diff --git a/bl2/ext/mcuboot/Kconfig b/bl2/ext/mcuboot/Kconfig index 21adf4525..28fe0b27c 100644 --- a/bl2/ext/mcuboot/Kconfig +++ b/bl2/ext/mcuboot/Kconfig @@ -137,6 +137,7 @@ config MCUBOOT_CONFIRM_IMAGE config MCUBOOT_DIRECT_XIP_REVERT bool "Enable the revert mechanism in direct-xip mode" default y + depends on MCUBOOT_UPGRADE_STRATEGY_DIRECT_XIP config MCUBOOT_HW_ROLLBACK_PROT bool "Enable security counter validation against non-volatile HW counters" diff --git a/bl2/ext/mcuboot/mcuboot_default_config.cmake b/bl2/ext/mcuboot/mcuboot_default_config.cmake index 5d769f189..cab7a092d 100644 --- a/bl2/ext/mcuboot/mcuboot_default_config.cmake +++ b/bl2/ext/mcuboot/mcuboot_default_config.cmake @@ -35,7 +35,7 @@ set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWA # platforms requiring specific flash alignmnent set_property(CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS "1;2;4;8;16;32") -set(MCUBOOT_DIRECT_XIP_REVERT ON CACHE BOOL "Enable the revert mechanism in direct-xip mode") +set(MCUBOOT_DIRECT_XIP_REVERT OFF CACHE BOOL "Enable the revert mechanism in direct-xip mode") set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Enable security counter validation against non-volatile HW counters") set(MCUBOOT_ENC_IMAGES OFF CACHE BOOL "Enable encrypted image upgrade support") set(MCUBOOT_BOOTSTRAP OFF CACHE BOOL "Support initial state with empty primary slot and images installed from secondary slots") diff --git a/config/check_config.cmake b/config/check_config.cmake index 1039b22f9..795940094 100644 --- a/config/check_config.cmake +++ b/config/check_config.cmake @@ -25,6 +25,7 @@ tfm_invalid_config(TFM_BL1_2_IN_OTP AND TFM_BL1_2_IN_FLASH) get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS) tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST) AND NOT USE_KCONFIG_TOOL) +tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" AND MCUBOOT_DIRECT_XIP_REVERT)) # Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 9)