184 lines
6.4 KiB
Plaintext
184 lines
6.4 KiB
Plaintext
# ClearGrow Probe - Zephyr Project Configuration
|
|
# Target: nRF52840 with Thread networking
|
|
|
|
# Kernel Configuration
|
|
CONFIG_MAIN_STACK_SIZE=2048
|
|
# System workqueue increased to 3072 bytes (PROBE-TA-003)
|
|
# Handles deferred work from multiple modules: battery sampling,
|
|
# Thread joiner retry, OpenThread callbacks. 2048 was insufficient.
|
|
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=3072
|
|
|
|
# Heap Configuration (PROBE-MM-001)
|
|
# 16KB heap for dynamic allocations (primarily OpenThread stack internals)
|
|
# Expected heap consumers:
|
|
# - OpenThread: ~8-12KB (network buffers, crypto operations, neighbor table)
|
|
# - Zephyr kernel: ~1-2KB (work queue items, timers)
|
|
# - Settings/NVS: ~1KB (temporary buffers during load/save)
|
|
# - CoAP library: ~1-2KB (message assembly, retransmit buffers)
|
|
# Total estimated: 11-17KB (70-100% utilization under peak load)
|
|
# Note: Application code uses static allocation (no malloc/free in hot paths)
|
|
CONFIG_HEAP_MEM_POOL_SIZE=16384
|
|
CONFIG_SYS_HEAP_RUNTIME_STATS=y
|
|
|
|
# Logging
|
|
CONFIG_LOG=y
|
|
CONFIG_LOG_DEFAULT_LEVEL=3
|
|
CONFIG_LOG_BACKEND_UART=y
|
|
|
|
# GPIO and I2C
|
|
CONFIG_GPIO=y
|
|
CONFIG_I2C=y
|
|
CONFIG_SENSOR=y
|
|
|
|
# I2C timeout protection (PROBE-SD-006)
|
|
# Prevents indefinite hang if sensor gets stuck on I2C bus
|
|
# 500ms is sufficient for all sensors (SHT4x worst case ~10ms, SCD4x ~20ms)
|
|
CONFIG_I2C_NRFX_TRANSFER_TIMEOUT=500
|
|
|
|
# ADC for battery monitoring
|
|
CONFIG_ADC=y
|
|
|
|
# Thread/OpenThread
|
|
CONFIG_NETWORKING=y
|
|
CONFIG_NET_L2_OPENTHREAD=y
|
|
CONFIG_OPENTHREAD_THREAD_VERSION_1_3=y
|
|
CONFIG_OPENTHREAD_FTD=n
|
|
CONFIG_OPENTHREAD_MTD=y
|
|
CONFIG_OPENTHREAD_MTD_SED=y
|
|
|
|
# Thread Security
|
|
CONFIG_OPENTHREAD_JOINER=y
|
|
CONFIG_OPENTHREAD_SLAAC=y
|
|
|
|
# Thread SRP Client (for service registration)
|
|
CONFIG_OPENTHREAD_SRP_CLIENT=y
|
|
|
|
# Radio TX Power (PROBE-TN-003)
|
|
# Range: -40 to +8 dBm on nRF52840
|
|
# 0dBm chosen for indoor grow room application:
|
|
# - Adequate range for typical grow room (10-30m)
|
|
# - Balances connectivity vs battery life
|
|
# - Reduces interference in dense environments
|
|
# For large facilities: consider +4 to +8 dBm
|
|
# For battery-critical operation: consider -8 to -4 dBm
|
|
CONFIG_OPENTHREAD_DEFAULT_TX_POWER=0
|
|
|
|
# Power Management (Sleepy End Device)
|
|
CONFIG_OPENTHREAD_POLL_PERIOD=1000
|
|
|
|
# Socket API for CoAP
|
|
CONFIG_NET_SOCKETS=y
|
|
CONFIG_NET_SOCKETS_POSIX_NAMES=y
|
|
|
|
# CoAP for sensor data transmission
|
|
CONFIG_COAP=y
|
|
|
|
# OpenThread CoAP API (for OTA manager server resources)
|
|
CONFIG_OPENTHREAD_COAP=y
|
|
|
|
# Code-based pairing
|
|
CONFIG_CODE_PAIRING=y
|
|
CONFIG_PSKD_LENGTH=6
|
|
|
|
# Flash/NVS for settings (required for PSKd storage)
|
|
CONFIG_FLASH=y
|
|
CONFIG_FLASH_MAP=y
|
|
CONFIG_NVS=y
|
|
CONFIG_SETTINGS=y
|
|
CONFIG_SETTINGS_NVS=y
|
|
|
|
# Thread credential security (PROBE-TN-001)
|
|
# IMPORTANT: NVS encryption is NOT available on nRF52840
|
|
# Root cause: Requires TF-M (Trusted Firmware-M) with secure partition manager,
|
|
# which is only available on Cortex-M33 devices (nRF5340, nRF9160).
|
|
# nRF52840 (Cortex-M4F) lacks TrustZone-M required for TF-M.
|
|
#
|
|
# Mitigations implemented:
|
|
# 1. Access Port Protection (CONFIG_NRF_APPROTECT_LOCK=y below)
|
|
# - Prevents JTAG/SWD debugger from reading flash
|
|
# - Requires full chip erase to re-enable debug access
|
|
# - Production firmware sets FORCEPROTECT register on boot
|
|
#
|
|
