Merge branch 'project-chip:master' into TC-CC-2_1

Author: jtrejoespinoza-grid

.github/workflows/chef.yaml

@@ -51,6 +51,28 @@ jobs:
               run: |
                   ./scripts/run_in_build_env.sh "./examples/chef/chef.py --ci -t linux"
 
+    chef_linux_all_devices:
+        name: Chef - Linux CI Examples (All chef devices)
+        timeout-minutes: 60
+        runs-on: ubuntu-latest
+        if: github.actor != 'restyled-io[bot]'
+
+        container:
+            image: ghcr.io/project-chip/chip-build:119
+            options: --user root
+
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v4
+            - name: Checkout submodules & Bootstrap
+              uses: ./.github/actions/checkout-submodules-and-bootstrap
+              with:
+                platform: linux
+            - name: CI Examples Linux
+              shell: bash
+              run: |
+                  ./scripts/run_in_build_env.sh "./examples/chef/chef.py --ci_linux"
+
     chef_esp32:
         name: Chef - ESP32 CI Examples
         runs-on: ubuntu-latest

.github/workflows/darwin.yaml

@@ -116,11 +116,10 @@ jobs:
 
                   export TEST_RUNNER_ASAN_OPTIONS=__CURRENT_VALUE__:detect_stack_use_after_return=1
 
-                  # Disable BLE (CHIP_IS_BLE=NO) because the app does not have the permission to use it and that may crash the CI.
                   xcodebuild test -target "Matter" -scheme "Matter Framework Tests" \
                     -resultBundlePath /tmp/darwin/framework-tests/TestResults.xcresult \
                     -sdk macosx ${{ matrix.options.arguments }} \
-                    CHIP_IS_BLE=NO GCC_PREPROCESSOR_DEFINITIONS='${inherited} ${{ matrix.options.defines }}' \
+                    GCC_PREPROCESSOR_DEFINITIONS='${inherited} ${{ matrix.options.defines }}' \
                     > >(tee /tmp/darwin/framework-tests/darwin-tests.log) 2> >(tee /tmp/darwin/framework-tests/darwin-tests-err.log >&2)
             - name: Generate Summary
               if: always()

BUILD.gn

@@ -394,9 +394,9 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") {
     enable_linux_rvc_app_build =
         enable_default_builds && (host_os == "linux" || host_os == "mac")
 
+    # TODO: #37983: Add darwin support for libdatachannel and then add host_os == "mac" here.
     # Build the Linux Camera app example.
-    enable_linux_camera_app_build =
-        enable_default_builds && (host_os == "linux" || host_os == "mac")
+    enable_linux_camera_app_build = enable_default_builds && host_os == "linux"
 
     # Build the cc13x2x7_26x2x7 lock app example.
     enable_cc13x2x7_26x2x7_lock_app_build = enable_ti_simplelink_builds

config/esp32/components/chip/CMakeLists.txt

@@ -444,6 +444,10 @@ if (CONFIG_SEC_CERT_DAC_PROVIDER)
     list(APPEND matter_requires espressif__esp_secure_cert_mgr)
 endif()
 
+if (CONFIG_ENABLE_ENCRYPTED_OTA)
+    list(APPEND matter_requires espressif__esp_encrypted_img)
+endif()
+
 add_prebuilt_library(matterlib "${CMAKE_CURRENT_BINARY_DIR}/lib/libCHIP.a"
                      REQUIRES ${matter_requires})
 

config/esp32/components/chip/idf_component.yml

@@ -11,7 +11,7 @@ dependencies:
             - if: "idf_version >=4.3"
 
     espressif/esp_encrypted_img:
-        version: "2.1.0"
+        version: "2.3.0"
         require: public
         rules:
             - if: "idf_version >=4.4"

docs/platforms/esp32/ota.md

@@ -92,35 +92,50 @@ image can be encrypted/decrypted using an RSA-3072 key pair.
 
 Please follow the steps below to generate an application image for OTA upgrades:
 
-1. Generate a new RSA-3072 key pair or use an existing one.
+1.  Generate a new RSA-3072 key pair or use an existing one.
 
-    - To generate a key pair, use the following command:
+    -   To generate a key pair, use the following command:
 
         ```
         openssl genrsa -out esp_image_encryption_key.pem 3072
         ```
 
-    - Extract the public key from the key pair:
+    -   Extract the public key from the key pair:
         ```
         openssl rsa -in esp_image_encryption_key.pem -pubout -out esp_image_encryption_public_key.pem
         ```
 
-2. Encrypt the application binary using the
-   [esp_enc_img_gen.py](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/tools/esp_enc_img_gen.py)
-   script.
+2.  Encrypt the application binary using the
+    [esp_enc_img_gen.py](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/tools/esp_enc_img_gen.py)
+    script.
 
