Merge branch 'espressif:release/v5.3' into release/v5.3

Author: Jason2866

.codespellrc

@@ -1,4 +1,4 @@
 [codespell]
 skip = build,*.yuv,components/fatfs/src/*,alice.txt,*.rgb,components/wpa_supplicant/*,components/esp_wifi/*
-ignore-words-list = ser,dout,rsource,fram,inout,shs,ans,aci,unstall,unstalling,hart,wheight,ot,wel
+ignore-words-list = ser,dout,rsource,fram,inout,shs,ans,aci,unstall,unstalling,hart,wheight,ot,wel,parms
 write-changes = true

.gitignore

@@ -102,6 +102,7 @@ pytest_embedded_log/
 list_job*.txt
 size_info*.txt
 XUNIT_RESULT*.xml
+.manifest_sha
 
 # clang config (for LSP)
 .clangd

.gitlab/ci/build.yml

@@ -1,7 +1,7 @@
 .build_template:
   stage: build
   extends:
-    - .after_script:build:ccache:upload-when-fail
+    - .after_script:build:ccache-show-stats:upload-failed-job-logs
   image: $ESP_ENV_IMAGE
   tags:
     - build
@@ -16,7 +16,7 @@
   extends:
     - .build_template
     - .before_script:build
-    - .after_script:build:ccache
+    - .after_script:build:ccache-show-stats
   dependencies: # set dependencies to null to avoid missing artifacts issue
   needs:
     - job: fast_template_app
@@ -42,9 +42,9 @@
       --parallel-count ${CI_NODE_TOTAL:-1}
       --parallel-index ${CI_NODE_INDEX:-1}
       --extra-preserve-dirs
-        examples/bluetooth/esp_ble_mesh/ble_mesh_console
-        examples/bluetooth/hci/controller_hci_uart_esp32
-        examples/wifi/iperf
+      examples/bluetooth/esp_ble_mesh/ble_mesh_console
+      examples/bluetooth/hci/controller_hci_uart_esp32
+      examples/wifi/iperf
       --modified-components ${MR_MODIFIED_COMPONENTS}
       --modified-files ${MR_MODIFIED_FILES}
     # for detailed documents, please refer to .gitlab/ci/README.md#uploaddownload-artifacts-to-internal-minio-server
@@ -210,15 +210,16 @@ pytest_build_system_macos:
   extends:
     - .test_build_system_template
     - .before_script:build:macos
-    - .after_script:build:macos:upload-when-fail
+    - .after_script:build:macos:upload-failed-job-logs:ccache-show-stats
     - .rules:build:macos
   tags:
     - macos_shell
   parallel: 3
   variables:
     PYENV_VERSION: "3.8"
-    CI_CCACHE_DISABLE: "1"  # ccache: error: Read-only file system
-
+    # CCACHE_DIR: "/cache/idf_ccache". On macOS, you cannot write to this folder due to insufficient permissions.
+    CCACHE_DIR: "" # ccache will use "$HOME/Library/Caches/ccache".
+    CCACHE_MAXSIZE: "5G" # To preserve the limited Macbook storage. CCACHE automatically prunes old caches to fit the set limit.
 build_docker:
   extends:
     - .before_script:minimal
@@ -264,6 +265,8 @@ generate_build_child_pipeline:
   dependencies: # set dependencies to null to avoid missing artifacts issue
   needs:
     - pipeline_variables
+    - job: baseline_manifest_sha
+      optional: true
   artifacts:
     paths:
       - build_child_pipeline.yml

