menu "Secure Enclave (MOD8ID-DMCF-R)"

config SECURE_ENCLAVE_ENABLED
    bool "Enable Secure Enclave (MOD8ID-DMCF-R)"
    default y
    help
        Enable the MOD8ID-DMCF-R secure element driver. Disable on
        hardware that does not have the chip populated.

    config SECURE_ENCLAVE_I2C_ADDR
        hex "I2C Address (7-bit)"
        depends on SECURE_ENCLAVE_ENABLED
        default 0x60
        help
            7-bit I2C address of the MOD8ID-DMCF-R. Default is 0x60.
            This matches the factory default; change only if address
            pins have been configured differently.

    config SECURE_ENCLAVE_WAKE_DELAY_MS
        int "Wake delay (ms)"
        default 2
        range 1 10
        help
            Time in milliseconds to wait after sending the wake token
            before attempting to read the wake response or send a command.

    config SECURE_ENCLAVE_LOCK_SAFETY
        bool "Enable lock safety (prevent irreversible zone locking)"
        depends on SECURE_ENCLAVE_ENABLED
        default y
        help
            When enabled, calls to lockConfigZone(), lockDataZone(), and
            lockSlot() will log a warning and return without actually locking
            anything. Disable this only when you are ready to permanently
            lock the chip. Cannot be undone once a lock is committed.

    config SECURE_ENCLAVE_CMD_TIMEOUT_MS
        int "Default command timeout (ms)"
        default 200
        range 50 5000
        help
            Maximum time in milliseconds to wait for any single command
            response before declaring a timeout error.

endmenu
