Merge branch 'air-purifier-app-ci-build' of github.com:raul-marquez-csa/connectedhomeip into air-purifier-app-ci-build

raul-marquez-csa · raul-marquez-csa · commit 2c3f777bc098 · 2025-03-11T09:46:36.000-07:00
diff --git a/config/esp32/components/chip/CMakeLists.txt b/config/esp32/components/chip/CMakeLists.txt
@@ -444,6 +444,10 @@ if (CONFIG_SEC_CERT_DAC_PROVIDER)
     list(APPEND matter_requires espressif__esp_secure_cert_mgr)
 endif()
 
+if (CONFIG_ENABLE_ENCRYPTED_OTA)
+    list(APPEND matter_requires espressif__esp_encrypted_img)
+endif()
+
 add_prebuilt_library(matterlib "${CMAKE_CURRENT_BINARY_DIR}/lib/libCHIP.a"
                      REQUIRES ${matter_requires})
 
diff --git a/config/esp32/components/chip/idf_component.yml b/config/esp32/components/chip/idf_component.yml
@@ -11,7 +11,7 @@ dependencies:
             - if: "idf_version >=4.3"
 
     espressif/esp_encrypted_img:
-        version: "2.1.0"
+        version: "2.3.0"
         require: public
         rules:
             - if: "idf_version >=4.4"
diff --git a/docs/platforms/esp32/ota.md b/docs/platforms/esp32/ota.md
@@ -92,35 +92,50 @@ image can be encrypted/decrypted using an RSA-3072 key pair.
 
 Please follow the steps below to generate an application image for OTA upgrades:
 
-1. Generate a new RSA-3072 key pair or use an existing one.
+1.  Generate a new RSA-3072 key pair or use an existing one.
 
-    - To generate a key pair, use the following command:
+    -   To generate a key pair, use the following command:
 
         ```
         openssl genrsa -out esp_image_encryption_key.pem 3072
         ```
 
-    - Extract the public key from the key pair:
+    -   Extract the public key from the key pair:
         ```
         openssl rsa -in esp_image_encryption_key.pem -pubout -out esp_image_encryption_public_key.pem
         ```
 
-2. Encrypt the application binary using the
-   [esp_enc_img_gen.py](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/tools/esp_enc_img_gen.py)
-   script.
+2.  Encrypt the application binary using the
+    [esp_enc_img_gen.py](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/tools/esp_enc_img_gen.py)
+    script.
 
-    - Use the following command to encrypt the OTA image with the public key:
+    Use the following command to encrypt the OTA image with the public key:
 
-        ```
-        python3 esp_enc_img_gen.py encrypt lighting-app.bin esp_image_encryption_public_key.pem lighting-app-encrypted.bin
-        ```
+    ```
+    python3 esp_enc_img_gen.py encrypt lighting-app.bin esp_image_encryption_public_key.pem lighting-app-encrypted.bin
+    ```
 
-    - Append the Matter OTA header:
-        ```
-        src/app/ota_image_tool.py create --vendor-id 0xFFF1 --product-id 0x8000 --version 2 --version-str "v2.0" -da sha256 lighting-app-encrypted.bin lighting-app-encrypted-ota.bin
-        ```
+    Optionally, you can use the cmake function `create_esp_enc_img()` to encrypt
+    the OTA image during the build process. Please find the usage below. This is
+    also demonstrated in the `examples/lighting-app/esp32/main/CMakeLists.txt`
+    file.
+
+    ```
+    create_esp_enc_img(${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.bin
+                       ${project_dir}/esp_image_encryption_public_key.pem
+                       ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-encrypted.bin
+                       app)
+    ```
+
+3.  Append the Matter OTA header
+
+    ```
+    src/app/ota_image_tool.py create --vendor-id 0xFFF1 --product-id 0x8000 \
+                                     --version 2 --version-str "v2.0" -da sha256 \
+                                     lighting-app-encrypted.bin lighting-app-encrypted-ota.bin
+    ```
 
-3. Use the `lighting-app-encrypted-ota.bin` file with the OTA Provider app.
+4.  Use the `lighting-app-encrypted-ota.bin` file with the OTA Provider app.
 