-    - Use the following command to encrypt the OTA image with the public key:
+    Use the following command to encrypt the OTA image with the public key:
 
-        ```
-        python3 esp_enc_img_gen.py encrypt lighting-app.bin esp_image_encryption_public_key.pem lighting-app-encrypted.bin
-        ```
+    ```
+    python3 esp_enc_img_gen.py encrypt lighting-app.bin esp_image_encryption_public_key.pem lighting-app-encrypted.bin
+    ```
 
-    - Append the Matter OTA header:
-        ```
-        src/app/ota_image_tool.py create --vendor-id 0xFFF1 --product-id 0x8000 --version 2 --version-str "v2.0" -da sha256 lighting-app-encrypted.bin lighting-app-encrypted-ota.bin
-        ```
+    Optionally, you can use the cmake function `create_esp_enc_img()` to encrypt
+    the OTA image during the build process. Please find the usage below. This is
+    also demonstrated in the `examples/lighting-app/esp32/main/CMakeLists.txt`
+    file.
+
+    ```
+    create_esp_enc_img(${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}.bin
+                       ${project_dir}/esp_image_encryption_public_key.pem
+                       ${CMAKE_BINARY_DIR}/${CMAKE_PROJECT_NAME}-encrypted.bin
+                       app)
+    ```
+
+3.  Append the Matter OTA header
+
+    ```
+    src/app/ota_image_tool.py create --vendor-id 0xFFF1 --product-id 0x8000 \
+                                     --version 2 --version-str "v2.0" -da sha256 \
+                                     lighting-app-encrypted.bin lighting-app-encrypted-ota.bin
+    ```
 
-3. Use the `lighting-app-encrypted-ota.bin` file with the OTA Provider app.
+4.  Use the `lighting-app-encrypted-ota.bin` file with the OTA Provider app.
 
 ## Delta OTA
 

examples/all-clusters-app/nrfconnect/prj.conf

@@ -57,3 +57,6 @@ CONFIG_CHIP_ENABLE_READ_CLIENT=y
 
 # Increase the settings partition
 CONFIG_PM_PARTITION_SIZE_SETTINGS_STORAGE=0x8000
+
+# Increase heap size
+CONFIG_CHIP_MALLOC_SYS_HEAP_SIZE=10240

examples/all-clusters-app/nrfconnect/prj_dfu.conf

@@ -55,3 +55,6 @@ CONFIG_CHIP_FACTORY_DATA_BUILD=y
 
 # Enable the Read Client for binding purposes
 CONFIG_CHIP_ENABLE_READ_CLIENT=y
+
+# Increase heap size
+CONFIG_CHIP_MALLOC_SYS_HEAP_SIZE=10240

examples/all-clusters-app/nrfconnect/prj_release.conf

@@ -66,3 +66,6 @@ CONFIG_CHIP_ENABLE_READ_CLIENT=y
 # Enable LTO to reduce the flash usage
 CONFIG_LTO=y
 CONFIG_ISR_TABLES_LOCAL_DECLARATION=y
+
+# Increase heap size
+CONFIG_CHIP_MALLOC_SYS_HEAP_SIZE=10240

examples/camera-app/camera-common/camera-app.matter

@@ -2119,6 +2119,121 @@ cluster UserLabel = 65 {
   readonly attribute int16u clusterRevision = 65533;
 }
 
