wifi: Pull latest hostap changes #3525
Draft
+24,019
−5,418
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replaced the old tddconf with the full coresight driver that configures the coresight peripherals locally on the running core. Also fixed minor bug in the corresponding sample where messages were not shown for the radio core. Signed-off-by: Karsten Koenig <[email protected]> (cherry picked from commit 02fb6fa)
Make sure the nordic_vpr_launcher gets started after the coresight driver if that is present. Signed-off-by: Karsten Koenig <[email protected]> (cherry picked from commit 24353a8)
Added a new convience snippet to redirect logs to STM and then sink them to TPIU where they can be captured by a trace probe. Signed-off-by: Karsten Koenig <[email protected]> (cherry picked from commit 0b5bb3c)
The JLinkScript originally configured more than needed which reduces readability, so stripped it down to the minimum. At the same time improved behavior under reset and added ETM to the radiocore JLinkScript. Signed-off-by: Karsten Koenig <[email protected]> (cherry picked from commit a50dc9f)
Configure SDP MSPI pins to switch their control to VPR core Signed-off-by: Jakub Zymelka <[email protected]> Signed-off-by: Andrzej Głąbek <[email protected]> Signed-off-by: Magdalena Pastula <[email protected]> Signed-off-by: Karsten Koenig <[email protected]> (cherry picked from commit a9bcc44) (cherry picked from commit 2e74ea7) (cherry picked from commit 915e81a)
…river There were recent changes to nrf54h20dk and STM driver. Align test accordingly: - add Kconfig that boots Radio core, - update expected timing results. Signed-off-by: Sebastian Głąb <[email protected]> (cherry picked from commit 3d56c2f)
This reverts commit 4fa4304. Signed-off-by: Triveni Danda <[email protected]>
Fix overriding the test certificates directory for enterprise mode when using sysbuild. The override already works as expected without sysbuild. Signed-off-by: Triveni Danda <[email protected]> (cherry picked from commit 57a35d9)
Add support for UICR.SECONDARY.TRIGGER configuration, which enables automatic booting of secondary firmware based on specific reset reasons. This introduces Kconfig options for configuring: - UICR.SECONDARY.TRIGGER.ENABLE - Enable/disable automatic triggers - UICR.SECONDARY.TRIGGER.RESETREAS - Bitmask of reset reasons that trigger secondary firmware boot Individual Kconfig options are provided for each reset reason: - APPLICATIONWDT0/1 - Application core watchdog timeouts - APPLICATIONLOCKUP - Application core CPU lockup - RADIOCOREWDT0/1 - Radio core watchdog timeouts - RADIOCORELOCKUP - Radio core CPU lockup Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 9dc2b61)
…ECTEDMEM Add support for UICR.SECONDARY.PROTECTEDMEM configuration, which enables configuration of the protected memory region for secondary firmware. This introduces Kconfig options for configuring: - GEN_UICR_SECONDARY_PROTECTEDMEM - Enable/disable protected memory for secondary firmware - GEN_UICR_SECONDARY_PROTECTEDMEM_SIZE_BYTES - Size of the protected memory region in bytes The implementation validates that the configured size is divisible by 4096 bytes (4 KiB) as required by the hardware, and converts it to 4 KiB units when writing to UICR.SECONDARY.PROTECTEDMEM.SIZE4KB. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit c3f6b8c)
Add support for UICR.LOCK configuration, which locks the entire UICR configuration in NVR0 to prevent unauthorized modifications. This introduces a Kconfig option GEN_UICR_LOCK that enables locking of the UICR. Once locked, the UICR can only be modified by performing an ERASEALL operation. This is a critical security feature for production devices, typically enabled alongside UICR.APPROTECT, UICR.PROTECTEDMEM, and UICR.ERASEPROTECT to establish a complete device protection scheme. When enabled, the gen_uicr.py script sets UICR.LOCK to 0xFFFFFFFF, which configures the NVR0 page as read-only and enforces integrity checks on the UICR content. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 1ffdf09)
Add support for UICR.ERASEPROTECT configuration, which blocks ERASEALL operations to prevent bulk erasure of protected memory. This introduces a Kconfig option GEN_UICR_ERASEPROTECT that enables blocking of ERASEALL operations on NVR0, preserving UICR settings even if an attacker attempts a full-chip erase. This is a critical security feature for production devices. When enabled together with UICR.LOCK, it becomes impossible to modify the UICR in any way, establishing a permanent device protection scheme. Due to this irreversibility, it should only be enabled during the final stages of production. When enabled, the gen_uicr.py script sets UICR.ERASEPROTECT to 0xFFFFFFFF, which prevents the ERASEALL command from affecting the NVR0 page. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit e20352d)
