Partially revert 1bcc0652241af70d0b28aee155f260cd9ca0fc74
This change impacts all other scripts that import those modules, while
those weren't updated.
It will be hard to maintain this list, whilst keeping the entire tree
compliant.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Add --permit-permanently-transitioning-device-to-deployed safety flag
to gen_uicr.py, required when enabling both UICR.LOCK and
UICR.ERASEPROTECT together. This prevents accidental permanent locking
of devices since this combination makes the configuration irreversible.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add support for UICR.APPROTECT configuration, which controls debugger
and access-port permissions through the TAMPC peripheral.
This introduces three Kconfig options that allow independent control
over access port protection for different processor domains:
- GEN_UICR_APPROTECT_APPLICATION_PROTECTED: Controls debug access to
the application domain processor
- GEN_UICR_APPROTECT_RADIOCORE_PROTECTED: Controls debug access to
the radio core processor
- GEN_UICR_APPROTECT_CORESIGHT_PROTECTED: Controls access to the
CoreSight debug infrastructure
When enabled, each option sets the corresponding UICR.APPROTECT
register to PROTECTED (0xFFFFFFFF), which disables debug access for
that domain. When disabled, the registers remain at their erased value
(UNPROTECTED), allowing full debug access.
This feature is critical for production devices where debug access must
be restricted to prevent unauthorized access to sensitive code and data.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add support for UICR.ERASEPROTECT configuration, which blocks ERASEALL
operations to prevent bulk erasure of protected memory.
This introduces a Kconfig option GEN_UICR_ERASEPROTECT that enables
blocking of ERASEALL operations on NVR0, preserving UICR settings even
if an attacker attempts a full-chip erase.
This is a critical security feature for production devices. When enabled
together with UICR.LOCK, it becomes impossible to modify the UICR in
any way, establishing a permanent device protection scheme. Due to this
irreversibility, it should only be enabled during the final stages of
production.
When enabled, the gen_uicr.py script sets UICR.ERASEPROTECT to
0xFFFFFFFF, which prevents the ERASEALL command from affecting the
NVR0 page.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add support for UICR.LOCK configuration, which locks the entire UICR
configuration in NVR0 to prevent unauthorized modifications.
This introduces a Kconfig option GEN_UICR_LOCK that enables locking
of the UICR. Once locked, the UICR can only be modified by performing
an ERASEALL operation.
This is a critical security feature for production devices, typically
enabled alongside UICR.APPROTECT, UICR.PROTECTEDMEM, and
UICR.ERASEPROTECT to establish a complete device protection scheme.
When enabled, the gen_uicr.py script sets UICR.LOCK to 0xFFFFFFFF,
which configures the NVR0 page as read-only and enforces integrity
checks on the UICR content.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add support for UICR.SECONDARY.PROTECTEDMEM configuration, which enables
configuration of the protected memory region for secondary firmware.
This introduces Kconfig options for configuring:
- GEN_UICR_SECONDARY_PROTECTEDMEM - Enable/disable protected memory
for secondary firmware
- GEN_UICR_SECONDARY_PROTECTEDMEM_SIZE_BYTES - Size of the protected
memory region in bytes
The implementation validates that the configured size is divisible by
4096 bytes (4 KiB) as required by the hardware, and converts it to
4 KiB units when writing to UICR.SECONDARY.PROTECTEDMEM.SIZE4KB.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add support for UICR.SECONDARY.TRIGGER configuration, which enables
automatic booting of secondary firmware based on specific reset reasons.
This introduces Kconfig options for configuring:
- UICR.SECONDARY.TRIGGER.ENABLE - Enable/disable automatic triggers
- UICR.SECONDARY.TRIGGER.RESETREAS - Bitmask of reset reasons that
trigger secondary firmware boot
Individual Kconfig options are provided for each reset reason:
- APPLICATIONWDT0/1 - Application core watchdog timeouts
- APPLICATIONLOCKUP - Application core CPU lockup
- RADIOCOREWDT0/1 - Radio core watchdog timeouts
- RADIOCORELOCKUP - Radio core CPU lockup
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add support for UICR.WDTSTART.
UICR.WDTSTART configures the automatic start of a local watchdog timer
before the application core is booted. This provides early system
protection ensuring that the system can recover from early boot
failures.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The current size_report generates "ram" and "rom" reports, but not one
showing the total of all run-time memory used (the "ram" report does not
include memory required to load the code for non-XIP boards).
Summing the existing reports does not work as it double-counts
statically initialized data.
The new "all" report shows the correct accounting of all run-time memory
used.
