LipinskiPNordicSemi
diff --git a/‎.github/workflows/examples-openiotsdk.yaml
+31-1 b/‎.github/workflows/examples-openiotsdk.yaml
+31-1
diff --git a/‎config/openiotsdk/CMakeLists.txt
+1 b/‎config/openiotsdk/CMakeLists.txt
+1
diff --git a/‎config/openiotsdk/cmake/chip.cmake
+1 b/‎config/openiotsdk/cmake/chip.cmake
+1
diff --git a/‎config/openiotsdk/cmake/sdk.cmake
+36 b/‎config/openiotsdk/cmake/sdk.cmake
+36
diff --git a/‎docs/guides/README.md
+1 b/‎docs/guides/README.md
+1
diff --git a/‎docs/guides/openiotsdk_examples.md
+46-1 b/‎docs/guides/openiotsdk_examples.md
+46-1
@@ -49,7 +49,7 @@ jobs:
             - name: Checkout submodules & Bootstrap
               uses: ./.github/actions/checkout-submodules-and-bootstrap
               with:
-                platform: openiotsdk
+                platform: openiotsdk linux
                 extra-submodule-parameters: " --recursive"
 
             - name: Set up environment for size reports
@@ -101,11 +101,28 @@ jobs:
                     examples/all-clusters-app/openiotsdk/build/chip-openiotsdk-all-clusters-app-example.elf \
                     /tmp/bloat_reports/
 
+            - name: Build ota-requestor-app example
+              id: build_ota_requestor_app
+              timeout-minutes: 10
+              run: |
+                  scripts/examples/openiotsdk_example.sh -v 1 -V 0.0.1 ota-requestor-app
+                  .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \
+                    openiotsdk release ota-requestor-app \
+                    examples/ota-requestor-app/openiotsdk/build/chip-openiotsdk-ota-requestor-app-example.elf \
+                    /tmp/bloat_reports/
+
             - name: Build unit tests (mbedtls)
               id: build_unit_tests_mbedtls
               run: |
                   scripts/examples/openiotsdk_example.sh -b mbedtls unit-tests
 
+            - name: Build the OTA provider (Linux)
+              id: build_ota_provider_app
+              if: steps.build_ota_requestor_app.outcome == 'success'
+              timeout-minutes: 10
+              run: |
+                  scripts/examples/gn_build_example.sh examples/ota-provider-app/linux/ out/ota-provider chip_config_network_layer_ble=false
+
             - name: "Test: shell example"
               if: steps.build_shell.outcome == 'success'
               run: |
@@ -138,6 +155,19 @@ jobs:
                     'scripts/run_in_ns.sh ${TEST_NETWORK_NAME}ns scripts/examples/openiotsdk_example.sh --no-activate -C test -n ${TEST_NETWORK_NAME}tap all-clusters-app'
                   scripts/setup/openiotsdk/network_setup.sh -n $TEST_NETWORK_NAME down
 
+            - name: "Test: ota-requestor-app example"
+              if: steps.build_ota_requestor_app.outcome == 'success' && steps.build_ota_provider_app.outcome == 'success'
+              timeout-minutes: 30
+              run: |
+                  mkdir out/binaries
+                  cp examples/ota-requestor-app/openiotsdk/build/chip-openiotsdk-ota-requestor-app-example.elf out/binaries/
+                  scripts/examples/openiotsdk_example.sh -c -v 2 -V 0.0.2 ota-requestor-app
+                  cp examples/ota-requestor-app/openiotsdk/build/chip-openiotsdk-ota-requestor-app-example.ota out/binaries/
+                  scripts/setup/openiotsdk/network_setup.sh -n $TEST_NETWORK_NAME up
+                  scripts/run_in_python_env.sh out/venv \
+                    'scripts/run_in_ns.sh ${TEST_NETWORK_NAME}ns scripts/examples/openiotsdk_example.sh --no-activate -p out/binaries -v 2 -V 0.0.2 -C test -n ${TEST_NETWORK_NAME}tap ota-requestor-app'
+                  scripts/setup/openiotsdk/network_setup.sh -n $TEST_NETWORK_NAME down
+
             - name: "Test: unit-tests (mbedtls)"
               if: steps.build_unit_tests_mbedtls.outcome == 'success'
               run: |
 
@@ -64,6 +64,7 @@ matter_add_gn_arg_bool  ("chip_error_logging"                   CONFIG_CHIP_ERRO
 matter_add_gn_arg_string("chip_crypto"                          "${CONFIG_CHIP_CRYPTO}")
 matter_add_gn_arg_string("chip_openiotsdk_software_version"           "${CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION}")
 matter_add_gn_arg_string("chip_openiotsdk_software_version_string"    "${CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION_STRING}")
+matter_add_gn_arg_bool  ("chip_enable_ota_requestor"            CONFIG_CHIP_OPEN_IOT_SDK_OTA_ENABLE)
 if (TARGET cmsis-rtos-api)
     matter_add_gn_arg_string("target_os"                        "cmsis-rtos")
 endif()
 
