[to be fromlist] scripts: west: nrf_common: Provision slot invalidati… #3394
+14,833
−1,454
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add `DT_NODE_EXISTS` check to ensure cpurad partition nodes exist before referencing their addresses. This prevents build errors when these partitions are not defined in the devicetree. Upstream PR #: 93815 Signed-off-by: Triveni Danda <[email protected]> (cherry picked from commit 1b785f5)
This commit sets `ZEPHYR_<MODULE_NAME>_KCONFIG` variable for each Kconfig file discovered in `nrf/modules/<module>/Kconfig`. This is not meant as a permanent solution; we should do more careful consideration on the optimal approach forward that will allow compliance_check.py to be used downstream with custom module_ext_roots, and at the same time keep current flexibility for module glue code handling intact. Adds a static path for the NRF Kconfig variable in the check compliance script, this is a temporary workaround due to supporting an external root for NCS that should be reworked to use package helper in future Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Carles Cufi <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 26572f9)
Add scripts/quarantine.yaml file, which will be used in CI. Signed-off-by: Piotr Golyzniak <[email protected]> Signed-off-by: Andrzej Głąbek <[email protected]> Signed-off-by: Maciej Perkowski <[email protected]> Signed-off-by: Robert Lubos <[email protected]> (cherry picked from commit 88c7330)
This file is used for NCS-specific testing configuration based on modifications to files in this repository. Signed-off-by: Alperen Sener <[email protected]> Signed-off-by: Elisabeth Solheim Klakken <[email protected]> Signed-off-by: Mariusz Poslinski <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Robert Lubos <[email protected]> Signed-off-by: Sebastian Wezel <[email protected]> Signed-off-by: Tomasz Tyzenhauz <[email protected]> Signed-off-by: Fredrik Ås <[email protected]> Signed-off-by: Michał Szablowski <[email protected]> Signed-off-by: Tony Le <[email protected]> Signed-off-by: Krishna T <[email protected]> Signed-off-by: Dawid Przybylo <[email protected]> Signed-off-by: Rubin Gerritsen <[email protected]> Signed-off-by: Jørgen Kvalvaag <[email protected]> Signed-off-by: Magne Værnes <[email protected]> Signed-off-by: Lang Xie <[email protected]> Signed-off-by: Alexander Svensen <[email protected]> Signed-off-by: Jan Gałda <[email protected]> Signed-off-by: Vladislav Litvinov <[email protected]> Signed-off-by: Guojun Wang <[email protected]> Signed-off-by: Piotr Kosycarz <[email protected]> Signed-off-by: Thomas Stilwell <[email protected]> Signed-off-by: Krzysztof Szromek <[email protected]> Signed-off-by: Grzegorz Chwierut <[email protected]> Signed-off-by: Eduardo Montoya <[email protected]> Signed-off-by: Pavel Vasilyev <[email protected]> (cherry picked from commit fc65d19)
New Twister schema is not supported yet in sdk-zephyr, drop this patch once Twister is updated. Signed-off-by: Gerard Marull-Paretas <[email protected]> (cherry picked from commit e6f2840)
… map" This reverts commit c37deeb. This is only a temporary change, until we align our CI. To be removed once natsort is avaialble in the NCS CI. Signed-off-by: Robert Lubos <[email protected]> (cherry picked from commit 0250cd1)
Kconfig search is handled in a separate docset in NCS, so remove the page. This is a long-term noup patch. Signed-off-by: Gerard Marull-Paretas <[email protected]> Signed-off-by: Krishna T <[email protected]> (cherry picked from commit 68cba0c)
-This allows configurations enabled by PSA_WANTS_ALG_XXXX to be used to control which TF-M module is enabled -If the TF-M image doesn't support e.g. the MAC APIs, then the MAC interface is not enabled Note: This functionality requires that nrf_security is enabled ref: NCSDK-11689 Make TF-M crypto module depend on PSA_WANT_GENERATE_RANDOM, same as all other crypto modules, which have PSA_HAS to group all PSA features that require the module. This makes TF-M by default exclude the RNG module when not needed. Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 5620a79)
Out-of-tree crypto subsystems need to deselect MBEDTLS_BUILTIN, but deselection is not supported. It is however supported to select a dependency in a ! expression. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 0556e7f)
