Make sure the nordic_vpr_launcher gets started after the coresight
driver if that is present.

Signed-off-by: Karsten Koenig <[email protected]>
(cherry picked from commit 24353a8)

Added a new convience snippet to redirect logs to STM and then sink them
to TPIU where they can be captured by a trace probe.

Signed-off-by: Karsten Koenig <[email protected]>
(cherry picked from commit 0b5bb3c)

The JLinkScript originally configured more than needed which reduces
readability, so stripped it down to the minimum.
At the same time improved behavior under reset and added ETM to the
radiocore JLinkScript.

Signed-off-by: Karsten Koenig <[email protected]>
(cherry picked from commit a50dc9f)

Configure SDP MSPI pins to switch their control to VPR core

Signed-off-by: Jakub Zymelka <[email protected]>
Signed-off-by: Andrzej Głąbek <[email protected]>
Signed-off-by: Magdalena Pastula <[email protected]>
Signed-off-by: Karsten Koenig <[email protected]>
(cherry picked from commit a9bcc44)
(cherry picked from commit 2e74ea7)
(cherry picked from commit 915e81a)

…river

There were recent changes to nrf54h20dk and STM driver.
Align test accordingly:
- add Kconfig that boots Radio core,
- update expected timing results.

Signed-off-by: Sebastian Głąb <[email protected]>
(cherry picked from commit 3d56c2f)

This reverts commit 4fa4304.

Signed-off-by: Triveni Danda <[email protected]>

Fix overriding the test certificates directory for enterprise mode
when using sysbuild. The override already works as expected without
sysbuild.

Signed-off-by: Triveni Danda <[email protected]>
(cherry picked from commit 57a35d9)

Add support for UICR.SECONDARY.TRIGGER configuration, which enables
automatic booting of secondary firmware based on specific reset reasons.

This introduces Kconfig options for configuring:
- UICR.SECONDARY.TRIGGER.ENABLE - Enable/disable automatic triggers
- UICR.SECONDARY.TRIGGER.RESETREAS - Bitmask of reset reasons that
  trigger secondary firmware boot

Individual Kconfig options are provided for each reset reason:
- APPLICATIONWDT0/1 - Application core watchdog timeouts
- APPLICATIONLOCKUP - Application core CPU lockup
- RADIOCOREWDT0/1 - Radio core watchdog timeouts
- RADIOCORELOCKUP - Radio core CPU lockup

Signed-off-by: Sebastian Bøe <[email protected]>
(cherry picked from commit 9dc2b61)

…ECTEDMEM

Add support for UICR.SECONDARY.PROTECTEDMEM configuration, which enables
configuration of the protected memory region for secondary firmware.

This introduces Kconfig options for configuring:
- GEN_UICR_SECONDARY_PROTECTEDMEM - Enable/disable protected memory
  for secondary firmware
- GEN_UICR_SECONDARY_PROTECTEDMEM_SIZE_BYTES - Size of the protected
  memory region in bytes

The implementation validates that the configured size is divisible by
4096 bytes (4 KiB) as required by the hardware, and converts it to
4 KiB units when writing to UICR.SECONDARY.PROTECTEDMEM.SIZE4KB.

Signed-off-by: Sebastian Bøe <[email protected]>
(cherry picked from commit c3f6b8c)

Add support for UICR.LOCK configuration, which locks the entire UICR
configuration in NVR0 to prevent unauthorized modifications.

This introduces a Kconfig option GEN_UICR_LOCK that enables locking
of the UICR. Once locked, the UICR can only be modified by performing
an ERASEALL operation.

This is a critical security feature for production devices, typically
enabled alongside UICR.APPROTECT, UICR.PROTECTEDMEM, and
UICR.ERASEPROTECT to establish a complete device protection scheme.

When enabled, the gen_uicr.py script sets UICR.LOCK to 0xFFFFFFFF,
which configures the NVR0 page as read-only and enforces integrity
checks on the UICR content.

