cleargrow/probe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
main
probe/prj.conf.production
ClearGrow Agent 39a696bdd2
Some checks failed
ClearGrow Probe CI / Build Development Firmware (push) Has been cancelled
Details
ClearGrow Probe CI / Build Production Firmware (push) Has been cancelled
Details
ClearGrow Probe CI / CI Status Summary (push) Has been cancelled
Details
Initial commit: migrate from GitHub
2025-12-10 09:32:24 -07:00

83 lines
3.2 KiB
Plaintext
Raw Permalink Blame History

# ClearGrow Probe - Production Build Configuration
# This overlay reduces logging overhead for production deployments
#
# BUILD COMMAND:
# west build -b nrf52840dk_nrf52840 -- -DOVERLAY_CONFIG=prj.conf.production
#
# This configuration minimizes:
# - UART bandwidth consumption
# - Flash space for log strings
# - CPU cycles for log formatting
# - Power consumption from UART transmission
#
# Production logging is set to WARNING level (errors and warnings only)
# ============================================================================
# PRODUCTION LOGGING CONFIGURATION
# ============================================================================
# Set WARNING level logging (level 2: only errors and warnings)
# This disables INFO and DEBUG messages while keeping critical error reporting
CONFIG_LOG_DEFAULT_LEVEL=2
# Use minimal log mode for smaller flash footprint
# Reduces compiled code size by simplifying log formatting
CONFIG_LOG_MODE_MINIMAL=y
# Disable debug assertions for production
# Assertions consume flash and CPU for runtime checks
CONFIG_ASSERT=n
CONFIG_ASSERT_VERBOSE=n
# Disable printk routing through log subsystem
# Saves memory and processing overhead
CONFIG_LOG_PRINTK=n
# Reduce log buffer size for memory savings
# 512 bytes sufficient for WARNING-level messages
# Default is 1024 bytes; this saves 512 bytes of RAM
CONFIG_LOG_BUFFER_SIZE=512
# Disable runtime log level control
# Reduces code size by removing dynamic log level changes
CONFIG_LOG_RUNTIME_FILTERING=n
# ============================================================================
# SECURITY HARDENING (PROBE-TN-001)
# ============================================================================
# Enable Access Port Protection (prevents JTAG/SWD flash readout)
# CRITICAL: This locks the device and requires chip erase to re-enable debug
# Only enable for production-ready firmware that has been thoroughly tested
CONFIG_NRF_APPROTECT_LOCK=y
# Force APPROTECT on every boot (not just once in UICR)
# Sets the FORCEPROTECT register to enable protection immediately
CONFIG_NRF_APPROTECT_USER_HANDLING=n
# ============================================================================
# NOTES
# ============================================================================
#
# What still gets logged in production:
# - LOG_ERR(): Critical errors (sensor failures, network errors)
# - LOG_WRN(): Warnings (retries, degraded operation)
#
# What is suppressed:
# - LOG_INF(): Informational messages (normal operation)
# - LOG_DBG(): Debug messages (detailed tracing)
#
# Expected flash savings: ~20-40KB (log strings removed by linker)
# Expected RAM savings: 512 bytes (smaller log buffer)
# Expected power savings: Reduced UART activity during idle periods
#
# Security: Access port protection prevents flash readout via JTAG/SWD
# - Combined with MCUboot signature verification (see child_image/mcuboot.conf)
# - Mitigates PROBE-TN-001 (Thread credentials stored in plaintext)
#
# WARNING: APPROTECT will lock debugging. To recover:
# nrfjprog --recover # Performs chip erase, erases all flash including credentials
#
# For development/debugging, use default build without this overlay:
# west build -b nrf52840dk_nrf52840
Reference in New Issue View Git Blame Copy Permalink