We moved the header files in sdk-mbedtls from the library folder to the include/library folder. This was done to avoid issues when building MbedTLS with the nrf_security module and the Oberon PSA core. The Oberon PSA core provides a subset of these header files and since they are included with quotes we cannot have them in the same directory. This change make the needed adaptions in CMake for the applications that don't use nrf_security. Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit a3505ca)
The commits adds support for generating flash disks from Partition Manager defined partitions. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit a01de06)
The "zephyr-code-partition" chosen DTS node cannot be used when build uses Partition Manager. In that case, mcumgr must rely on the definitions provided by the Partition Manager. Jira: NCSDK-21381 Signed-off-by: Marek Pieta <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 6b04cee)
The commit adds bootutil hook, for nrf5340, to allow it handling the non-accessible image-1/primary slot. Signed-off-by: Andrzej Głąbek <[email protected]> Signed-off-by: Vinayak Kariappa Chettimada <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit c82b5f3)
Migrates child image configuration for this sample over to sysbuild Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 7575580)
Migrates child image configuration for this sample over to sysbuild Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit cda7620)
This is a follow-up to commit 9dd570f. Since in NCS, unlike in vanilla Zephyr, the nano variant of newlib is the default one, restore entries that disable the nano variant in one sample and one test that require the full newlib variant. This patch is supposed to be removed when picolibc becomes the default. Signed-off-by: Andrzej Głąbek <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit a6e6112)
Disables partition manager when building some samples and tests which use sysbuild to prevent build issues Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit d1cb7a9)
Add a Kconfig for th TFM_CRYPTO_PAKE_MODULE_ENABLED to support the PAKE APIs. noup as the PAKE support including the PAKE module doesn't exist yet in upstream TF-M as they depend on mbed TLS support for it Ref: NCSDK-22416 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit 821fa52)
Friend's replies on LPN's polls do not assume randomization in advertiser. Zero randomization will help to optimize time when LPN keeps receiving window open and save power. Signed-off-by: Aleksandr Khromykh <[email protected]> Signed-off-by: Olivier Lesage <[email protected]> (cherry picked from commit 71c24b8)
Fixes issue where randomness can be removed for advertising sets that have to handle other adv types than the BT_MESH_FRIEND_ADV tag type. Signed-off-by: Anders Storrø <[email protected]> Signed-off-by: Aleksandr Khromykh <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 43189af)
…N_MANAGER Active partition ID need to be extracted basing on PARTITION_MANAGER products. ref.:NCSDK-26693 Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit a6e4092) (cherry picked from commit b24d510)
Using a comment to explain Kconfig options make them invisible to Kconfig search. Use help instead. Signed-off-by: Sigurd Hellesvik <[email protected]> (cherry picked from commit c289b57)
There is no point to use PICOLIB here as it bloats the tests. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit cbdf3c2) (cherry picked from commit 8cb54eb)
Provides an option to enable TLS session caching for an MQTT client's secure socket. Signed-off-by: Jan Tore Guggedal <[email protected]> Signed-off-by: Robert Lubos <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> Signed-off-by: Johann Fischer <[email protected]> (cherry picked from commit e15a116)
This commit adds an extra parameter in the configuration structure to configure native TLS support at runtime. Signed-off-by: Mirko Covizzi <[email protected]> (cherry picked from commit 3fbd1c5)
TF-M will uses SPU alignment during build time to make sure all partitions can be locked down with the SPU. So adding them for nRF53 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit bc60d5c)
