Fix Demo Build Errors

.github/workflows/build.yml

@@ -20,9 +20,10 @@ jobs:
       fail-fast: false
       matrix:
         esp_idf_version:
-          - v4.4.1
           - v5.0
           - v5.1.2
+          - release-v5.2
+          - latest
         esp_target:
           - esp32
           - esp32s2

.gitignore

@@ -3,3 +3,6 @@ build/
 main/certs/
 esp_ds_data/
 managed_components/
+sdkconfig
+sdkconfig.old
+dependencies.lock

GettingStartedGuide.md

@@ -46,34 +46,72 @@ Once completed, one can progress to the [Use Security Features](UseSecurityFeatu
 
 ### 1.2 Software Requirements
 
-- ESP-IDF 4.4.3 or higher to configure, build, and flash the project. To setup for the ESP32-C3, follow Espressif's [Getting Started Guide for the ESP32-C3](https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/get-started/index.html).
+- [ESP-IDF 5.0](https://github.com/espressif/esp-idf/tree/v5.0) or higher to
+configure, build, and flash the project. To setup for the ESP32-C3,
+follow Espressif's
+[Getting Started Guide for the ESP32-C3](https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/get-started/index.html).
+
+    **NOTE:** As of December 15h 2023 ESP-IDF V4.4.3 is no longer supported. For
+    more information refer to the
+    [ESP-IDF Release Support Schedule](https://github.com/espressif/esp-idf#esp-idf-release-support-schedule)
+
 - [Python3](https://www.python.org/downloads/)
-  and the Package Installer for Python [pip](https://pip.pypa.io/en/stable/installation/) to use the AWS CLI to import certificates and perform OTA Job set up. Pip is included when you install
+  and the Package Installer for Python [pip](https://pip.pypa.io/en/stable/installation/)
+  to use the AWS CLI to import certificates and perform OTA Job set up. Pip is
+  included when you install
   from Python 3.10.
 - [OpenSSL](https://www.openssl.org/) to create the OTA signing
-  key and certificate. If you have git installed on your machine, you can also use the openssl.exe that comes with the git installation.
+  key and certificate. If you have git installed on your machine,
+  you can also use the openssl.exe that comes with the git installation.
 - [AWS CLI Interface](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
-  to import your code-signing certificate, private key, and certificate chain into the AWS Certificate Manager,
-  and to set up an OTA firmware update job. Refer to
-  [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
+  to import your code-signing certificate, private key, and certificate chain into
+  the AWS Certificate Manager,
+  and to set up an OTA firmware update job. Refer to the AWS User Guide for
+  Installing or updating the latest version of the AWS CLI
+  [here](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
   for installation instructions. After installation, follow the steps in
   [Configuration basics](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html)
-  to configure the basic settings (security credentials, the default AWS output format and the default AWS Region)
-  that AWS CLI uses to interact with AWS. (If you don't have an AWS account and user, follow steps 1 and 2 in the AWS IoT Core Setup Guide below before following the Configuration basics for the AWS CLI.)
+  to configure the basic settings (security credentials, the default AWS output
+  format and the default AWS Region)
+  that AWS CLI uses to interact with AWS. (If you don't have an AWS account
+  and user, follow steps 1 and 2 in the AWS IoT Core Setup Guide below before
+ following the Configuration basics for the AWS CLI.)
 