To support this functionality the "targets" argument has been extended
to allow multiple arguments, for example to generate all three reports:
$ size_report -k ... -z ... --output=. ram rom all
In the JSON output, the location ("ram" or "rom") is included in the
"loc" property for each symbol.
Signed-off-by: Graham Roff <grahamr@qti.qualcomm.com>
Removed redundant try..except around the code
and fixed a test for that code which was false positive.
Signed-off-by: Łukasz Fundakowski <lukasz.fundakowski@nordicsemi.no>
dt_nodelabel_int_prop did not check if the property existed on the node
before accessing it, which would result in a build-time crash (and thus
build error) if used on a node which lacked the requested property.
Fix by using the common _node_int_prop() helper which handles all edge
cases properly.
Signed-off-by: Mathieu Choplain <mathieu.choplain-ext@st.com>
When checking for "do not merge" labels on a pull request, also consider
any label that starts with "block:" as a DNM label (e.g "block: HW
Test").
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
If we have multiple runners listed under a module,
Each runner py file will individually overload and overwrite the
prior module loaded, because it is using the same module name.
Signed-off-by: James Growden <jgrowden@tenstorrent.com>
The `ok` state is deprecated and very few files are using this.
The DTS spec also does not have this value.
This PR removes this value once and for all.
Signed-off-by: Kyle Micallef Bonnici <kylebonnici@hotmail.com>
Add 'dt_node_has_prop' expression to use the existence of a node property
as a filter in Twister test configuration yaml files.
First argument must be a node alias (in aliases node) or a node path,
not a nodelabel.
Signed-off-by: Abderrahmane JARMOUNI <git@jarmouni.me>
This commit moves the `zaru.py` script to `scripts/instrumentation`, and
adjusts references to the script in other places.
Signed-off-by: Filip Kokosinski <fkokosinski@antmicro.com>
Align with native_simulator's upstream main
4641dad899979528e4083aa762651388a2a7ec7b
Which includes:
4641dad common: nsi_internal.h: Use NSI_INLINE macros
7a1156c nsi_tasks: move header to include folder
6b7d76a nct: fix restarting sem_wait after signal
166516d nce: fix restarting sem_wait after signal
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This commit adds 'zaru', a CLI tool for the instrumentation subsystem.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Signed-off-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Maciej Sobkowski <msobkowski@antmicro.com>
It is very common to see a comment stating that the
"No Space Before Opening Brackets" style guide is not followed.
To avoid putting this burdon on reviewers, let the compliance
check catch this instead.
Checking for tab indentation was also very simple, so also added
this.
Running this check on all files finds many violations:
- Space before opening brackets: 141 violations
- Tab indentation: 420 violations
Fixing these will not be done as part of this PR. Adding the check
will prevent us from adding new violations.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Commit e4650bc349 modified check_compliance
to avoid false negatives when a commit has multiple signoff lines and the
author's signoff line isn't the first one. To avoid this, a signoff line
which matches exactly the author's name and email is searched instead of
matching any line with the proper syntax and checking the fields.
While this solved the original issue, this also introduced a new issue:
whereas the old script would distinguish a properly formed signoff line
with the wrong author from a malformed signoff line, the new method now
checks both the syntax and the author name/email at the same time. As
such, the script will report "signoff line does not follow the syntax"
for both situations, but the signoff line DOES follow the syntax in the
latter case: the error message is then only a misleading red herring.
Fix this issue - and improve the check - by verifying every signoff line
in a commit's message body. Invalid syntax on any line is reported as a
"does not follow syntax" failure, whereas inability to find the commit
author is reported as a separate "no signoff entry matches commit author"
failure as it should always have...
Signed-off-by: Mathieu Choplain <mathieu.choplain-ext@st.com>
When checking for emails/sign-off, if parsing of the commit information
using 'git show' fails, the 'auth_name', 'auth_email' and 'body' variables
are unbound but accessed right afterwards, which would cause an error.
Skip straight to next iteration of the loop when such an error occurs to
ensure access to the unbound variables is never performed.
This error was reported by the VS Code Pylance analyzer.
Signed-off-by: Mathieu Choplain <mathieu.choplain-ext@st.com>
Our build system DT API has a dt_comp_path() function used to look up
paths of nodes with a given compatible. This relies on the generated
edt.pickle.cmake file in the build directory to look inside the
concrete devicetree for the current application build.
The script gen_dts_cmake.py is responsible for generating
edt.pickle.cmake. It currently generates the data needed by
dt_comp_path() by looking inside each edtlib.Node object's "props"
attribute. This attribute in turn is fed by the "properties:" key in
the node's YAML binding. This leads to an edge case which is breaking
the dt_comp_path() API.
