#
# Copyright (c) 2023 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

# Kconfig below is slated for removal once SUIT service is available in the NCS.
config SSF_SUIT_SERVICE_ENABLED
	bool

config SUIT_ENVELOPE_TEMPLATE_FILENAME
	string "Path to the envelope template"
	default "app_envelope.yaml.jinja2" if (SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF9230_ENGB_CPUAPP) && !SUIT_RECOVERY
	default "rad_envelope.yaml.jinja2" if (SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPURAD) && !SUIT_RECOVERY
	default "app_recovery_local_envelope.yaml.jinja2" if (SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF9230_ENGB_CPUAPP) && SUIT_RECOVERY
	default "rad_recovery_envelope.yaml.jinja2" if (SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPURAD) && SUIT_RECOVERY

config SUIT_ENVELOPE_TARGET
	string "Target name inside the envelope templates"
	default "application" if (SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF9230_ENGB_CPUAPP) && !SUIT_RECOVERY
	default "radio" if (SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPURAD) && !SUIT_RECOVERY
	default "app_recovery_img" if (SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF9230_ENGB_CPUAPP) && SUIT_RECOVERY
	default "rad_recovery" if (SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPURAD) && SUIT_RECOVERY

config SUIT_ENVELOPE_OUTPUT_ARTIFACT
	string "Name of the output merged artifact"
	default "merged.hex"

config SUIT_RECOVERY
	bool "The given image is part of a SUIT recovery application"
	depends on !NRF_REGTOOL_GENERATE_UICR

config SUIT_LOCAL_ENVELOPE_GENERATE
	bool "Generate local envelope"
	default y if SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPUAPP || SOC_NRF9230_ENGB_CPURAD

config SUIT_DFU_CACHE_EXTRACT_IMAGE
	bool "Extract firmware image to DFU cache"
	help
	  Extracts the firmware image to a DFU cache file, which can be then flashed separately
	  to the device (instead of being integrated into the SUIT envelope). If using the default
	  SUIT envelope template, this will also remove the firmware image from the SUIT envelope
	  integrated payloads.

if SUIT_DFU_CACHE_EXTRACT_IMAGE

config SUIT_DFU_CACHE_EXTRACT_IMAGE_PARTITION
	int "The number of the DFU partition to which the image will be extracted"
	help
	  This option will ensure that images which set it to the same number will be extracted
	  to the same dfu cache file.
	default 1

config SUIT_DFU_CACHE_EXTRACT_IMAGE_URI
	string "The URI used as key for the image in the DFU cache"
	default "cache://application.bin" if (SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF9230_ENGB_CPUAPP) && !SUIT_RECOVERY
	default "cache://radio.bin" if (SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPURAD) && !SUIT_RECOVERY
	default "cache://app_recovery.bin" if (SOC_NRF54H20_CPUAPP_COMMON || SOC_NRF9230_ENGB_CPUAPP) && SUIT_RECOVERY
	default "cache://rad_recovery.bin" if (SOC_NRF54H20_CPURAD_COMMON || SOC_NRF9230_ENGB_CPURAD) && SUIT_RECOVERY

endif # SUIT_DFU_CACHE_EXTRACT_IMAGE

config SUIT_ENVELOPE_TARGET_ENCRYPT
	bool "Encrypt the target image"

if SUIT_ENVELOPE_TARGET_ENCRYPT

choice SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN
	prompt "SUIT envelope encryption key generation"
	default SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1

	config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
		bool "Key generation 1"

	config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
		bool "Key generation 2"
endchoice

config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_ID
	hex "The key ID used to identify the encryption key on the device"
	default 0x40022000 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
	default 0x40022001 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
	default 0x40032000 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
	default 0x40032001 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2

config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_NAME
	string "Name of the key used for encryption - to identify the key in the KMS"
	default "FWENC_APPLICATION_GEN1" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
	default "FWENC_APPLICATION_GEN2" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
	default "FWENC_RADIOCORE_GEN1" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
	default "FWENC_RADIOCORE_GEN2" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2

choice SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG
	prompt "Algorithm used to calculate the digest of the plaintext firmware"
	default SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA256

config SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA256
	bool "Use the SHA-256 algorithm"

config SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA384
	bool "Use the SHA-384 algorithm"

config SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA512
	bool "Use the SHA-512 algorithm"

config SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHAKE128
	bool "Use the SHAKE128 algorithm"

config SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHAKE256
	bool "Use the SHAKE256 algorithm"

endchoice

config SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_NAME
	string
	default "sha-256" if SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA256
	default "sha-384" if SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA384
	default "sha-512" if SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHA512
	default "shake128" if SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHAKE128
	default "shake256" if SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG_SHAKE256

endif # SUIT_ENVELOPE_TARGET_ENCRYPT

config SUIT_ENVELOPE_TARGET_SIGN
	bool "Sign the target envelope"

if SUIT_ENVELOPE_TARGET_SIGN

choice SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN
	prompt "SUIT envelope signing key generation"
	default SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN1

	config SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN1
		bool "Key generation 1"

	config SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN2
		bool "Key generation 2"

	config SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN3
		bool "Key generation 3"
endchoice

config SUIT_ENVELOPE_TARGET_SIGN_KEY_ID
	hex "The key ID used to identify the public key on the device"
	default 0x40022100 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN1
	default 0x40022101 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN2
	default 0x40022102 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN3
	default 0x40032100 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN1
	default 0x40032101 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN2
	default 0x40032102 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN3
	help
	  This string is translated to the numeric KEY ID by the encryption script

config SUIT_ENVELOPE_TARGET_SIGN_PRIVATE_KEY_NAME
	string "Name of the private key used for signing - to identify the key in the KMS"
	default "MANIFEST_APPLICATION_GEN1_priv" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN1
	default "MANIFEST_APPLICATION_GEN2_priv" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN2
	default "MANIFEST_APPLICATION_GEN3_priv" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN3
	default "MANIFEST_RADIOCORE_GEN1_priv" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN1
	default "MANIFEST_RADIOCORE_GEN2_priv" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN2
	default "MANIFEST_RADIOCORE_GEN3_priv" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_SIGN_KEY_GEN3

choice SUIT_ENVELOPE_TARGET_SIGN_ALG
	prompt "Algorithm used to sign the target envelope"
	default SUIT_ENVELOPE_TARGET_SIGN_ALG_EDDSA

config SUIT_ENVELOPE_TARGET_SIGN_ALG_EDDSA
	bool "Use the EdDSA algorithm"

config SUIT_ENVELOPE_TARGET_SIGN_ALG_HASH_EDDSA
	bool "Use the HashEdDSA algorithm (specifically: ed25519ph)"
	select EXPERIMENTAL

endchoice

config SUIT_ENVELOPE_TARGET_SIGN_ALG_NAME
	string "String name of the algorithm used to sign the target envelope"
	default "eddsa" if SUIT_ENVELOPE_TARGET_SIGN_ALG_EDDSA
	default "hash-eddsa" if SUIT_ENVELOPE_TARGET_SIGN_ALG_HASH_EDDSA

endif # SUIT_ENVELOPE_TARGET_SIGN