 ## 2 Demo setup
 
 ### 2.1 Setup AWS IoT Core
 
-To setup AWS IoT Core, follow the [AWS IoT Core Setup Guide](AWSSetup.md). The guide shows you how to sign up for an AWS account, create a user, and register your device with AWS IoT Core.
-After you have followed the instructions in the AWS IoT Core Setup Guide, you will have created a **device Endpoint**, an AWS IoT **thing**, a **PEM-encoded device certificate**, a **PEM-encoded private key**, and a **PEM-encoded root CA certificate**. (An explanation of these entities is given in the Setup Guide.) The root CA certificate can also be downloaded [here](https://www.amazontrust.com/repository/AmazonRootCA1.pem). Your ESP23-C3 board must now be provisioned with these entities in order for it to connect securely with AWS IoT Core.
+To setup AWS IoT Core, follow the [AWS IoT Core Setup Guide](AWSSetup.md).
+The guide shows you how to sign up for an AWS account, create a user, and
+register your device with AWS IoT Core.
+
+After you have followed the instructions in the AWS IoT Core Setup Guide, you
+will have created a **device Endpoint**, an AWS IoT **thing**, a
+**PEM-encoded device certificate**, a **PEM-encoded private key**, and a
+**PEM-encoded root CA certificate**. (An explanation of these entities is
+given in the [AWS IoT Core Setup Guide](AWSSetup.md).)The AWS Root CA
+certificate can also be downloaded
+[here](https://www.amazontrust.com/repository/AmazonRootCA1.pem).
+Your ESP23-C3 board must now be provisioned with these entities in order
+for it to connect securely with AWS IoT Core.
 
 ### 2.2 Configure the project with the AWS IoT Thing Name and AWS device Endpoint
 
 The demo will connect to the AWS IoT device Endpoint that you configure here.
 
-1. From a terminal/command prompt, run `idf.py menuconfig`. This assumes the ESP-IDF environment is exported-- i.e. that export.bat/export.sh, which can be found under the ESP-IDF directory, has been run, or that you are using the ESP-IDF command prompt/terminal. For Visual Studio (VS) Code users who are using the Espressif IDF extension, do ->View->Command Palette->Search for `ESP-IDF: SDK Configuration editor (menuconfig)` and select the command. The `SDK Configuration editor` window should pop up after a moment.
-   (Note: If running menuconfig from within a VS Code command prompt, 'j' and 'k' may have to be used in place of the 'up' and 'down' arrow keys. Alternately, one can use a command prompt/terminal outside of the VS Code editor).
+1. From a terminal/command prompt, run `idf.py menuconfig`. This assumes the
+ESP-IDF environment is exported-- i.e. that export.bat/export.sh, which can be
+found under the ESP-IDF directory, has been run, or that you are using the
+ESP-IDF command prompt/terminal. For Visual Studio (VS) Code users who are
+using the Espressif IDF extension, do ->View->Command Palette->Search for
+`ESP-IDF: SDK Configuration editor (menuconfig)` and select the command. The
+`SDK Configuration editor` window should pop up after a moment.
+
+    (**Note**: If running menuconfig from within a VS Code command prompt, 'j' and
+    'k' may have to be used in place of the 'up' and 'down' arrow keys.
+    Alternately, one can use a command prompt/terminal outside of the VS Code
+    editor).
+
 2. Select `Featured FreeRTOS IoT Integration` from the menu.
 3. Set `Endpoint for MQTT Broker to use` to your **AWS device Endpoint**.
 4. Set `Port for MQTT Broker to use` to `8883`.
@@ -84,16 +122,31 @@ The demo will connect to the AWS IoT device Endpoint that you configure here.
 
 The key and certificates which will be used to establish a secure TLS connection will be stored in a special flash partition. Run the following command to create and flash the certificate partition.
 