TF-M will uses SPU alignment during build time to make sure all partitions can be locked down with the SPU. So adding them for nRF91 The nRF54L15 doesn't use the SPU for setting the security attributes for flash/RAM regions. In order to avoid having multiple Kconfigs with similar meaning renamed the alignment Kconfig option to something more generic in order to use the same symbol for all the TrustZone enabled devices. Ref: NCSDK-25023 Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Georgios Vasilakis <[email protected]> (cherry picked from commit a562d96)
Change introduces common static Partition Manager configuration. The tfm_nonsecure partition must be SPU region aligned. Ref: NCSDK-18033 Ref: NCSDK-19515 Signed-off-by: Marek Pieta <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit afef9ef)
Enabling USB CDC by default in Thingy:53 board configuration caused that there were two instances of USB CDC in MCUBoot. Change disables one instance which was added automatically by NCS if MCUBoot bootloader was built as a child image. Jira: NCSDK-18596 Signed-off-by: Mateusz Kapala <[email protected]> Signed-off-by: Johann Fischer <[email protected]> (cherry picked from commit 6d1e377)
Change enables MCUboot bootloader by default to allow programming samples and applications without external programmer (using MCUboot serial recovery). Change also enables network core to prevent build failures when building MCUboot with nRF53 multi image DFU. Jira: NCSDK-18263 Signed-off-by: Marek Pieta <[email protected]> Signed-off-by: Vinayak Kariappa Chettimada <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit ce70796)
Added support for hardening decision on resume from S2RAM by MCUboot bootloader. Application sets additional variable to MCUBOOT_S2RAM_RESUME_MAGIC which allows the bootloader to doublecheck. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit d4bb1c6)
nrf_squash! [nrf noup] soc/nordic/nf54h/pm_s2ram: S2RAM resume hardening Extended mcuboot_resume_s suture by slot_info field intended to be used by MCUboot for recognize proper boot slot in direct-xp mode. Signed-off-by: Andrzej Puzdrowski <[email protected]>
MCUBOOT requires LTO to be enabled, while using code relocation forces switching it off. When `__ramfunc` is used, LTO can also be used. Then the `cache_retain_and_sleep` function will work correctly, but slightly slower. Upstream PR #: 97094 Signed-off-by: Adam Kondraciuk <[email protected]>
…rf54h20 PPR XIP Add overlay and config file required to run the uart_async_api test on nrf54h20dk/nrf54h20/cpuppr/xip platform. Signed-off-by: Sebastian Głąb <[email protected]> (cherry picked from commit e0a9a16)
Extend test coverage with new test. Upstream PR #: 94110 Signed-off-by: Karol Lasończyk <[email protected]>
…nd_buf" This reverts commit adb8f4e. Signed-off-by: Marek Pieta <[email protected]>
…p_send_pdu" This reverts commit 510e36c. Signed-off-by: Marek Pieta <[email protected]>
… TX is done" This reverts commit d1d9b2d. Signed-off-by: Marek Pieta <[email protected]>
By default, the BLE stack calls sent callback for ATT data when the data is passed to BLE controller for transmission. Enabling this Kconfig option delays calling the sent callback until data transmission is finished by BLE controller (the callback is delayed until receiving the Number of Completed Packets HCI Event). If the ATT sent callback is delayed until data transmission is done by BLE controller, the transmitted buffer may have an additional reference. The reference is used to extend lifetime of the net buffer until the data transmission is confirmed by ACK of the remote. Jira: NCSDK-27422 Jira: NCSDK-28624 Jira: NCSDK-35650 Signed-off-by: Marek Pieta <[email protected]>
…eleted When bt_l2cap_send_pdu() succeeds, it transfers buffer ownership to the stack, which must eventually invoke the provided callback. This contract is honored in all paths where transmission becomes impossible: - Normal transmission: callback invoked with err=0 after HCI Number of Completed Packets event (tx_notify_process) - Send errors (after tx allocated): callback invoked with err=-ESHUTDOWN via conn_tx_destroy - Send errors (before tx allocated): callback invoked with the specific error code in send_buf error_return path - Connection disconnect: callbacks invoked with err=-ESHUTDOWN via process_unack_tx -> conn_tx_destroy for all PDUs in tx_pending However, when a channel is deleted (l2cap_chan_del), PDUs remaining in the tx_queue