In most cases, we don't notice this edge case because base.yaml, which
is included by nearly all bindings, has a definition for "compatible"
in its "properties:" map. However, bindings are not required to
include base.yaml, and bindings do not have to explicitliy define a
"compatible" entry in their "properties:". An example of a binding
that does neither is fixed-partitions.yaml: it only has #address-cells
and #size-cells in its "properties:".
Nonetheless, "compatible:" is always a valid property name because
it's defined in the DT spec, and we should make the CMake API robustly
detect all nodes with a given compatible, regardless of whether that
node's binding explicitly defines it or not.
To make this happen, rely on the edtlib.Node.compats attribute instead
of edtlib.Node.props. The compats attribute is always defined even if
the node's YAML binding doesn't have an explicit entry for
"compatible".
Signed-off-by: Martí Bolívar <marti.bolivar@oss.qualcomm.com>
This commit provides a CMakePresets.json which includes the sample's
CMakePresets.json file.
`west build` is extended to set `APP_DIR` in environment when sysbuild
is used. This allows sysbuild's CMakePresets.json to include the
sample's presets file.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
gcovr 8.0 introduces suspicious_hits detection, warn on such detection, but
do not stop coverage calculation at all.
Signed-off-by: Bartlomiej Buczek <bartlomiej.buczek@nordicsemi.no>
To avoid conflicts between the C library's `time.h` and signal.h use an
"override" header (when necessary) for C libraries that do not themselves
provide POSIX definitions in `time.h` or `signal.h`.
V2
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Align with native_simulator's upstream main
4eab13716376e63236d77013f996a897d24dd780
Which includes:
4eab137 Host trampolines: Add getenv/setenv
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
If twister exits by sys.exit function or by raising
the SystemExit exception, catch that exceptions and
return proper exit code.
Signed-off-by: Łukasz Fundakowski <lukasz.fundakowski@nordicsemi.no>
Script does not handle already assigned PRs correctly, revert until we
have a proper fix.
This reverts commit 972ebb64dc.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
In cases where we are not able to assign a PR due to lack of matches in
the maintainer file, add the release team to the reviewers so someone
can triage it. Also add a comment to make it clear that the release team
was added for triage purposes only.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
fixed fallback to default build directory (build) in case that no other
build directory could be determined.
Signed-off-by: Thorsten Klein <Thorsten.Klein@bshg.com>
To avoid conflicts between the C library's `time.h` and signal.h use an
"override" header (when necessary) for C libraries that do not themselves
provide POSIX definitions in `time.h` or `signal.h`.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Add comprehensive enhancements to the probe-rs runner:
- New parameters: --reset, --protocol, --speed, --verify, etc
- RTT logging support via 'attach' command
- Smart binary format detection with FileType support
- Enhanced debug/debugserver with improved GDB integration
- Conditional reset after flashing instead of always resetting
Maintains upstream compatibility while significantly expanding
probe-rs capabilities for embedded development workflows.
Signed-off-by: Jared Wolff <hello@jaredwolff.com>
Introduce a streaming APIs for ADC devices.
Two new APIs are added to the adc_driver_api: submit and get_decoder.
Added decoder following APIs: get_frame_count, get_size_info, decode,
has_trigger.
Supported triggers are:
- ADC_TRIG_DATA_READY
- ADC_TRIG_FIFO_WATERMARK
- ADC_TRIG_FIFO_FULL
Supported operations to be done on trigger:
- include - whatever data is associated with the trigger
- nop - do nothing with data associated with the trigger
- drop - clear data associated with the trigger
Some changes to the linker scripts were needed to add decoder APIs.
Signed-off-by: Vladislav Pejic <vladislav.pejic@orioninc.com>
Converted `arch-schema.yml`, `board-schema.yml`, and `soc-schema.yml`
from PyYAML format to JSON Schema format, including baking in some of
the validation rules that were deferred to ad hoc Python right into the
schemas (e.g. mutual exclusivity of certain fields).
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Users can specify a Zephyr SDK installation directory using the
`ZEPHYR_SDK_INSTALL_DIR` environment variable. This variable must be
taken into account when listing all installed SDKs, such as with the
`west sdk list` command.
Signed-off-by: Thorsten Klein <thorsten.klein@bshg.com>
Add UICR.SECURESTORAGE configuration based on device tree partitions.
Validates partition layout and populates size fields in 1KB units.
Handles missing partitions gracefully.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
