CONFIG_SB_MONOTONIC_COUNTER

Enable HW monotonic version counter

Type: bool

Help

The counter stores the current firmware version in a way that ensures that the value can only increase. This is used to prevent malicious rollback of the firmware. An array of slots is used for one counter. One slot is used per counter update, and each new slot must have a larger value than the previous. Application versions are checked against the current largest counter before being booted.

Direct dependencies

SECURE_BOOT

(Includes any dependencies from ifs and menus.)

Default

  • y

Kconfig definition

At <nRF>/subsys/bootloader/Kconfig:119

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:9<BuildDir>/Kconfig/Kconfig.modules:1<nRF>/Kconfig.nrf:25<nRF>/subsys/Kconfig:8

Menu path: (Top) → Modules → Nordic nRF Connect → Bootloader → Use Secure Bootloader

config SB_MONOTONIC_COUNTER
    bool "Enable HW monotonic version counter"
    default y
    depends on SECURE_BOOT
    help
      The counter stores the current firmware version in a way that ensures that the value
      can only increase. This is used to prevent malicious rollback of the firmware.
      An array of slots is used for one counter. One slot is used per
      counter update, and each new slot must have a larger value than the
      previous. Application versions are checked against the current largest
      counter before being booted.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)