Categories
IoT Zephyr

Zephyr Weekly Update – Trusted Firmware-M 2.0 integration

Happy Friday, and welcome back for another Zephyr Weekly Update. One of the main highlights this week is certainly the recent upgrade to Trusted Firmware-M 2.0.

On the topic of security, I really encourage everyone to watch our latest Zephyr Tech Talk, if you missed the opportunity to watch it live. Kasia Zalewska did an outstanding job of explaining some of the typical security vulnerabilities in embedded software, and what are some of the tools that can help mitigate them. I really loved the live demo part where she demonstrated a buffer overflow attack, as this really made it easier for me to understand how they can be conducted by an attacker, and how software can be hardened to detect/avoid them.

Update to TF-M 2.0

Trusted Firmware provides a reference implementation of secure software for Cortex-A (TF-A) and Cortex-M (TF-M). You can think of it as a toolbox that provides you with all the libraries and code you need to align with Arm’s latest recommendations and specifications regarding security. To quote the trustedfirmware.org website, “this forms the foundations of a Trusted Execution Environment (TEE) on application processors, or the Secure Processing Environment (SPE) of microcontrollers”.

Trusted Firmware-M v2.0.0 was released at the end of last year and one of the main highlights is its smaller memory footprint, in particular thanks to an update to mbedTLS 3.5.0.

As of this week, Zephyr supports TF-M 2.0.0! (PR #66288)

Socket service API

A new socket service has been introduced. It is somewhat similar to Linux’s inetd in that it allows to have only one thread that listens on a set of blocking sockets, and therefore save memory. When there is activity on one of the sockets, the service calls the appropriate callback (servlet? :)) to do the actual work.

A good starting point to learn more is to look at the newly introduced service-based echo server code sample. And of course, more details can also be found in the pull request, PR #66758.

Boards & SoCs

  • The FK7B0M1-VBT6 board by FANKE Technology features an STM32H7B0VBT6 (Cortex-M7) running at up to 280 MHz, 128 KB of Flash (plus 2×8 MB external Flash), and 1.4 MB of SRAM. It can be sourced for about $30 on AliExpress, and is now supported in Zephyr! (PR #65441)
M5Stack AtomS3 Lite
  • I am always really excited to see new hardware from M5Stack supported in Zephyr. This week, it’s the M5Stack AtomS3 Lite 🙂 It’s a device based on an ESP32S3 that’s about the size of a quarter, and that includes just about enough for simple prototyping: a push button, a few pins exposed through an expansion header, and even a mounting hole. (PR #67084)
  • It’s great to see new options for using Bluetooth in Zephyr, this time with the X-NUCLEO-BNRG2A1 shield for STM32 boards. The shield uses a BlueNRG-M2SP application processor module based on the ST BlueNRG-2 System-on-Chip. (PR #67381)

SoC driver updates

  • Voltage control support has been added to the Renesas PFC (pin fonction controller) driver. (PR #66881)
  • New i.MX RGPIO (Rapid GPIO) driver. If you are using the NXP i.MX93 EVK board, it’s already been updated to use this new driver. (PR #62622)

General drivers

  • The NXP DMIC (digital microphone) is a PDM-to-PCM converter intended for use with MEMS microphones. It supports up to 8 channels (or 4 L/R channel pairs) and now has a proper DMIC driver in Zephyr (nxp,dmic compatible). (PR #66448)
  • The existing driver for the PCF8574 8-channel I/O expander has been reworked to now support PCF8575 as well, which is the 16-channel variant (new binding is nxp,pcf857x). (PR #67054)
  • New UART shim for Nordic’s UARTE (UART with EasyDMA) driver. (PR #65155)
  • When using cellular modems, handling of the AT+CESQ AT command for retrieving extending signal quality information has been implemented for U-blox SARA-R5 modem. (PR #67025)