+The following values will be needed:
+
+- `PORT`: The serial port to which the ESP32-C3 board is connected
+
+- `CA_CERT_FILEPATH`: The file path to the PEM-encoded root CA certificate,
+
+- `DEVICE_CERT_FILEPATH`: The file path to the PEM-encoded device certificate
+
+- `PRIVATE_KEY_FILEPATH`: The file path to the PEM-encoded private key.
+
+- `KEY_ALG_INFO`: The type of key algorithm being used. In the
+format Algorithm Size,
+
+  - **NOTE:** If using the
+    [AWS IoT Generated Credentials](https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-create.html)
+    this value will be `rsa 2048`
+
+**NOTE** The list of chip types can be found by running `idf.py list-targets`
+The directly supported chips are the `esp32c3`, `esp32s3`, and `esp32c2`
+
 ```sh
-python managed_components/espressif__esp_secure_cert_mgr/tools/configure_esp_secure_cert.py -p PORT --keep_ds_data_on_host --ca-cert CA_CERT_FILEPATH --device-cert DEVICE_CERT_FILEPATH --private-key PRIVATE_KEY_FILEPATH --target_chip esp32c3 --secure_cert_type cust_flash
+idf.py set-target CHIP_TYPE;
+python managed_components/espressif__esp_secure_cert_mgr/tools/configure_esp_secure_cert.py -p PORT --keep_ds_data_on_host --ca-cert CA_CERT_FILEPATH --device-cert DEVICE_CERT_FILEPATH --private-key PRIVATE_KEY_FILEPATH --target_chip CHIP_TYPE --secure_cert_type cust_flash --priv_key_algo KEY_ALG_INFO
 ```
 
-Remember to replace
-`PORT` with the serial port to which the ESP32-C3 board is connected,
-`CA_CERT_FILEPATH` with the file path to the PEM-encoded root CA certificate,
-`DEVICE_CERT_FILEPATH` with the file path to the PEM-encoded device certificate,
-and `PRIVATE_KEY_FILEPATH` with the file path to the PEM-encoded private key.
-
 > **NOTE:** For convenience sake, you could place your key and certificate files under the `main/certs` directory.
 
 ## 3 Build and flash the demo project
@@ -104,16 +157,30 @@ Espressif provides BLE and SoftAP provisioning mobile apps which are available o
 
 Run the following command to build and flash the demo project:
 
-```
-idf.py -p PORT flash monitor
+**NOTE** The list of chip types can be found by running `idf.py list-targets`
+The directly supported chips are the `esp32c3`, `esp32s3`, and `esp32c2`
+
+```sh
+idf.py set-target CHIP_TYPE;
+idf.py -p PORT flash monitor;
 ```
 
 Replace **PORT** with the serial port to which the ESP32-C3 is connected.
 
-If you are setting up the ESP32-C3 for the first time, the device will go though the Wi-Fi provisioning workflow and you will have to use the app you previously downloaded to scan the QR code and follow the instructions that follow. Once the device is provisioned successfully with the required Wi-Fi credentials, the demo will proceed. If previously Wi-Fi provisioned, the device will not go through the Wi-Fi provisioning workflow again.
-Note: If the ESP32-C3 was previously Wi-Fi provisioned, and you are on a different network and wish to re-provision with new network credentials, you will have to erase the nvs flash partition where the Wi-Fi credentials are stored, otherwise the device will presume that it has already been provisioned. In this situation, use the following command to erase the nvs partition.
+If you are setting up the ESP32-C3 for the first time, the device will go though
+the Wi-Fi provisioning workflow and you will have to use the app you previously
+downloaded to scan the QR code and follow the instructions that follow. Once the
+device is provisioned successfully with the required Wi-Fi credentials, the
+demo will proceed. If previously Wi-Fi provisioned, the device will not go
+through the Wi-Fi provisioning workflow again.
 
-```
+**Note**: If the ESP32-C3 was previously Wi-Fi provisioned, and you are on a
+different network and wish to re-provision with new network credentials, you
+will have to erase the nvs flash partition where the Wi-Fi credentials are
+stored, otherwise the device will presume that it has already been provisioned.
+In this situation, use the following command to erase the nvs partition.
+
+```sh
 parttool.py -p PORT erase_partition --partition-name=nvs
 ```
 
@@ -176,21 +243,43 @@ This demo uses the OTA client library and the AWS IoT OTA service for code signi
 
