[nrf fromlist] boot: zephyr: kconfig: Add new defaults option for FIH

Adds a new menu with options which can be used by e.g. sysbuild to select which default options are set in a build, adds options for fault injection hardening modes Upstream PR #: 2207 Signed-off-by: Jamie McCrae <[email protected]>
trezor · Feb 17, 2025 · 47faf76 · 47faf76
1 parent 7fd6163
commit 47faf76
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -717,6 +717,9 @@ config MEASURED_BOOT_MAX_CBOR_SIZE
 
 choice BOOT_FAULT_INJECTION_HARDENING_PROFILE
 	prompt "Fault injection hardening profile"
+	default BOOT_FIH_PROFILE_HIGH if BOOT_FIH_PROFILE_DEFAULT_HIGH
+	default BOOT_FIH_PROFILE_MEDIUM if BOOT_FIH_PROFILE_DEFAULT_MEDIUM
+	default BOOT_FIH_PROFILE_LOW if BOOT_FIH_PROFILE_DEFAULT_LOW
 	default BOOT_FIH_PROFILE_OFF
 
 config BOOT_FIH_PROFILE_OFF
@@ -1003,6 +1006,22 @@ endif # BOOT_DECOMPRESSION
 
 endif # BOOT_DECOMPRESSION_SUPPORT
 
+menu "Defaults"
+	# Items in this menu should not be manually set. These options are for modules/sysbuild to
+	# set as defaults to allow MCUboot's default configuration to be set, but still allow it
+	# to be overridden by users.
+
+config BOOT_FIH_PROFILE_DEFAULT_LOW
+	bool "Default to low fault inject hardening level"
+
+config BOOT_FIH_PROFILE_DEFAULT_MEDIUM
+	bool "Default to medium fault inject hardening level"
+
+config BOOT_FIH_PROFILE_DEFAULT_HIGH
+	bool "Default to high fault inject hardening level"
+
+endmenu
+
 endmenu
 
 config MCUBOOT_DEVICE_SETTINGS