Miscellaneous

  • New DT_IRQ_INTC() and DT_IRQ_INTC_BY_NAME() macros allow to retrieve the interrupt controller associated to a given interrupt specifier Devicetree node. (PR #66707)
  • New kernel APIs added to start and resume a CPU when running in an SMP environment: k_smp_cpu_start() and k_smp_cpu_resume(). (PR #64755)
  • A new net_hostname_set() API allows to set the device hostname at runtime. (PR #67439)
  • It is now possible to do runtime filtering of log messages (it used to be compile-time only) for a log frontend. (PR #67107)
  • New net_buf_data_match() helper function to compare data with the contents of a network buffer. (PR #66757)
  • Added support for SO_DOMAIN socket option. (#67618)
  • New available POSIX APIs:
    • sched_getparam()
    • sched_getscheduler()

A big thank you to the 9 individuals who had their first pull request accepted this week, 💙 🙌: @gzzi, @toonst, @laurin, @VitekST, @amrithvenkat, @shenyi97, @MirkoCovizzi, @mschappa, and @lopsided98.

As always, I very much welcome your thoughts and feedback in the comments below!

If you enjoyed this article, don’t forget to subscribe to this blog to be notified of upcoming publications! And of course, you can also always find me on Twitter and Mastodon.

Catch up on all previous issues of the Zephyr Weekly Update:

Categories
IoT Zephyr

Zephyr Weekly Update – zspdx is getting some love

The Zephyr community is definitely back to full-speed after the short holiday break, and I feel like I really need to re-think the format of these weekly updates so that I can be more efficient in putting them together, while still providing you with more insights than what you’d get from just looking at the git log! Anyways, that’s an implementation detail, and you’re probably here for this week’s update, and not for reading my random thoughts 🙂

A new script to help you migrate boards to v2 model

Last week, I mentioned how Zephyr is transitioning to a new, better, model to describe SoCs and boards. To help with this transition, Gerard Marull has released a script that assists with migrating a group of boards to the new model. (PR #67423)

SBOM generation improvements

Thanks to PR #66182 by Thomas Gagneret, the modules that are composing a Zephyr application are now properly captured as actual packages when generating the SBOM (Software Bill of Materials) files.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
##### Package: mbedtls
 
PackageName: mbedtls
SPDXID: SPDXRef-mbedtls-sources
PackageDownloadLocation: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageLicenseInfoFromFiles: Apache-2.0
FilesAnalyzed: true
PackageVerificationCode: 53b2e7743712704ce9b05f8e17bc4eaba8776ddd
 
FileName: ./library/aes.c
SPDXID: SPDXRef-File-aes.c
FileChecksum: SHA1: ff7a9b66046c0de1a36bcd7c09a2307fb860aeb4
FileChecksum: SHA256: 5915d2544f3b93ed37f88a22b2d2e795447267119b553619231b75d83457679a
LicenseConcluded: Apache-2.0
LicenseInfoInFile: Apache-2.0
FileCopyrightText: NOASSERTION
 
...

As a reminder, generating the SBOM files for a Zephyr build, and therefore capturing the fingerprint of all the source files ending up in your application so that you can better assess if you’re impacted by software vulnerabilities further down the road, is something you can do in just a few lines.

New documentation pages

There’s been several substantial and most welcome additions made to the following areas of the documentation:

  • A new network configuration guide walks you through the multiple Kconfig options that are available to you to configure your network stack, from buffers sizes to fine-tuning TCP options or configuring the TLS stack. Thank you Jukka for all the work on this one!
  • Users of the CANbus subsystem will be happy to now have a complete reference for the can shell command. Thanks, Brix!
  • Now that we have a gpio-kbd-matrix driver available, Fabio wrote a super detailed cheatsheet for all the various options it offers depending on the actual layout and wiring of your keyboards, and the hardware capabilities of your GPIO controller.
  • In order to help navigate what kind of emulators/simulators are available to you, there is some great and steady progress being made to the Zephyr’s device emulators/simulators page, so I definitely encourage you to check it out to catch up on some of the things you probaby didn’t know existed 🙂

Boards & SoCs

  • A new variant of the Panasonic PAN1783A, the PAN1783A-PA, has been added (PR #66620)
  • The Seeed Studio LoRa-E5 mini from Seeed Studio is a LoRa devkit with a pretty small form factor, and based on STM32WLE5JC MCU. (PR #64279)
  • The Kincony KC868-A32 board features 32 relays that can be used for home automation scenarios, as they’re rated for 220V/10A. What I find interesting with this board is that it has a Devicetree that can actually be an interesting reference for anyone interested in understanding how to configure an I/O expander (a PCF8574 in this particular case). (PR #66404)