 ### 5.1 Setup pre-requisites for OTA cloud resources
 
-Before you create an OTA job, the following resources are required. This is a one time setup required for performing OTA firmware updates. Make a note of the names of the resources you create, as you will need to provide them during subsequent configuration steps.
-
-- An Amazon S3 bucket to store your updated firmware. S3 is an AWS Service that enables you to store files in the cloud that can be accessed by you or other services. This is used by the OTA Update Manager Service to store the firmware image in an S3 “bucket” before sending it to the device. [Create an Amazon S3 Bucket to Store Your Update](https://docs.aws.amazon.com/freertos/latest/userguide/dg-ota-bucket.html).
-- An OTA Update Service role. By default, the OTA Update Manager cloud service does not have permission to access the S3 bucket that will contain the firmware image. An OTA Service Role is required to allow the OTA Update Manager Service to read and write to the S3 bucket. [Create an OTA Update Service role](https://docs.aws.amazon.com/freertos/latest/userguide/create-service-role.html).
-- An OTA user policy. An OTA User Policy is required to give your AWS account permissions to interact with the AWS services required for creating an OTA Update. [Create an OTA User Policy](https://docs.aws.amazon.com/freertos/latest/userguide/create-ota-user-policy.html).
-- [Create a code-signing certificate](https://docs.aws.amazon.com/freertos/latest/userguide/ota-code-sign-cert-win.html). The demos support a code-signing certificate with an ECDSA P-256 key and SHA-256 hash to perform OTA updates.
+Before you create an OTA job, the following resources are required. This is a
+one time setup required for performing OTA firmware updates. Make a note of the
+names of the resources you create, as you will need to provide them during
+subsequent configuration steps.
+
+- An Amazon S3 bucket to store your updated firmware. S3 is an AWS Service that
+enables you to store files in the cloud that can be accessed by you or other
+services. This is used by the OTA Update Manager Service to store the firmware
+image in an S3 “bucket” before sending it to the device.
+[Create an Amazon S3 Bucket to Store Your Update](https://docs.aws.amazon.com/freertos/latest/userguide/dg-ota-bucket.html).
+
+- An OTA Update Service role. By default, the OTA Update Manager cloud service
+does not have permission to access the S3 bucket that will contain the firmware
+image. An OTA Service Role is required to allow the OTA Update Manager Service
+to read and write to the S3 bucket.
+[Create an OTA Update Service role](https://docs.aws.amazon.com/freertos/latest/userguide/create-service-role.html).
+
+- An OTA user policy. An OTA User Policy is required to give your AWS account
+permissions to interact with the AWS services required for creating an OTA Update.
+[Create an OTA User Policy](https://docs.aws.amazon.com/freertos/latest/userguide/create-ota-user-policy.html).
+- [Create a code-signing certificate](https://docs.aws.amazon.com/freertos/latest/userguide/ota-code-sign-cert-win.html).
+The demos support a code-signing certificate with an ECDSA P-256 key and
+SHA-256 hash to perform OTA updates.
 - [Grant access to Code Signing for AWS IoT](https://docs.aws.amazon.com/freertos/latest/userguide/code-sign-policy.html).
 
 ### 5.2 Provision the project with the code-signing public key certificate
 
-The code-signing public key certificate will be used by the application binary, i.e. the demo, to authenticate a binary that was downloaded for an update. (This downloaded firmware would have been signed by the certificate's corresponding private key.)
+The code-signing public key certificate will be used by the application binary,
+i.e. the demo, to authenticate a binary that was downloaded for an update.
+(This downloaded firmware would have been signed by the certificate's
+corresponding private key.)
 
-Copy the public key certificate that you would have created in the 'Create a code-signing certificate' step to 'main/certs/aws_codesign.crt'
+Copy the public key certificate that you would have created in the 'Create a
+code-signing certificate' step to 'main/certs/aws_codesign.crt'
 
-The demo will read the certificate 'aws_codesign.crt' from your host filesystem and save it in memory.
+The demo will read the certificate 'aws_codesign.crt' from your host filesystem
+and save it in memory.
 
 ### 5.3 Build an application binary with a higher version number, to be downloaded and activated on the device
 
@@ -200,9 +289,12 @@ To perform an OTA firmware update, you must go through these steps:
 2. Upload this image to an S3 bucket and create an OTA Update Job on the AWS IoT console.
 3. Restore the original version (lower version number) and flash this to the device.
 