are dropped without invoking their callbacks, violating the ownership contract. Fix this by extracting and invoking any non-NULL callbacks from the closure stored in buf->user_data before releasing the buffers. The callback is invoked with err=-ESHUTDOWN, making this path analogous to process_unack_tx: both drain queues of unsent PDUs when transmission becomes impossible due to external events (channel deletion vs connection disconnect). The only difference is the buffer lifecycle stage - in l2cap_chan_del, PDUs are still in tx_queue (closure in buf->user_data), while in process_unack_tx, they've progressed to tx_pending (callback in bt_conn_tx struct). Note: conn_tx_destroy() cannot be used here because no bt_conn_tx struct has been allocated yet - the closure is still in buf->user_data. Upstream PR #: 97056 Signed-off-by: Aleksander Wasaznik <[email protected]>
Enable twister tests execution on nrf54h20dk/nrf54h20/cpuppr target. Upstream PR #: 97165 Signed-off-by: Bartlomiej Buczek <[email protected]>
Fill in necessary config files with test data. Upstream PR #: 97109 Signed-off-by: Bartlomiej Buczek <[email protected]>
…nd i2s Add missing SoC header include required by memory region assertion to adc_nrfx_saadc and i2s_nrf_tdm shims. Upstream PR #: 97104 Signed-off-by: Michał Bainczyk <[email protected]>
Fill in necessary config files with platforms data. Upstream PR #: 97110 Signed-off-by: Bartlomiej Buczek <[email protected]>
This reverts commit cc5a1b4. Signed-off-by: Andrzej Puzdrowski <[email protected]>
Introduce hook for customize reset.S code even before stack is initialized or RAM is accessed. Hook can be enabled using CONFIG_SOC_EARLY_RESET_HOOK=y. Hook implementation is by soc_early_reset_hook() function which should be provided by custom code. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 418eed0)
…fixture Add "external_flash" fixture to the no_explicit_erase testcase in order to run twister only on boards with such HW setup. Other runnable test cases has it already. Signed-off-by: Piotr Kosycarz <[email protected]> (cherry picked from commit 2318832)
…supply-gpios test Supply-gpios feature test [nrf54h20] requires gpio_loopback fixture. Signed-off-by: Bartosz Miller <[email protected]> (cherry picked from commit 424459d)
…enable check Instead of checking register values directly, use a function from nrfx that does this. Upstream PR #: 96538 Signed-off-by: Michał Bainczyk <[email protected]>
…_access_write Change the value returned from disk_flash_access_write to return the return code instead of a hardcoded zero. Upstream PR #: 95468 Signed-off-by: Michał Bainczyk <[email protected]>
nrf-squash! [nrf noup] entropy: Add fake entropy nRF PRNG driver LM20a is used, L20 was removed. Old L20 file is from other noup: dbd3934 Signed-off-by: Piotr Kosycarz <[email protected]>
Add UICR.SECURESTORAGE configuration based on device tree partitions. Validates partition layout and populates size fields in 1KB units. Handles missing partitions gracefully. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 38a0f71)
…ESSOR Add support for uicr.SECONDARY.PROCESSOR. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 9f45d2c)
Add support for PROTECTEDMEM. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 7c9275c)
…ected Detect secondary images by checking a Kconfig value instead of a marker file. Upstream PR #: 97356 Signed-off-by: Sebastian Bøe <[email protected]>
Add support for UICR.WDTSTART. UICR.WDTSTART configures the automatic start of a local watchdog timer before the application core is booted. This provides early system protection ensuring that the system can recover from early boot failures. Upstream PR #: 97337 Signed-off-by: Sebastian Bøe <[email protected]>
…on json The nRF54L series use a json file which helps to provision 2 KMU slots which are used for invalidating the Protected RAM. This change checks if this file exists and runs the provisioning command of nrfutil with it in order fill the relevant slots. Signed-off-by: Georgios Vasilakis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…on json
The nRF54L series use a json file which helps to provision 2 KMU slots which are used for invalidating the Protected RAM. This change checks if this file exists and runs the provisioning command of nrfutil with it in order fill the relevant slots.