SoC driver updates

  • Support for FlexCAN added on NXP UCANS32K1SIC. (PR #67006)

General drivers

  • Fabio describes it as the “last installment (maybe) of the general purpose input drivers” :), this week a new analog axis input driver has been added to allow to map values read on an ADC channel to changes on an input axis.
    The driver offers several configuration options such as calibrating min/max readings corresponding to the two ends of the axis, of course, but also setting a deadzone (don’t report changes when axis is mostly in the center of the range), etc. (PR #66600)
  • Similar to the keyboard matrix driver, the gpio-keys driver can now be used in “polling” mode, in order to easily configure GPIO input keys even when the port doesn’t support interrupts (or you’re simply out of interrupts in your interrupt controller…). (PR #67208)
  • A new driver zephyr,w1-gpio driver allows to use any GPIO as a 1-Wire master, using bit-banging. (PR #65948)
  • The Bosch BMA4xx series of accelerometers is now supported. (PR #66242)
  • A new driver has been added for controlling WS2812 LED strips on RP2040 (Raspberry Pi Pico), using the PIO (Programmable Input Output) framework. It’s really funny to see how concise PIO programs typically are. (PR #55226)
  • MAX20355 regulator now supports “ship mode”, i.e. turning the PMIC off. (PR #67222)

Miscellaneous

  • A new ztest shell command allows to run test suites and individual test cases directly from the Zephyr shell — neat! (PR #58374)
  • A new riscv32_virtual board, emulated with Renode, can be used as an alternative to qemu for testing RISC-V 32 applications.
  • Bluetooth Public Broadcast Profile (PBP) API and implementations are now available, allowing sources to allows sources to create a Public Broadcast Announcement, as well as parse Public Broadcast Announcements.
    The issue to add PBP support to Zephyr was opened over two years ago, so it is great to see this finally land! (PR #60777)
  • Events related to access point mode are now exposed by the Wi-Fi manager, and you can better feedback on e.g. why an AP enable operation failed. (PR #67015)
  • New available POSIX APIs:
    • sem_open(), sem_unlink() & sem_close()
    • sigprocmask()
    • clock_getcpuclockid()

A big thank you to the 11 individuals who had their first pull request accepted this week, 💙 🙌: @andreeaDumitrache, @pamolloy, @ssnover, @RICCIARDI-Adrien, @jkandasa, @hcd-bdltd, @LukaszMadejGrinn, @walzsi, @Jonathan-Hamberg, @tgagneret-embedded, and @jzipperer-fb.

As always, I very much welcome your thoughts and feedback in the comments below!

If you enjoyed this article, don’t forget to subscribe to this blog to be notified of upcoming publications! And of course, you can also always find me on Twitter and Mastodon.

Catch up on all previous issues of the Zephyr Weekly Update:

Categories
IoT Zephyr

Zephyr Weekly Update – Kicking off 2024!

Happy New Year, everyone! 🎆 Before jumping into everything that happened in Zephyr land over the holiday break, I want to remind everyone that the deadline to submit a talk to Zephyr Developer Summit 2024 will be approaching really fast. You have until Sunday, January 14 to propose a talk, so don’t wait too long!

Working towards a new model for describing boards and SoCs

As Zephyr starts supporting more and more architectures, flavours of SoCs, and actual boards ; and as said boards become increasingly rich (e.g. it’s pretty common to find multiple SoCs on a single “board”), the way things are being described in the current Zephyr implementation is starting to show its limits. After several months of discussions and prototyping, a new way to describe SoCs and boards is being proposed.

I am really looking forward to how the new model will make adding a new SoC/board to Zephyr much easier (i.e. less files to touch), and how this will also enable better tooling, in particular from a documentation point of view (ex. quickly get a list of all the supported boards for a given SoC).

A new collaboration branch, collab-hwm, has been added to the Git repository, and you are invited to test things out and provide feedback. “v2” boards and SoCs are co-existing for now, but the goal will be that all existing ones eventually migrate to the new model.

Refreshing our Code of Conduct

It is worth mentioning that an update has recently been made to the project’s Code of Conduct.