-The version of the new image must be later than the current image on the board or else OTA will not proceed.
+The version of the new image must be later than the current image on the board
+or else OTA will not proceed.
 
-The OTA Update Job will send a notification to an MQTT topic that the device will be listening to. When it receives an OTA update notification, the device will then start downloading the new firmware.
+The OTA Update Job will send a notification to an MQTT topic that the device
+will be listening to. When it receives an OTA update notification, the device
+will then start downloading the new firmware.
 
 Create a binary with a higher version number.
 
@@ -217,14 +309,17 @@ Create a binary with a higher version number.
 idf.py build
 ```
 
-If successful, there will be a new binary under the 'build' directory - build/FeaturedFreeRTOSIoTIntegration.bin. Copy this binary to another location, otherwise it will be overwritten in the next step.
+If successful, there will be a new binary under the 'build' directory -
+build/FeaturedFreeRTOSIoTIntegration.bin. Copy this binary to another
+location, otherwise it will be overwritten in the next step.
 
 ### 5.4 Build and flash the device with a binary with a lower version number
 
-1. Follow the same steps in 5.3 starting with running idf.py menuconfig, but this time, set the `Application version build` number to '0'.
+1. Follow the same steps in 5.3 starting with running idf.py menuconfig, but
+this time, set the `Application version build` number to '0'.
 2. Build and flash this new application binary with a lower version number.
 
-```
+```sh
 idf.py -p PORT flash monitor
 ```
 

sdkconfig.defaults

@@ -1,3 +1,4 @@
+CONFIG_IDF_TARGET=esp32c3
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
 CONFIG_PARTITION_TABLE_FILENAME="partitions.csv"
@@ -24,3 +25,33 @@ CONFIG_ESP_SECURE_CERT_SUPPORT_LEGACY_FORMATS=y
 CONFIG_GRI_SUB_PUB_UNSUB_DEMO_MAX_COMMAND_SEND_BLOCK_TIME_MS=10000
 CONFIG_GRI_SUB_PUB_UNSUB_DEMO_DELAY_BETWEEN_SUB_PUB_UNSUB_LOOPS_MS=10000
 CONFIG_GRI_MQTT_AGENT_CONNACK_RECV_TIMEOUT_MS=10000
+
+# Set optimization for size
+CONFIG_COMPILER_OPTIMIZATION_SIZE=y
+
+# Set default FreeRTOS Stack sizes
+CONFIG_FREERTOS_TIMER_TASK_STACK_DEPTH=1536
+CONFIG_FREERTOS_IDLE_TASK_STACKSIZE=1024
+
+# LWIP config
+CONFIG_LWIP_MAX_SOCKETS=8
+
+# AWS OTA
+CONFIG_LOG2_FILE_BLOCK_SIZE=12
+CONFIG_MAX_NUM_BLOCKS_REQUEST=8
+CONFIG_MAX_NUM_OTA_DATA_BUFFERS=8
+CONFIG_ALLOW_DOWNGRADE=0
+CONFIG_OTA_DATA_OVER_MQTT=y
+# CONFIG_OTA_DATA_OVER_HTTP is not set
+CONFIG_OTA_DATA_OVER_MQTT_PRIMARY=y
+CONFIG_OTA_PRIMARY_DATA_PROTOCOL=1
+
+# MbedTLS Config Options
+CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
+# CONFIG_MBEDTLS_TLS_SERVER_ONLY is not set
+# CONFIG_MBEDTLS_TLS_CLIENT_ONLY is not set
+# CONFIG_MBEDTLS_TLS_DISABLED is not set
+CONFIG_MBEDTLS_TLS_SERVER=n
+CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
+CONFIG_MBEDTLS_TLS_CLIENT=y
+CONFIG_MBEDTLS_TLS_ENABLED=y