+/** The WebRTC transport provider cluster provides a way for stream providers (e.g. Cameras) to stream or receive their data through WebRTC. */
+provisional cluster WebRTCTransportProvider = 1363 {
+  revision 1;
+
+  enum StreamUsageEnum : enum8 {
+    kInternal = 0;
+    kRecording = 1;
+    kAnalysis = 2;
+    kLiveView = 3;
+  }
+
+  enum WebRTCEndReasonEnum : enum8 {
+    kIceFailed = 0;
+    kIceTimeout = 1;
+    kUserHangup = 2;
+    kUserBusy = 3;
+    kReplaced = 4;
+    kNoUserMedia = 5;
+    kInviteTimeout = 6;
+    kAnsweredElsewhere = 7;
+    kOutOfResources = 8;
+    kMediaTimeout = 9;
+    kLowPower = 10;
+    kUnknownReason = 11;
+  }
+
+  bitmap WebRTCMetadataOptionsBitmap : bitmap8 {
+    kDataTLV = 0x1;
+  }
+
+  struct ICEServerStruct {
+    char_string urls[] = 1;
+    optional char_string username = 2;
+    optional char_string credential = 3;
+    optional int16u caid = 4;
+  }
+
+  fabric_scoped struct WebRTCSessionStruct {
+    int16u id = 1;
+    node_id peerNodeID = 2;
+    StreamUsageEnum streamUsage = 3;
+    nullable int16u videoStreamID = 4;
+    nullable int16u audioStreamID = 5;
+    WebRTCMetadataOptionsBitmap metadataOptions = 6;
+    fabric_idx fabricIndex = 254;
+  }
+
+  readonly attribute access(read: manage) WebRTCSessionStruct currentSessions[] = 0;
+  readonly attribute command_id generatedCommandList[] = 65528;
+  readonly attribute command_id acceptedCommandList[] = 65529;
+  readonly attribute event_id eventList[] = 65530;
+  readonly attribute attrib_id attributeList[] = 65531;
+  readonly attribute bitmap32 featureMap = 65532;
+  readonly attribute int16u clusterRevision = 65533;
+
+  request struct SolicitOfferRequest {
+    StreamUsageEnum streamUsage = 0;
+    optional nullable int16u videoStreamID = 1;
+    optional nullable int16u audioStreamID = 2;
+    optional ICEServerStruct ICEServers[] = 3;
+    optional char_string ICETransportPolicy = 4;
+    optional WebRTCMetadataOptionsBitmap metadataOptions = 5;
+  }
+
+  response struct SolicitOfferResponse = 2 {
+    int16u webRTCSessionID = 0;
+    boolean deferredOffer = 1;
+    optional nullable int16u videoStreamID = 2;
+    optional nullable int16u audioStreamID = 3;
+  }
+
+  request struct ProvideOfferRequest {
+    nullable int16u webRTCSessionID = 0;
+    char_string sdp = 1;
+    StreamUsageEnum streamUsage = 2;
+    optional nullable int16u videoStreamID = 3;
+    optional nullable int16u audioStreamID = 4;
+    optional ICEServerStruct ICEServers[] = 5;
+    optional char_string ICETransportPolicy = 6;
+    optional WebRTCMetadataOptionsBitmap metadataOptions = 7;
+  }
+
+  response struct ProvideOfferResponse = 4 {
+    int16u webRTCSessionID = 0;
+    optional nullable int16u videoStreamID = 1;
+    optional nullable int16u audioStreamID = 2;
+  }
+
+  request struct ProvideAnswerRequest {
+    int16u webRTCSessionID = 0;
+    char_string sdp = 1;
+  }
+
+  request struct ProvideICECandidatesRequest {
+    int16u webRTCSessionID = 0;
+    char_string ICECandidates[] = 1;
+  }
+
+  request struct EndSessionRequest {
+    int16u webRTCSessionID = 0;
+    WebRTCEndReasonEnum reason = 1;
+  }
+
+  /** Requests that the Provider initiates a new session with the Offer / Answer flow in a way that allows for options to be passed and work with devices needing the standby flow. */
+  fabric command SolicitOffer(SolicitOfferRequest): SolicitOfferResponse = 1;
+  /** This command allows an SDP Offer to be set and start a new session. */
+  fabric command ProvideOffer(ProvideOfferRequest): ProvideOfferResponse = 3;
+  /** This command SHALL be initiated from a Node in response to an Offer that was previously received from a remote peer. */
+  fabric command ProvideAnswer(ProvideAnswerRequest): DefaultSuccess = 5;
+  /** This command allows for string based https://rfc-editor.org/rfc/rfc8839#section-5.1 generated after the initial Offer / Answer exchange, via a JSEP https://datatracker.ietf.org/doc/html/rfc9429#section-4.1.20 event, a DOM https://www.w3.org/TR/webrtc/#dom-rtcpeerconnectioniceevent event, or other WebRTC compliant implementations, to be added to a session during the gathering phase. */
+  fabric command ProvideICECandidates(ProvideICECandidatesRequest): DefaultSuccess = 6;
+  /** This command instructs the stream provider to end the WebRTC session. */
+  fabric command EndSession(EndSessionRequest): DefaultSuccess = 7;
+}
+
 /** This cluster provides facilities to configure and play Chime sounds, such as those used in a doorbell. */
 provisional cluster Chime = 1366 {
   revision 1;
@@ -2581,6 +2696,23 @@ endpoint 1 {
     handle command SetDefaultNTP;
   }
 
+  server cluster WebRTCTransportProvider {
+    callback attribute currentSessions;
+    callback attribute generatedCommandList;
+    callback attribute acceptedCommandList;
+    callback attribute attributeList;
+    ram      attribute featureMap default = 0;
+    ram      attribute clusterRevision default = 1;
+
+    handle command SolicitOffer;
+    handle command SolicitOfferResponse;
+    handle command ProvideOffer;
+    handle command ProvideOfferResponse;
+    handle command ProvideAnswer;
+    handle command ProvideICECandidates;
+    handle command EndSession;
+  }
+
   server cluster Chime {
     callback attribute installedChimeSounds;
     callback attribute selectedChime;