boot: zephyr: kconfig: Add new defaults option for FIH

Adds a new menu with options which can be used by e.g. sysbuild to select which default options are set in a build, adds options for fault injection hardening modes Signed-off-by: Jamie McCrae <[email protected]>
mcu-tools · Feb 17, 2025 · 7bf5f0f · 7bf5f0f
1 parent f2b6def
commit 7bf5f0f
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -720,6 +720,9 @@ config MEASURED_BOOT_MAX_CBOR_SIZE
 
 choice BOOT_FAULT_INJECTION_HARDENING_PROFILE
 	prompt "Fault injection hardening profile"
+	default BOOT_FIH_PROFILE_HIGH if BOOT_FIH_PROFILE_DEFAULT_HIGH
+	default BOOT_FIH_PROFILE_MEDIUM if BOOT_FIH_PROFILE_DEFAULT_MEDIUM
+	default BOOT_FIH_PROFILE_LOW if BOOT_FIH_PROFILE_DEFAULT_LOW
 	default BOOT_FIH_PROFILE_OFF
 
 config BOOT_FIH_PROFILE_OFF
@@ -1012,6 +1015,22 @@ endif # BOOT_DECOMPRESSION
 
 endif # BOOT_DECOMPRESSION_SUPPORT
 
+menu "Defaults"
+	# Items in this menu should not be manually set. These options are for modules/sysbuild to
+	# set as defaults to allow MCUboot's default configuration to be set, but still allow it
+	# to be overridden by users.
+
+config BOOT_FIH_PROFILE_DEFAULT_LOW
+	bool "Default to low fault inject hardening level"
+
+config BOOT_FIH_PROFILE_DEFAULT_MEDIUM
+	bool "Default to medium fault inject hardening level"
+
+config BOOT_FIH_PROFILE_DEFAULT_HIGH
+	bool "Default to high fault inject hardening level"
+
+endmenu
+
 endmenu
 
 config MCUBOOT_STORAGE_WITHOUT_ERASE