Add support for UICR.APPROTECT configuration, which controls debugger and access-port permissions through the TAMPC peripheral. This introduces three Kconfig options that allow independent control over access port protection for different processor domains: - GEN_UICR_APPROTECT_APPLICATION_PROTECTED: Controls debug access to the application domain processor - GEN_UICR_APPROTECT_RADIOCORE_PROTECTED: Controls debug access to the radio core processor - GEN_UICR_APPROTECT_CORESIGHT_PROTECTED: Controls access to the CoreSight debug infrastructure When enabled, each option sets the corresponding UICR.APPROTECT register to PROTECTED (0xFFFFFFFF), which disables debug access for that domain. When disabled, the registers remain at their erased value (UNPROTECTED), allowing full debug access. This feature is critical for production devices where debug access must be restricted to prevent unauthorized access to sensitive code and data. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 1438f8a)
…e transition Add --permit-permanently-transitioning-device-to-deployed safety flag to gen_uicr.py, required when enabling both UICR.LOCK and UICR.ERASEPROTECT together. This prevents accidental permanent locking of devices since this combination makes the configuration irreversible. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 35b89ab)
- The UUID is the device unique identifier read from the OTP and made available in boot report to avoid the repetitive slow reads from OTP. Signed-off-by: Aymen LAOUINI <[email protected]> (cherry picked from commit 4312c88)
…r/zephyr.hex uicr/zephyr/zephyr.hex needs to be built after all other zephyr images. Instead of adding a dependency on uicr, we check the sysbuild_images property to find images. Also, we check it as late possible by using the cmake_language(DEFER DIRECTORY feature. Which will ensure that running this code will be one of the last things that the CMake sysbuild program does at Configure time. Upstream PR #: 97685 Signed-off-by: Sebastian Bøe <[email protected]>
…ronSide LED pins need to be set in the cpuapp/iron rev. 0.2.0 overlay. Signed-off-by: Tommi Kangas <[email protected]> (cherry picked from commit f8f87c0)
…he issue Added a workaround for nRF9280 SoC1.1 data cache related issue. Signed-off-by: Tommi Kangas <[email protected]> (cherry picked from commit c01c4e9)
All nrf54h flash tests require 'gpio_loopback' fixture Signed-off-by: Bartosz Miller <[email protected]> (cherry picked from commit 4ad24ca)
…15 tests. Add case for using flash with some parameters read with runtime sfdp instead of dt declarations. Upstream PR #: 97495 Signed-off-by: Bartlomiej Buczek <[email protected]>
Extend jesd216 sample with nrf54l15dk cases. These platforms have jesd216 compatible flash memories on board. Upstream PR #: 97495 Signed-off-by: Bartlomiej Buczek <[email protected]>
The DT_MTD_FROM_FIXED_SUBPARTITION must go one level more than the DT_MTD_FROM_FIXED_PARTITION counterpart. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit e4ecd4b)
Currently the DT_FIXED_PARTITION_ADDR as well as DT_FIXED_SUBPARTITION_ADDR works only for partitions under the soc,nv-flash -compatible nodes. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 5c010ed)
Allow to use both partition and subpartition names when suing the flash_map API. That way it is possible to introduce a hierarchy within DTS in a backward compatible way. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 3ae8a43)
Fix region for PM ram function on radiocore. Upstream PR #: 97792 Signed-off-by: Adam Kondraciuk <[email protected]>
Reset cause API was expanded with two more reset causes. These are RESET_BOOTLOADER and RESET_FLASH. Add handling of RESET_BOOTLOADER and RESET_FLASH to reset_cause test. Signed-off-by: Sebastian Głąb <[email protected]> (cherry picked from commit 9ff2c0f)
Specifying undefined symbol on linker invocation requests the linker to search and include the symbol. This ensures the symbol will be present in final output. Signed-off-by: Torsten Rasmussen <[email protected]> (cherry picked from commit 428279e)
…ion" This reverts commit 28efd42. Signed-off-by: Tomasz Chyrowicz <[email protected]>