.gitlab/ci/common.yml

@@ -14,12 +14,12 @@ stages:
   - post_deploy
 
 variables:
-# System environment
+  # System environment
 
   # Common parameters for the 'make' during CI tests
   MAKEFLAGS: "-j5 --no-keep-going"
 
-# GitLab-CI environment
+  # GitLab-CI environment
   # Thanks to pack-objects cache, clone strategy should behave faster than fetch
   #   so we pick "clone" as default git strategy
   # Shiny runners by default remove the CI_PROJECT_DIR every time at the beginning of one job
@@ -39,7 +39,7 @@ variables:
   GIT_FETCH_EXTRA_FLAGS: "--no-recurse-submodules --prune --prune-tags"
   # we're using .cache folder for caches
   GIT_CLEAN_FLAGS: -ffdx -e .cache/
-  LATEST_GIT_TAG: v5.3.1
+  LATEST_GIT_TAG: v5.3.2
 
   SUBMODULE_FETCH_TOOL: "tools/ci/ci_fetch_submodule.py"
   # by default we will fetch all submodules
@@ -219,13 +219,14 @@ variables:
     - *setup_tools_and_idf_python_venv
     - fetch_submodules
 
-.after_script:build:macos:upload-when-fail:
+.after_script:build:macos:upload-failed-job-logs:ccache-show-stats:
   after_script:
     # macos is running shell executor, which means it would use
     # the system installed /usr/local/bin/python3 by default.
     # Ensure pyenv and PYENV_VERSION installed
     - eval "$(pyenv init -)"
     - *upload_failed_job_log_artifacts
+    - *show_ccache_statistics
 
 .before_script:build:
   before_script:
@@ -236,11 +237,11 @@ variables:
     - export EXTRA_CFLAGS=${PEDANTIC_CFLAGS}
     - export EXTRA_CXXFLAGS=${PEDANTIC_CXXFLAGS}
 
-.after_script:build:ccache:
+.after_script:build:ccache-show-stats:
   after_script:
     - *show_ccache_statistics
 
-.after_script:build:ccache:upload-when-fail:
+.after_script:build:ccache-show-stats:upload-failed-job-logs:
   after_script:
     - *show_ccache_statistics
     - *upload_failed_job_log_artifacts
@@ -363,12 +364,12 @@ default:
     - *setup_tools_and_idf_python_venv
     - add_gitlab_ssh_keys
     - fetch_submodules
-# gitlab bug, setting them here doesn't work
-# - expire_in: https://gitlab.com/gitlab-org/gitlab/-/issues/404563
-# - when: https://gitlab.com/gitlab-org/gitlab/-/issues/440672
-#  artifacts:
-#    expire_in: 1 week
-#    when: always
+  # gitlab bug, setting them here doesn't work
+  # - expire_in: https://gitlab.com/gitlab-org/gitlab/-/issues/404563
+  # - when: https://gitlab.com/gitlab-org/gitlab/-/issues/440672
+  #  artifacts:
+  #    expire_in: 1 week
+  #    when: always
   retry:
     max: 2
     when:

.gitlab/ci/docs.yml

@@ -171,6 +171,7 @@ build_docs_pdf:
     - job: fast_template_app
       artifacts: false
       optional: true
+  allow_failure: true # TODO IDFCI-2216
   artifacts:
     paths:
       - docs/_build/*/*/latex/*
@@ -182,6 +183,7 @@ build_docs_pdf_prod:
     - .build_docs_template
     - .doc-rules:build:docs-full-prod
   dependencies: [] # Stop build_docs jobs from downloading all previous job's artifacts
+  allow_failure: true # TODO IDFCI-2216
   artifacts:
     paths:
       - docs/_build/*/*/latex/*

.gitlab/ci/pre_check.yml

@@ -169,3 +169,35 @@ pipeline_variables:
       - pipeline.env
     expire_in: 1 week
     when: always
+
+baseline_manifest_sha:
+  extends:
+    - .pre_check_template
+    - .rules:dev-push
+  tags: [fast_run, shiny]
+  script:
+    - |
+      # merged results pipelines, by default
+      # diff between target-branch-head and merged-result-head
+      if [ -n "$CI_MERGE_REQUEST_TARGET_BRANCH_SHA" ]; then
+        git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_SHA --depth=1
+        git checkout FETCH_HEAD
+        idf-build-apps dump-manifest-sha \
+          --manifest-files $(find . -name ".build-test-rules.yml" | xargs) \
+          --output .manifest_sha
+      # merge request pipelines, when the mr got conflicts
+      # diff between diff-base-sha and merge-request-head
+      elif [ -n "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]; then
+        git fetch origin $CI_MERGE_REQUEST_DIFF_BASE_SHA --depth=1
+        git checkout FETCH_HEAD
+        idf-build-apps dump-manifest-sha \
+          --manifest-files $(find . -name ".build-test-rules.yml" | xargs) \
+          --output .manifest_sha
+      # other pipelines, like the protected branches pipelines
+      # not triggered in this job
+      fi
+  artifacts:
+    paths:
+      - .manifest_sha
+    expire_in: 1 week
+    when: always

.gitlab/ci/rules.yml

@@ -217,6 +217,10 @@
   rules:
     - <<: *if-tag-release
 
+.rules:dev-push:
+  rules:
+    - <<: *if-dev-push
+
 # Do not upload caches on dev branches by default
 .rules:upload-python-cache:
   rules:
@@ -249,15 +253,6 @@
     - <<: *if-dev-push
       changes: *patterns-python-files
 
-.rules:patterns:static-code-analysis-preview:
-  rules:
-    - <<: *if-dev-push
-      changes: *patterns-c-files
-    - <<: *if-dev-push
-      changes: *patterns-python-files
-    - <<: *if-dev-push
-      changes: *patterns-sonarqube-files
-
 .rules:patterns:idf-pytest-plugin:
   rules:
     - <<: *if-protected

.gitlab/ci/static-code-analysis.yml

@@ -38,84 +38,3 @@ check_pylint:
       fi
     - if [ -z "$files" ]; then echo "No python files found"; exit 0; fi
     - run_cmd pylint --exit-zero --load-plugins=pylint_gitlab --output-format=gitlab-codeclimate:pylint.json $files
-
-# build stage
-# Sonarqube related jobs put here for this reason:
-# Here we have two jobs. code_quality_check and code_quality_report.
-#
-# code_quality_check will analyze the code changes between your MR and
-# code repo stored in sonarqube server. The analysis result is only shown in
-# the comments under this MR and won't be transferred to the server.
-#
-# code_quality_report will analyze and transfer both of the newly added code
-# and the analysis result to the server.
-#
-# Put in the front to ensure that the newly merged code can be stored in
-# sonarqube server ASAP, in order to avoid reporting unrelated code issues
-.sonar_scan_template:
-  stage: build
-  extends: .pre_check_template
-  # full clone since this image does not support fetch --shallow-since-cutoff
-  # shiny runners are used for full clone
-  tags: [build, shiny]
-  image: $SONARQUBE_SCANNER_IMAGE
-  before_script:
-    - source tools/ci/utils.sh
-    - export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH"
-    - fetch_submodules
-    # Exclude the submodules, all paths ends with /**
-    - submodules=$(get_all_submodules)
-    # get all exclude paths specified in tools/ci/sonar_exclude_list.txt | ignore lines start with # | xargs | replace all <space> to <comma>
-    - custom_excludes=$(cat $CI_PROJECT_DIR/tools/ci/sonar_exclude_list.txt | grep -v '^#' | xargs | sed -e 's/ /,/g')
-    # Exclude the report dir as well
-    - export EXCLUSIONS="$custom_excludes,$submodules"
-    - export SONAR_SCANNER_OPTS="-Xmx2048m"
-  variables:
-    GIT_DEPTH: 0
-    REPORT_PATTERN: clang_tidy_reports/**/*.txt
-  artifacts:
-    paths:
-      - $REPORT_PATTERN
-    expire_in: 1 week
-    when: always
-  dependencies:  # Here is not a hard dependency relationship, could be skipped when only python files changed. so we do not use "needs" here.
-    - clang_tidy_check
-
-code_quality_check:
-  extends:
-    - .sonar_scan_template
-    - .rules:patterns:static-code-analysis-preview
-  allow_failure: true  # it's using exit code to indicate the code analysis result,
-                       # we don't want to block ci when critical issues founded
-  script:
-    - export CI_MERGE_REQUEST_COMMITS=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py commits --src-branch ${CI_COMMIT_REF_NAME} | tr '\n' ',')
-    # test if this branch have merge request, if not, exit 0
-    - test -n "$CI_MERGE_REQUEST_IID" || exit 0
-    - test -n "$CI_MERGE_REQUEST_COMMITS" || exit 0
-    - sonar-scanner
-      -Dsonar.analysis.mode=preview
-      -Dsonar.branch.name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
-      -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN
-      -Dsonar.exclusions=$EXCLUSIONS
-      -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
-      -Dsonar.gitlab.commit_sha=$CI_MERGE_REQUEST_COMMITS
-      -Dsonar.gitlab.merge_request_discussion=true
-      -Dsonar.gitlab.ref_name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
-      -Dsonar.host.url=$SONAR_HOST_URL
-      -Dsonar.login=$SONAR_LOGIN
-
-code_quality_report:
-  extends:
-    - .sonar_scan_template
-    - .rules:protected
-  allow_failure: true  # it's using exit code to indicate the code analysis result,
-                       # we don't want to block ci when critical issues founded
-  script:
-    - sonar-scanner
-      -Dsonar.branch.name=$CI_COMMIT_REF_NAME
-      -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN
-      -Dsonar.exclusions=$EXCLUSIONS
-      -Dsonar.gitlab.commit_sha=$PIPELINE_COMMIT_SHA
-      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
-      -Dsonar.host.url=$SONAR_HOST_URL
-      -Dsonar.login=$SONAR_LOGIN

