From 3e4a835c70de6aca887a1b51de414346e76b5220 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Mon, 17 Feb 2025 08:53:41 +0000 Subject: [PATCH] boot: zephyr: kconfig: Add new defaults option for FIH Adds a new menu with options which can be used by e.g. sysbuild to select which default options are set in a build, adds options for fault injection hardening modes Signed-off-by: Jamie McCrae --- boot/zephyr/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index cfc73a6f6..3e790861b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -729,6 +729,9 @@ config MEASURED_BOOT_MAX_CBOR_SIZE choice BOOT_FAULT_INJECTION_HARDENING_PROFILE prompt "Fault injection hardening profile" + default BOOT_FIH_PROFILE_HIGH if BOOT_FIH_PROFILE_DEFAULT_HIGH + default BOOT_FIH_PROFILE_MEDIUM if BOOT_FIH_PROFILE_DEFAULT_MEDIUM + default BOOT_FIH_PROFILE_LOW if BOOT_FIH_PROFILE_DEFAULT_LOW default BOOT_FIH_PROFILE_OFF config BOOT_FIH_PROFILE_OFF @@ -1021,6 +1024,22 @@ endif # BOOT_DECOMPRESSION endif # BOOT_DECOMPRESSION_SUPPORT +menu "Defaults" + # Items in this menu should not be manually set. These options are for modules/sysbuild to + # set as defaults to allow MCUboot's default configuration to be set, but still allow it + # to be overridden by users. + +config BOOT_FIH_PROFILE_DEFAULT_LOW + bool "Default to low fault inject hardening level" + +config BOOT_FIH_PROFILE_DEFAULT_MEDIUM + bool "Default to medium fault inject hardening level" + +config BOOT_FIH_PROFILE_DEFAULT_HIGH + bool "Default to high fault inject hardening level" + +endmenu + endmenu config MCUBOOT_DEVICE_SETTINGS