/zephyr.signed.encrypted.bin and
+	  zephyr/zephyr.signed.encrypted.hex.
+
+	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
+	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
+	  and CONFIG_BUILD_OUTPUT_HEX.
+
+	  This option should either be an absolute path or a path relative to
+	  the west workspace topdir.
+	  Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
+
+	  If left empty, you must encrypt the Zephyr binaries manually.
+
+config MCUBOOT_EXTRA_IMGTOOL_ARGS
+	string "Extra arguments to pass to imgtool when signing"
+	default ""
+	help
+	  When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
+	  string) you can use this option to pass extra options to
+	  imgtool.  For example, you could set this to "--version 1.2".
+
+config MCUBOOT_GENERATE_UNSIGNED_IMAGE
+	bool "Generate unsigned binary image bootable with MCUboot"
+	help
+	  Enabling this configuration allows automatic unsigned binary image
+	  generation when MCUboot signing key is not provided,
+	  i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
+
+config MCUBOOT_GENERATE_CONFIRMED_IMAGE
+	bool "Also generate a padded, confirmed image"
+	help
+	  The signed, padded, and confirmed binaries are placed in the build
+	  directory at zephyr/zephyr.signed.confirmed.bin and
+	  zephyr/zephyr.signed.confirmed.hex.
+
+	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
+	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
+	  and CONFIG_BUILD_OUTPUT_HEX.
+
+endif # BOOTLOADER_MCUBOOT
diff --git a/Kconfig.zephyr b/Kconfig.zephyr
@@ -2,6 +2,7 @@
 
 # Copyright (c) 2014-2015 Wind River Systems, Inc.
 # Copyright (c) 2016 Intel Corporation
+# Copyright (c) 2023 Nordic Semiconductor ASA
 # SPDX-License-Identifier: Apache-2.0
 
 
@@ -793,129 +794,7 @@ config BOOTLOADER_SRAM_SIZE
 	  - Zephyr is a !XIP image, which implicitly assumes existence of a
 	  bootloader that loads the Zephyr !XIP image onto SRAM.
 
-config MCUBOOT
-	bool
-	help
-	  Hidden option used to indicate that the current image is MCUBoot
-
-config BOOTLOADER_MCUBOOT
-	bool "MCUboot bootloader support"
-	select USE_DT_CODE_PARTITION
-	imply INIT_ARCH_HW_AT_BOOT if ARCH_SUPPORTS_ARCH_HW_INIT
-	depends on !MCUBOOT
-	help
-	  This option signifies that the target uses MCUboot as a bootloader,
-	  or in other words that the image is to be chain-loaded by MCUboot.
-	  This sets several required build system and Device Tree options in
-	  order for the image generated to be bootable using the MCUboot open
-	  source bootloader. Currently this includes:
-
-	    * Setting ROM_START_OFFSET to a default value that allows space
-	      for the MCUboot image header
-	    * Activating SW_VECTOR_RELAY_CLIENT on Cortex-M0
-	      (or Armv8-M baseline) targets with no built-in vector relocation
-	      mechanisms
-
-	  By default, this option instructs Zephyr to initialize the core
-	  architecture HW registers during boot, when this is supported by
-	  the application. This removes the need by MCUboot to reset
-	  the core registers' state itself.
-
-if BOOTLOADER_MCUBOOT
-
-config MCUBOOT_CMAKE_WEST_SIGN_PARAMS
-	string "Extra parameters to west sign"
-	default "--quiet"
-	help
-	  Parameters that are passed by cmake to west sign, just after
-	  the command, before all other parameters needed for image
-	  signing.
-	  By default this is set to "--quiet" to prevent extra, non-error,
-	  diagnostic messages from west sign. This does not affect signing
-	  tool for which extra parameters are passed with
-	  MCUBOOT_EXTRA_IMGTOOL_ARGS.
-
-config MCUBOOT_SIGNATURE_KEY_FILE
-	string "Path to the mcuboot signing key file"
-	default ""
-	depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
-	help
-	  The file contains a key pair whose public half is verified
-	  by your target's MCUboot image. The file is in PEM format.
-
-	  If set to a non-empty value, the build system tries to
-	  sign the final binaries using a 'west sign -t imgtool' command.
-	  The signed binaries are placed in the build directory
-	  at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
-
-	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
-	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
-	  and CONFIG_BUILD_OUTPUT_HEX.
-
-	  This option should contain a path to the same file as the
-	  BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
-	  may be absolute or relative to the west workspace topdir. (The MCUboot
-	  config option is used for the MCUboot bootloader image; this option is
-	  for your application which is to be loaded by MCUboot. The MCUboot
-	  config option can be a relative path from the MCUboot repository
-	  root.)
-
-	  If left empty, you must sign the Zephyr binaries manually.
-
-config MCUBOOT_ENCRYPTION_KEY_FILE
-	string "Path to the mcuboot encryption key file"
-	default ""
-	depends on MCUBOOT_SIGNATURE_KEY_FILE != ""
-	help
-	  The file contains the public key that is used to encrypt the
-	  ephemeral key that encrypts the image. The corresponding
-	  private key is hard coded in the MCUboot source code and is
-	  used to decrypt the ephemeral key that is embedded in the
-	  image. The file is in PEM format.
-
-	  If set to a non-empty value, the build system tries to
-	  sign and encrypt the final binaries using a 'west sign -t imgtool'
-	  command. The binaries are placed in the build directory at
-	  zephyr/zephyr.signed.encrypted.bin and
-	  zephyr/zephyr.signed.encrypted.hex.
-
-	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
-	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
-	  and CONFIG_BUILD_OUTPUT_HEX.
-
-	  This option should either be an absolute path or a path relative to
-	  the west workspace topdir.
-	  Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
-
-	  If left empty, you must encrypt the Zephyr binaries manually.
-
-config MCUBOOT_EXTRA_IMGTOOL_ARGS
-	string "Extra arguments to pass to imgtool when signing"
-	default ""
-	help
-	  When signing (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty
-	  string) you can use this option to pass extra options to
-	  imgtool.  For example, you could set this to "--version 1.2".
-
-config MCUBOOT_GENERATE_UNSIGNED_IMAGE
-	bool "Generate unsigned binary image bootable with MCUboot"
-	help
-	  Enabling this configuration allows automatic unsigned binary image
-	  generation when MCUboot signing key is not provided,
-	  i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
-
-config MCUBOOT_GENERATE_CONFIRMED_IMAGE
-	bool "Also generate a padded, confirmed image"
-	help
-	  The signed, padded, and confirmed binaries are placed in the build
-	  directory at zephyr/zephyr.signed.confirmed.bin and
-	  zephyr/zephyr.signed.confirmed.hex.
-
-	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
-	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
-	  and CONFIG_BUILD_OUTPUT_HEX.
-
-endif # BOOTLOADER_MCUBOOT
+source "Kconfig.mcuboot"
 
 config BOOTLOADER_ESP_IDF
 	bool "ESP-IDF bootloader support"
