bl2: Add dependency for DIRECT_XIP_REVERT

The option MCUBOOT_DIRECT_XIP_REVERT can be an enabled only when XIP upgrade mechanism is enabled in MCUBOOT. The MCUBOOT default configuration in Cmake does't select XIP as the default upgrade option and thus it should not enable XIP_REVERT. This updates the default cmake config to disable XIP_REVERT. It also adds a Kconfig dependency for this option and it adds a cmake configuration check for this as well. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I8e4844ab70d927836a890ca8123b734a471f3270 (cherry picked from commit 32ffe3f)
zephyrproject-rtos · Nov 4, 2024 · 6404a15 · 6404a15
1 parent 7bc2f4a
commit 6404a15
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/bl2/ext/mcuboot/Kconfig b/bl2/ext/mcuboot/Kconfig
@@ -137,6 +137,7 @@ config MCUBOOT_CONFIRM_IMAGE
 config MCUBOOT_DIRECT_XIP_REVERT
     bool "Enable the revert mechanism in direct-xip mode"
     default y
+    depends on MCUBOOT_UPGRADE_STRATEGY_DIRECT_XIP
 
 config MCUBOOT_HW_ROLLBACK_PROT
     bool "Enable security counter validation against non-volatile HW counters"

diff --git a/bl2/ext/mcuboot/mcuboot_default_config.cmake b/bl2/ext/mcuboot/mcuboot_default_config.cmake
@@ -35,7 +35,7 @@ set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWA
 # platforms requiring specific flash alignmnent
 set_property(CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS "1;2;4;8;16;32")
 
-set(MCUBOOT_DIRECT_XIP_REVERT           ON          CACHE BOOL      "Enable the revert mechanism in direct-xip mode")
+set(MCUBOOT_DIRECT_XIP_REVERT           OFF         CACHE BOOL      "Enable the revert mechanism in direct-xip mode")
 set(MCUBOOT_HW_ROLLBACK_PROT            ON          CACHE BOOL      "Enable security counter validation against non-volatile HW counters")
 set(MCUBOOT_ENC_IMAGES                  OFF         CACHE BOOL      "Enable encrypted image upgrade support")
 set(MCUBOOT_BOOTSTRAP                   OFF         CACHE BOOL      "Support initial state with empty primary slot and images installed from secondary slots")

diff --git a/config/check_config.cmake b/config/check_config.cmake
@@ -25,6 +25,7 @@ tfm_invalid_config(TFM_BL1_2_IN_OTP AND TFM_BL1_2_IN_FLASH)
 
 get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS)
 tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST) AND NOT USE_KCONFIG_TOOL)
+tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" AND MCUBOOT_DIRECT_XIP_REVERT))
 
 # Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs
 tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 9)