Zephyr is using the Contributor Covenant as a template for its code of conduct, and the version we were using was several years old, and the recent update provides, among other things, improved guidelines regarding what may be the consequences for actions deemed in violation of the Code of Conduct.

Boards & SoCs

  • The Adafruit QT PY RP2040 is a tiny board featuring a—you guessed it—RP2040 SoC, alongside an RGB NeoPixel, a USB connector, as well as a STEMMA QT connector. It is now supported in Zephyr thanks to PR #66603 and a first contribution from Ian Wakely (@raveious).
WIZnet W5500-EVB-Pico

SoC driver updates

  • ADC support has been added for Nuvoton numaker. (PR #66642)
  • hwinfo driver added for Smartbond platforms, enabling access to the reset cause using the standard hwinfo_get_reset_cause() Zephyr API. (PR #64125)
  • On ESP32, the Bluetooth driver now exposes the close() API, making it possible to properly close/disable the Bluetooth controller. (PR #66693)
  • New clock controller driver for Raspberry Pi Pico. (PR #62186)
  • BLE support using HCI has been added to ST STM32WBA SoC series (PR #66181). Worth noting that for now BLE is only compatible with the nucleo_wba55cg board.
  • Added Ambiq HCI driver for Apollo4 Blue Plus. (PR #66227)
  • Added support interrupt-driven UART mode for Renesas RA series. (PR #65775)

General drivers

  • Initial support has been added for the popular DWC2 USB 2.0 controller. (PR #64943)
  • New generic retained memory driver for retained registers (see zephyr,retained-reg compatible and PR #66992).
  • New Cadence SDHC driver (PR #64036)

Input subsystem

  • When running on the native simulator target, it is now possible to tap into the events generated by an evdev device on the host, and have them be automatically injected in your app as regular Zephyr input events.
    The documentation of the new zephyr,native-linux-evdev binding shows how simple it is to add one or more “evdev” nodes in your Devicetree, and later map them to actual evdev devices (as found in your /dev/input/ directory) when you run the application. (PR #66353)
  • GPIO keys driver now properly supports power management. When suspended, all the button GPIOs and interrupts are disabled. (PR #66582)

Miscellaneous

  • In order to automatically compute the minimal heap size that is (theoretically) needed for a given application to work, a new mechanism allows each subsystem to indicate how much heap size they need.
    The sum of each specified heap size requirement is then computed at build time (K_HEAP_MEM_POOL_SIZE), and used to actually set the size of the heap memory pool.
    The legacy CONFIG_HEAP_MEM_POOL_SIZE Kconfig may still be used but if it happens to be less than the computed K_HEAP_MEM_POOL_SIZE, the latter will be used and a build warning will inform you that the heap size you were trying to set manually is (theoretically at least) too small. If you know what you’re doing and want to force a manual override, you may set the Kconfig CONFIG_HEAP_MEM_POOL_IGNORE_MIN.
  • New GDB stub available for AArch32 (only tested/available on Cortex-A for now). (PR #58067)
  • Bluetooth Common Audio Profile (CAP) Commander discovery function has been implemented. (PR #64852)
  • Bluetooth Mesh publications are now randomly delayed to better follow a recommendation in the specification. (PR ##66498)
  • When using the net stats shell command to get statistics about an Ethernet interface, more details are now being output. (PR #66680)
  • New available POSIX APIs:
    • pthread_getguardsize()
    • pthread_setguardsize()

A big thank you to the 19 individuals who had their first pull request accepted since the last post, 💙 🙌: @tlissows, @raveious, @jrsa, @manuel-loew-infineon, @moonlight83340, @TomChang19, @gdb3-ampaworks, @TomasGalbickaNXP, @gumulka, @Manu3l0us, @Songjf-ttk, @rvoell-gcx, @Ryanjwoodward, @tomi-font, @Marquichou, @roymurlidhar, @javlands, @WilliamLeara, and @michal-smola.

As always, I very much welcome your thoughts and feedback in the comments below!

If you enjoyed this article, don’t forget to subscribe to this blog to be notified of upcoming publications! And of course, you can also always find me on Twitter and Mastodon.

Catch up on all previous issues of the Zephyr Weekly Update: