Backport 26997 ([rescue, rom_ext_e2e] Test rescue with a restricted command set) #29208
+545
−300
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow `spi_device_cmd_get` to operate in a non-blocking fashion. This allows the rescue protocol to time out after a period of inactivity. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 6564a9b)
Add a `skip_once` parameter to rescue entry. This allows the ROM_EXT to send a message to itself to skip rescue detection (and entry) once on the next boot. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 8e820ba)
Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 2933902)
1. Enter rescue on boot failure. 2. Exit rescue after a peroid of inactivty. The inactivty timeout is cancelled if there is any rescue activity at all. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit ceedca4)
Parameterize builds of the `test_owner` module and associated ROM_EXTs to avoid copy/pasting of the `cc_library` and `opentitan_binary` rules. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 59e6e66)
Add tests for the rescue enter-on-fail and inactivity timeout features. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit b3e481f)
1. Add a `no-op` mode to rescue so that the xmodem protocol is functional if the owner disables the `RescueFirwmare` command. 2. Make the `no-op` mode the default if `RescueFirmware` is absent from the allowed commands list. Fixes lowRISC#26919. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit a147e46)
The `--reboot` flag on `rescue` commands needs to parse its arguments. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 6af8f88)
pamaury
requested review from
engdoreis and
jwnrt
and removed request for
a team
Test that the rescue protocol is functional when the `RescueFirmware` mode is not in the list of allowed commands. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 23b5b87)
pamaury
force-pushed
the
backport_26997
branch
from
f0bd294 to
9d255de
Compare
This was referenced Jan 29, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport #26997. Depends on #29204, only review last 3 commits.