 ## Delta OTA
 
diff --git a/examples/all-clusters-app/nrfconnect/prj.conf b/examples/all-clusters-app/nrfconnect/prj.conf
@@ -57,3 +57,6 @@ CONFIG_CHIP_ENABLE_READ_CLIENT=y
 
 # Increase the settings partition
 CONFIG_PM_PARTITION_SIZE_SETTINGS_STORAGE=0x8000
+
+# Increase heap size
+CONFIG_CHIP_MALLOC_SYS_HEAP_SIZE=10240
diff --git a/examples/all-clusters-app/nrfconnect/prj_dfu.conf b/examples/all-clusters-app/nrfconnect/prj_dfu.conf
@@ -55,3 +55,6 @@ CONFIG_CHIP_FACTORY_DATA_BUILD=y
 
 # Enable the Read Client for binding purposes
 CONFIG_CHIP_ENABLE_READ_CLIENT=y
+
+# Increase heap size
+CONFIG_CHIP_MALLOC_SYS_HEAP_SIZE=10240
diff --git a/examples/all-clusters-app/nrfconnect/prj_release.conf b/examples/all-clusters-app/nrfconnect/prj_release.conf
@@ -66,3 +66,6 @@ CONFIG_CHIP_ENABLE_READ_CLIENT=y
 # Enable LTO to reduce the flash usage
 CONFIG_LTO=y
 CONFIG_ISR_TABLES_LOCAL_DECLARATION=y
+
+# Increase heap size
+CONFIG_CHIP_MALLOC_SYS_HEAP_SIZE=10240
diff --git a/examples/lighting-app/esp32/main/CMakeLists.txt b/examples/lighting-app/esp32/main/CMakeLists.txt
@@ -82,6 +82,13 @@ target_compile_options(${COMPONENT_LIB} PUBLIC
            "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=<lib/address_resolve/AddressResolve_DefaultImpl.h>"
 )
 
+if (CONFIG_ENABLE_ENCRYPTED_OTA)
+	create_esp_enc_img(${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.bin
+			   ${project_dir}/esp_image_encryption_public_key.pem
+			   ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-encrypted.bin
+			   app)
+endif()
+
 if (CONFIG_ENABLE_PW_RPC)
 
 get_filename_component(CHIP_ROOT ${CMAKE_SOURCE_DIR}/third_party/connectedhomeip REALPATH)
diff --git a/examples/platform/silabs/sensors/AirQuality/AirQualitySensor.cpp b/examples/platform/silabs/sensors/AirQuality/AirQualitySensor.cpp
@@ -22,12 +22,8 @@
 #include <platform/CHIPDeviceLayer.h>
 
 #ifdef USE_SPARKFUN_AIR_QUALITY_SENSOR
-#ifdef __cplusplus
-extern "C" {
-#endif
-#include <sparkfun_sgp40.h>
-}
 #include "sl_i2cspm_instances.h"
+#include <sparkfun_sgp40.h>
 #endif // USE_SPARKFUN_AIR_QUALITY_SENSOR
 
 namespace {
diff --git a/scripts/build/builders/nrf.py b/scripts/build/builders/nrf.py
@@ -220,7 +220,7 @@ def _build(self):
             # Note: running zephyr/zephyr.elf has the same result except it creates
             # a flash.bin in the current directory. ctest has more options and does not
             # pollute the source directory
-            self._Execute(['ctest', '--build-nocmake', '-V', '--output-on-failure', '--test-dir', os.path.join(self.output_dir, 'nrfconnect')],
+            self._Execute(['ctest', '--build-nocmake', '-V', '--output-on-failure', '--test-dir', os.path.join(self.output_dir, 'nrfconnect'), '--no-tests=error'],
                           title='Run Tests ' + self.identifier)
 
     def _bundle(self):
diff --git a/src/credentials/FabricTable.cpp b/src/credentials/FabricTable.cpp
@@ -346,15 +346,17 @@ CHIP_ERROR FabricTable::ValidateIncomingNOCChain(const ByteSpan & noc, const Byt
     ChipLogProgress(FabricProvisioning, "Validating NOC chain");
     CHIP_ERROR err = FabricTable::VerifyCredentials(noc, icac, rcac, validContext, outCompressedFabricId, outFabricId, outNodeId,
                                                     outNocPubkey, &outRootPubkey);
-    if (err != CHIP_NO_ERROR && err != CHIP_ERROR_WRONG_NODE_ID)
-    {
-        err = CHIP_ERROR_UNSUPPORTED_CERT_FORMAT;
-    }
     if (err != CHIP_NO_ERROR)
     {
-        ChipLogError(FabricProvisioning, "Failed NOC chain validation: %" CHIP_ERROR_FORMAT, err.Format());
+        ChipLogError(FabricProvisioning, "Failed NOC chain validation, VerifyCredentials returned: %" CHIP_ERROR_FORMAT,
+                     err.Format());
+
+        if (err != CHIP_ERROR_WRONG_NODE_ID)
+        {
+            err = CHIP_ERROR_UNSUPPORTED_CERT_FORMAT;
+        }
+        return err;
     }
-    ReturnErrorOnFailure(err);
 
     // Validate fabric ID match for cases like UpdateNOC.
     if (existingFabricId != kUndefinedFabricId)