Use cpuapp_slot_partition instead of slot0_partition, so it is possible to add MCUboot header through --pad-header option. In such cases, the FLASH_LOAD_OFFSET does not point to the begining of the slot, but to the beginning of the executable area, thus the check for the active slot should use ranges instead of exact values. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 14af165)
It is possible to add MCUboot header through --pad-header option. In such cases, the FLASH_LOAD_OFFSET does not point to the beginning of the slot, but to the beginning of the executable area, thus the check for the active slot should use ranges instead of exact values. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 3261569)
Add configuration options for background scanning (bgscan) in wpa_supplicant. Signed-off-by: Pieter De Gendt <[email protected]> (cherry picked from commit 93c4dbd)
Add a shell command to configure the background scanning. Signed-off-by: Pieter De Gendt <[email protected]> (cherry picked from commit 1da7a11)
Use `ssids` instead of `filter_ssids` to set the SSID in probe requests. `filter_ssids` are to filter scan results to include only the specified SSIDs. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
In P2P mode, inform supplicant that the driver is P2P capable. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
Add supplicant api and mgmt ops support for P2P discovery. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
…d support Add shell command support for P2P discovery. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
Update hostap revision to add wpa_cli command response with no print. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]> Signed-off-by: Kapil Bhatt <[email protected]>
Update nrf_wifi revision to include support for P2P feature. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
Add ops for remain-on-channel and cancelling remain-on-channel. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
…e responses For frames sent down by supplicant in station mode, inform RPU to allow off-channel transmission. This is needed for sending P2P probe responses. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
For frames like Probe Requests, there is no match criterion. Re-arrange the checks to support registering of frames without providing any matching info. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
Increase required heap and stack size for P2P. More stack was required during WPS negotiation. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
We now support a single MbedTLS shim for hostap, so, this extra check is not needed, we can always use DH5 groups from Mbedtls. Upstream PR #: 97183 Signed-off-by: Chaitanya Tata <[email protected]>
Add structures and API support for P2P connect. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
…support Add shell command support for P2P connect. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
The Kconfig NRF70_P2P_MODE should be enabled when WIFI_NM_WPA_SUPPLICANT_P2P is enabled. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
Add Wi-Fi P2P mode build command and info. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
Enable build time configs required for supporting P2P GO mode. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
Additional heap is required for supporting P2P GO mode. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
Add per-peer authorized parameter. Port authorization command from supplicant will set this flag and will be used by driver to allow or nor allow data traffic. Upstream PR #: 97183 Signed-off-by: Ravi Dondaputi <[email protected]>
Add structures and API support for P2P Go mode. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
Add shell commands support for P2P GO mode. Upstream PR #: 97183 Signed-off-by: Kapil Bhatt <[email protected]>
Fix build failure in case a different SAE implementation is used (e.g., PSA). Upstream PR #: 99474 Signed-off-by: Chaitanya Tata <[email protected]>
|
The following west manifest projects have changed revision in this Pull Request:
⛔ DNM label due to: 1 project with PR revision Note: This message is automatically posted and updated by the Manifest GitHub Action. |
github-actions
bot
added
manifest
manifest-nrf_wifi
manifest-hostap
DNM (manifest)
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
57 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on #3452 will be rebased after merge.
Latest hostap including SAE fix.
manifest-pr-skip