[nrf fromlist] zephyr: Kconfig to control MCUBOOT_USE_TLV_ALLOW_LIST

The commit adds Kconfig MCUBOOT_USE_TLV_ALLOW_LIST that allows
to control MCUboot config option MCUBOOT_USE_TLV_ALLOW_LIST.
The Kconfig is set to y, by default, to keep legacy behaviour.

Upstream PR #: 2410

Signed-off-by: Dominik Ermel <[email protected]>

Author: de-nordic

boot/zephyr/Kconfig

@@ -1157,6 +1157,18 @@ config MCUBOOT_BOOT_BANNER
 config BOOT_BANNER_STRING
         default "Using Zephyr OS build" if MCUBOOT_BOOT_BANNER
 
+config MCUBOOT_USE_TLV_ALLOW_LIST
+	bool "Check unprotected TLVs against allow list"
+	default y
+	help
+	  Every unprotected TLV will be checked against list of allowed TLVs,
+	  which is compiled in and depends on configuration; an image that
+	  contain TLV not present on the list will be automaticaly rejected.
+	  This is additional check, as MCUboot will not be parsing TLVs it
+	  has not been compiled to parse in the first place.
+	  Disabling this option will cut down MCUboot size.
+	  The Kconfig controlls MCUboot configuration option MCUBOOT_USE_TLV_ALLOW_LIST.
+
 config BOOT_DECOMPRESSION_SUPPORT
 	bool
 	depends on NRF_COMPRESS && NRF_COMPRESS_DECOMPRESSION && (NRF_COMPRESS_LZMA_VERSION_LZMA1 || NRF_COMPRESS_LZMA_VERSION_LZMA2)

boot/zephyr/include/mcuboot_config/mcuboot_config.h

@@ -148,6 +148,11 @@
 #define MCUBOOT_HAVE_LOGGING 1
 #endif
 
+/* Enable/disable non-protected TLV check against allow list */
+#ifdef CONFIG_MCUBOOT_USE_TLV_ALLOW_LIST
+#define MCUBOOT_USE_TLV_ALLOW_LIST 1
+#endif
+
 #ifdef CONFIG_BOOT_ENCRYPT_RSA
 #define MCUBOOT_ENC_IMAGES
 #define MCUBOOT_ENCRYPT_RSA