Signed-off-by: Sebastian Bøe <[email protected]>
(cherry picked from commit 1ffdf09)

Add support for UICR.ERASEPROTECT configuration, which blocks ERASEALL
operations to prevent bulk erasure of protected memory.

This introduces a Kconfig option GEN_UICR_ERASEPROTECT that enables
blocking of ERASEALL operations on NVR0, preserving UICR settings even
if an attacker attempts a full-chip erase.

This is a critical security feature for production devices. When enabled
together with UICR.LOCK, it becomes impossible to modify the UICR in
any way, establishing a permanent device protection scheme. Due to this
irreversibility, it should only be enabled during the final stages of
production.

When enabled, the gen_uicr.py script sets UICR.ERASEPROTECT to
0xFFFFFFFF, which prevents the ERASEALL command from affecting the
NVR0 page.

Signed-off-by: Sebastian Bøe <[email protected]>
(cherry picked from commit e20352d)

Add support for UICR.APPROTECT configuration, which controls debugger
and access-port permissions through the TAMPC peripheral.

This introduces three Kconfig options that allow independent control
over access port protection for different processor domains:

- GEN_UICR_APPROTECT_APPLICATION_PROTECTED: Controls debug access to
  the application domain processor
- GEN_UICR_APPROTECT_RADIOCORE_PROTECTED: Controls debug access to
  the radio core processor
- GEN_UICR_APPROTECT_CORESIGHT_PROTECTED: Controls access to the
  CoreSight debug infrastructure

When enabled, each option sets the corresponding UICR.APPROTECT
register to PROTECTED (0xFFFFFFFF), which disables debug access for
that domain. When disabled, the registers remain at their erased value
(UNPROTECTED), allowing full debug access.

This feature is critical for production devices where debug access must
be restricted to prevent unauthorized access to sensitive code and data.

Signed-off-by: Sebastian Bøe <[email protected]>
(cherry picked from commit 1438f8a)

…e transition

Add --permit-permanently-transitioning-device-to-deployed safety flag
to gen_uicr.py, required when enabling both UICR.LOCK and
UICR.ERASEPROTECT together. This prevents accidental permanent locking
of devices since this combination makes the configuration irreversible.

Signed-off-by: Sebastian Bøe <[email protected]>
(cherry picked from commit 35b89ab)

- The UUID is the device unique identifier read from the
OTP and made available in boot report to avoid the repetitive
slow reads from OTP.

Signed-off-by: Aymen LAOUINI <[email protected]>
(cherry picked from commit 4312c88)

…r/zephyr.hex

uicr/zephyr/zephyr.hex needs to be built after all other zephyr
images.

Instead of adding a dependency on uicr, we check the sysbuild_images
property to find images.

Also, we check it as late possible by using the cmake_language(DEFER
DIRECTORY feature. Which will ensure that running this code will be
one of the last things that the CMake sysbuild program does at
Configure time.

Upstream PR #: 97685

Signed-off-by: Sebastian Bøe <[email protected]>

…ronSide

LED pins need to be set in the cpuapp/iron rev. 0.2.0 overlay.

Signed-off-by: Tommi Kangas <[email protected]>
(cherry picked from commit f8f87c0)

…he issue

Added a workaround for nRF9280 SoC1.1 data cache related issue.

Signed-off-by: Tommi Kangas <[email protected]>
(cherry picked from commit c01c4e9)

All nrf54h flash tests require 'gpio_loopback' fixture

Signed-off-by: Bartosz Miller <[email protected]>
(cherry picked from commit 4ad24ca)

…15 tests.

Add case for using flash with some parameters read with runtime sfdp
instead of dt declarations.

Upstream PR #: 97495

Signed-off-by: Bartlomiej Buczek <[email protected]>

Extend jesd216 sample with nrf54l15dk cases. These platforms have
jesd216 compatible flash memories on board.

