prj.conf

####################################
# Tenant Token - DO NOT COMMIT
####################################
CONFIG_MENDER_SERVER_TENANT_TOKEN="..."


####################################
# Mender MCU
####################################
CONFIG_MENDER_MCU_CLIENT=y
CONFIG_MENDER_SCHEDULER_SEPARATE_WORK_QUEUE=y
CONFIG_MENDER_CLIENT_INVENTORY=y
CONFIG_MENDER_LOG_LEVEL_INF=y
# Demo polling intervals
CONFIG_MENDER_CLIENT_UPDATE_POLL_INTERVAL=10
CONFIG_MENDER_CLIENT_INVENTORY_REFRESH_INTERVAL=60


####################################
# Mbed-TLS module configuration
#
# NOTE wrt Ciphersuite configuration for Hosted Mender:
# We use two certificates, one for API calls and one for the Artifacts download:
# -> Amazon Root CA 1 certificate with Signature Algorithm: sha256WithRSAEncryption
# -> Google Trust Services GTS Root R4 with Signature Algorithm: ecdsa-with-SHA384
####################################
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
CONFIG_MBEDTLS_ECDH_C=y
CONFIG_MBEDTLS_ECDSA_C=y
CONFIG_MBEDTLS_ECP_C=y
# TODO: SECP256R1 was used as a sane default for the autogenerated key feature. Can we remove
# and reuse instead SECP384R1 (already required for the Google cert)?
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y
CONFIG_MBEDTLS_ECP_NIST_OPTIM=y
CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
CONFIG_MBEDTLS_SHA384=y
CONFIG_MBEDTLS_GENPRIME_ENABLED=y
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y
CONFIG_MBEDTLS_PK_WRITE_C=y
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_ZEPHYR_ENTROPY=y


####################################
# Zephyr OS general configuration
####################################
# Default is 1024
# https://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MAIN_STACK_SIZE
CONFIG_MAIN_STACK_SIZE=2048
# Default is 1024
# https://docs.zephyrproject.org/latest/kconfig.html#CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096


####################################
# Zephyr logging
####################################
CONFIG_LOG=y
# CONFIG_LOG_MODE_IMMEDIATE=y
CONFIG_LOG_MODE_DEFERRED=y
# flush oldest messages in the buffer; this will print the newest messages in case of buffer overflow
CONFIG_LOG_MODE_OVERFLOW=y
# speed up the logging; size of the executable the victim (use for testing only)
CONFIG_LOG_SPEED=y


####################################
# Networking
####################################
# IP / DHCP
CONFIG_NET_IPV6=n
CONFIG_NET_IPV4=y
CONFIG_NET_DHCPV4=y
# Network event notifications
CONFIG_NET_MGMT=y
CONFIG_NET_MGMT_EVENT=y
CONFIG_NET_MGMT_EVENT_STACK_SIZE=2048
# Enable TLS
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=2
CONFIG_NET_MAX_CONN=16
# DNS configuration
CONFIG_DNS_RESOLVER_ADDITIONAL_BUF_CTR=5
CONFIG_DNS_RESOLVER_ADDITIONAL_QUERIES=2
CONFIG_DNS_RESOLVER_MAX_SERVERS=2
CONFIG_DNS_NUM_CONCUR_QUERIES=5


####################################
# Developer zone
####################################
# Coredumps
# https://docs.zephyrproject.org/latest/services/debugging/coredump.html
# CONFIG_DEBUG_COREDUMP=y
# CONFIG_DEBUG_COREDUMP_BACKEND_LOGGING=y
# CONFIG_DEBUG_COREDUMP_MEMORY_DUMP_LINKER_RAM=n
# CONFIG_DEBUG_COREDUMP_MEMORY_DUMP_MIN=y
# Asserts
# https://docs.zephyrproject.org/latest/kconfig.html#CONFIG_ASSERT_VERBOSE
CONFIG_ASSERT=y
# CONFIG_ASSERT_VERBOSE=y
# CONFIG_PICOLIBC_USE_MODULE=y
# CONFIG_PICOLIBC_ASSERT_VERBOSE=y
# Useful logs from networking subsystem
CONFIG_NET_LOG=y