# 2. MCUboot Image Signing (already enabled via CONFIG_BOOTLOADER_MCUBOOT=y)
|
|
# - Only RSA-2048/ECDSA-signed firmware can boot
|
|
# - Prevents malicious firmware injection
|
|
# - Build system generates signed images for OTA
|
|
#
|
|
# 3. Network-Level Security
|
|
# - Thread MLE/MAC-layer AES-128-CCM encryption
|
|
# - PSKd used only during initial commissioning (not persisted)
|
|
# - Device authentication via IEEE 802.15.4 EUI-64
|
|
#
|
|
# Residual Risk:
|
|
# - Physical attacker with chip-off capability can extract flash and read
|
|
# plaintext Thread credentials (Master Key, Network Name, PAN ID)
|
|
# - This would allow attacker to join the Thread network as legitimate device
|
|
#
|
|
# Operational Mitigations (REQUIRED):
|
|
# 1. Rotate Thread network credentials immediately if device is lost/stolen
|
|
# - Use controller UI: Settings > Thread Network > Change Credentials
|
|
# - All commissioned devices will need to re-pair with new credentials
|
|
# 2. Maintain physical security of deployed devices
|
|
# - Use tamper-evident enclosures for high-security installations
|
|
# 3. Monitor Thread network for unauthorized devices
|
|
# - Check controller device list for unexpected EUI-64 identifiers
|
|
#
|
|
# Future Hardware Upgrade:
|
|
# - nRF5340 provides TF-M + NVS encryption for full at-rest credential protection
|
|
# - Consider hardware security element (e.g., ATECC608) for crypto key storage
|
|
|
|
# Enable Access Port Protection (production security)
|
|
# IMPORTANT: Only enable for production builds. Development builds should keep
|
|
# this disabled (=n) to allow debugging via JTAG/SWD.
|
|
# For production builds, this is enabled in prj.conf.production:
|
|
# CONFIG_NRF_APPROTECT_LOCK=y
|
|
# Build with: west build -b nrf52840dk_nrf52840 -- -DOVERLAY_CONFIG=prj.conf.production
|
|
|
|
# Random number generation (for PSKd generation)
|
|
CONFIG_ENTROPY_GENERATOR=y
|
|
|
|
# Watchdog
|
|
CONFIG_WATCHDOG=y
|
|
CONFIG_WDT_DISABLE_AT_BOOT=n
|
|
|
|
# Stack overflow detection (PROBE-TA-001)
|
|
CONFIG_THREAD_STACK_INFO=y
|
|
# Note: STACK_SENTINEL and MPU_STACK_GUARD are mutually exclusive
|
|
# Using MPU_STACK_GUARD for hardware-based protection
|
|
CONFIG_MPU_STACK_GUARD=y
|
|
|
|
# MCUboot support (for OTA updates)
|
|
CONFIG_BOOTLOADER_MCUBOOT=y
|
|
CONFIG_STREAM_FLASH=y
|
|
CONFIG_IMG_MANAGER=y
|
|
|
|
# Power management for nRF52840 (PROBE-SL-001, PROBE-SL-002, PROBE-PM-001)
|
|
# nRF52840 uses Nordic-specific low-power modes, not generic Zephyr PM framework
|
|
#
|
|
# Target deep sleep current: <3µA (approaching System OFF idle current)
|
|
# Achieved through:
|
|
# 1. Thread radio fully disabled (not just SED polling reduction)
|
|
# 2. All unused peripherals disabled (UART, I2C, ADC)
|
|
# 3. All GPIOs configured as output LOW (eliminates floating input leakage)
|
|
# 4. Soil sensor power disabled
|
|
# 5. CPU enters WFI (Wait For Interrupt) during k_msleep()
|
|
#
|
|
# Power states managed in power_manager.c using nrf_power APIs
|
|
# Low-level optimizations in power_low_level.c using Nordic HAL
|
|
#
|
|
# Battery life targets:
|
|
# Normal operation (SED): ~6 months on 2x AA (3000mAh)
|
|
# Deep sleep: ~1+ year on 2x AA
|
|
# Shipping mode: ~5+ years on 2x AA
|
|
|
|
# IMPORTANT: Do NOT enable CONFIG_PM or CONFIG_PM_DEVICE
|
|
# nRF52840 lacks HAS_PM Kconfig symbol required by Zephyr PM framework
|
|
# CONFIG_PM=n
|
|
# CONFIG_PM_DEVICE=n
|
|
|
|
# Shell (PROBE-PA-002)
|
|
# Provides runtime access to PSKd for pairing without serial log access
|
|
CONFIG_SHELL=y
|
|
CONFIG_SHELL_BACKEND_SERIAL=y
|
|
CONFIG_SHELL_PROMPT_UART="probe:~$ "
|