Upstream PR #: 97495

Signed-off-by: Bartlomiej Buczek <[email protected]>

The DT_MTD_FROM_FIXED_SUBPARTITION must go one level more than the
DT_MTD_FROM_FIXED_PARTITION counterpart.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit e4ecd4b)

Currently the DT_FIXED_PARTITION_ADDR as well as
DT_FIXED_SUBPARTITION_ADDR works only for partitions under the
soc,nv-flash -compatible nodes.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 5c010ed)

Allow to use both partition and subpartition names when suing the
flash_map API.
That way it is possible to introduce a hierarchy within DTS in a
backward compatible way.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 3ae8a43)

Fix region for PM ram function on radiocore.

Upstream PR #: 97792

Signed-off-by: Adam Kondraciuk <[email protected]>

Reset cause API was expanded with two more reset causes.
These are RESET_BOOTLOADER and RESET_FLASH.

Add handling of RESET_BOOTLOADER and RESET_FLASH to reset_cause test.

Signed-off-by: Sebastian Głąb <[email protected]>
(cherry picked from commit 9ff2c0f)

Specifying undefined symbol on linker invocation requests the linker to
search and include the symbol.
This ensures the symbol will be present in final output.

Signed-off-by: Torsten Rasmussen <[email protected]>
(cherry picked from commit 428279e)

…ion"

This reverts commit 28efd42.

Signed-off-by: Tomasz Chyrowicz <[email protected]>

Use cpuapp_slot_partition instead of slot0_partition, so it is possible
to add MCUboot header through --pad-header option.
In such cases, the FLASH_LOAD_OFFSET does not point to the begining of
the slot, but to the beginning of the executable area, thus the check
for the active slot should use ranges instead of exact values.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 14af165)

It is possible to add MCUboot header through --pad-header option.
In such cases, the FLASH_LOAD_OFFSET does not point to the beginning of
the slot, but to the beginning of the executable area, thus the check
for the active slot should use ranges instead of exact values.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 3261569)

Add a shell command to configure the background scanning.

Signed-off-by: Pieter De Gendt <[email protected]>
(cherry picked from commit 1da7a11)

Use `ssids` instead of `filter_ssids` to set the SSID in probe
requests. `filter_ssids` are to filter scan results to include
only the specified SSIDs.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

In P2P mode, inform supplicant that the driver is P2P capable.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

Add supplicant api and  mgmt ops support for P2P discovery.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

…d support

Add shell command support for P2P discovery.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

Update hostap revision to add wpa_cli command
response with no print.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>
Signed-off-by: Kapil Bhatt <[email protected]>

Update nrf_wifi revision to include support for
P2P feature.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

Add ops for remain-on-channel and cancelling remain-on-channel.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

…e responses

For frames sent down by supplicant in station mode, inform RPU
to allow off-channel transmission. This is needed for sending
P2P probe responses.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

For frames like Probe Requests, there is no match criterion.
Re-arrange the checks to support registering of frames without
providing any matching info.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

Increase required heap and stack size for P2P. More stack was required
during WPS negotiation.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

We now support a single MbedTLS shim for hostap, so, this extra check is
not needed, we can always use DH5 groups from Mbedtls.

Upstream PR #: 97183

Signed-off-by: Chaitanya Tata <[email protected]>

Add structures and API support for P2P connect.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

…support

Add shell command support for P2P connect.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

The Kconfig NRF70_P2P_MODE should be enabled when
WIFI_NM_WPA_SUPPLICANT_P2P is enabled.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

Add Wi-Fi P2P mode build command and info.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

Enable build time configs required for supporting P2P GO mode.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

Additional heap is required for supporting P2P GO mode.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

Add per-peer authorized parameter. Port authorization command
from supplicant will set this flag and will be used by driver
to allow or nor allow data traffic.

Upstream PR #: 97183

Signed-off-by: Ravi Dondaputi <[email protected]>

Add structures and API support for P2P Go mode.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

Add shell commands support for P2P GO mode.

Upstream PR #: 97183

Signed-off-by: Kapil Bhatt <[email protected]>

Fix build failure in case a different SAE implementation is used (e.g.,
PSA).

Upstream PR #: 99474

Signed-off-by: Chaitanya Tata <[email protected]>