Kconfig

@@ -625,7 +625,7 @@ mainmenu "Espressif IoT Development Framework Configuration"
             config COMPILER_ORPHAN_SECTIONS_WARNING
                 bool "Place with warning"
                 help
-                    Places orphan sections without a warning message.
+                    Places orphan sections with a warning message.
 
             config COMPILER_ORPHAN_SECTIONS_PLACE
                 bool "Place silently"
@@ -655,3 +655,5 @@ mainmenu "Espressif IoT Development Framework Configuration"
             - CONFIG_BOOTLOADER_CACHE_32BIT_ADDR_QUAD_FLASH
             - CONFIG_ESP_WIFI_EAP_TLS1_3
             - CONFIG_ESP_WIFI_ENABLE_ROAMING_APP
+            - CONFIG_USB_HOST_EXT_PORT_SUPPORT_LS
+            - CONFIG_USB_HOST_EXT_PORT_RESET_ATTEMPTS

components/bootloader_support/include/bootloader_common.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2018-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2018-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -181,6 +181,20 @@ uint32_t bootloader_common_get_chip_ver_pkg(void);
  */
 esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr, esp_image_type type);
 
+#if !CONFIG_IDF_TARGET_ESP32
+/**
+ * @brief Check the eFuse block revision
+ *
+ * @param[in] min_rev_full The required minimum revision of the eFuse block
+ * @param[in] max_rev_full The required maximum revision of the eFuse block
+ * @return
+ *          - ESP_OK: The eFuse block revision is in the required range.
+ *          - ESP_OK: DISABLE_BLK_VERSION_MAJOR has been set in the eFuse of the SoC. No requirements shall be checked at this time.
+ *          - ESP_FAIL: The eFuse block revision of this chip does not match the requirement of the current image.
+ */
+esp_err_t bootloader_common_check_efuse_blk_validity(uint32_t min_rev_full, uint32_t max_rev_full);
+#endif  // !CONFIG_IDF_TARGET_ESP32
+
 /**
  * @brief Configure VDDSDIO, call this API to rise VDDSDIO to 1.9V when VDDSDIO regulator is enabled as 1.8V mode.
  */