@@ -35,6 +35,7 @@ set(CONFIG_CHIP_ERROR_LOGGING YES CACHE BOOL "Enable logging at error level")
 set(CONFIG_CHIP_CRYPTO "mbedtls" CACHE STRING "Matter crypto backend. Mbedtls as default")
 set(CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION "0" CACHE STRING "Software version number")
 set(CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION_STRING ${TFM_NS_APP_VERSION} CACHE STRING "Software version in string format x.x.x")
+set(CONFIG_CHIP_OPEN_IOT_SDK_OTA_ENABLE NO CACHE BOOL "Enable OTA support")
 set(CONFIG_GN_DEPENDENCIES "")
 
 if (${CMAKE_BUILD_TYPE} STREQUAL "Debug")
 
@@ -300,6 +300,42 @@ function(sdk_post_build target)
         VERBATIM
     )
     iotsdk_tf_m_merge_images(${target} 0x10000000 0x38000000 0x28060000)
+if(CONFIG_CHIP_OPEN_IOT_SDK_OTA_ENABLE)
+    add_custom_command(
+        TARGET
+            ${target}
+        POST_BUILD
+        DEPENDS
+            $<TARGET_FILE_DIR:${target}>/${target}.bin
+        COMMAND
+            # Sign the update image
+            python3 ${BINARY_DIR}/install/image_signing/scripts/wrapper/wrapper.py
+                --layout ${BINARY_DIR}/install/image_signing/layout_files/signing_layout_ns.o
+                -v ${MCUBOOT_IMAGE_VERSION_NS}
+                -k ${BINARY_DIR}/install/image_signing/keys/root-RSA-3072_1.pem
+                --public-key-format full
+                --align 1 --pad-header -H 0x400 -s auto -d "(0, 0.0.0+0)"
+                $<TARGET_FILE_DIR:${target}>/${target}.bin
+                --overwrite-only
+                --measured-boot-record
+                $<TARGET_FILE_DIR:${target}>/${target}_signed.ota
+        COMMAND
+            # Create OTA udpate file
+            ${CHIP_ROOT}/src/app/ota_image_tool.py
+                create
+                -v 0xfff1 -p 0x8001
+                -vn ${CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION}
+                -vs "${CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION_STRING}"
+                -da sha256
+                $<TARGET_FILE_DIR:${target}>/${target}_signed.ota
+                $<TARGET_FILE_DIR:${target}>/${APP_NAME}.ota
+        # Cleanup
+        COMMAND rm
+        ARGS -Rf
+                $<TARGET_FILE_DIR:${target}>/${target}_signed.ota
+        VERBATIM
+    )
+endif()
     # Cleanup
     add_custom_command(
         TARGET
 
@@ -27,6 +27,7 @@
 -   [Open IoT SDK - Examples](./openiotsdk_examples.md)
 -   [Open IoT SDK - Unit Tests](./openiotsdk_unit_tests.md)
 -   [Open IoT SDK - Commissioning](./openiotsdk_commissioning.md)
+-   [Open IoT SDK - Software Update](./openiotsdk_examples_software_update.md)
 
 ## Development Guides
 
 
@@ -12,6 +12,7 @@ shell
 lock-app
 tv-app
 all-clusters-app
+ota-requestor-app
 ```
 
 You can use these examples as a reference for creating your own applications.
@@ -291,7 +292,20 @@ Processing Environment (`NSPE`). The bootloader and the secure part are also
 built from `TF-M` sources. All components are merged into a single executable
 file at the end of the building process.
 
-You can also provide the own version of Matter example by setting
+The project-specific configuration of `TF-M` can be provide by defining its own
+header file for `TF-M` config and passing the path to it via the
+`TFM_PROJECT_CONFIG_HEADER_FILE` variable.
+
+```
+set(TFM_PROJECT_CONFIG_HEADER_FILE "${CMAKE_CURRENT_SOURCE_DIR}/tf-m-config/TfmProjectConfig.h")
+```
+
+If the project-specific configuration is not provided the base `TF-M` settings
+are used
+[config_base.h](https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/config/config_base.h).
+It can be used as a pattern for the custom configuration header.
+
+You can also provide your own version of a Matter example by setting the
 `TFM_NS_APP_VERSION` variable.
 
 ```
@@ -365,6 +379,37 @@ cmake -G <...> -DCONFIG_CHIP_CRYPTO=<mbedtls | psa> <...>
 > The `TF-M PSA crypto` option requires enabling [TF-M](#trusted-firmware-m)
 > support.
 
+### Device Firmware Update
+
+Device Firmware Update (`DFU`) can be enabled in the application by setting the
+`CONFIG_CHIP_OPEN_IOT_SDK_OTA_ENABLE` variable:
+
+```
+set(CONFIG_CHIP_OPEN_IOT_SDK_OTA_ENABLE YES)
+```
+
+This provides the proper service for Matter's `OTA Requestor` cluster. The
+[TF-M Firmware Update Service](https://arm-software.github.io/psa-api/fwu/1.0/)
+is the backend for all firmware update operations. The `DFU Manager` module is
+attached to the application and allows full usage of the `OTA Requestor`
+cluster.
+
+You can also provide your own version of the Matter example to the Matter stack
+by setting `CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION` and
+`CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION_STRING` variables.
+
+```
+set(CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION "1")
+set(CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION_STRING "0.0.1")
+```
+
+The default value for `CONFIG_CHIP_OPEN_IOT_SDK_SOFTWARE_VERSION_STRING` is set
+to `TFM_NS_APP_VERSION`.
+
+> 💡 **Notes**:
+>
+> The `DFU` option requires enabling [TF-M](#trusted-firmware-m) support.
+
 ## Building
 
 You can build examples using the dedicated VSCode task or by calling directly