Merge branch 'master' into uart_tx_invert

Author: SuGlider

.github/scripts/on-release.sh

@@ -391,6 +391,11 @@ pushd "$OUTPUT_DIR" >/dev/null
 tar -cJf "$LIBS_XZ" "esp32-arduino-libs"
 popd >/dev/null
 
+# Copy esp-hosted binaries
+
+mkdir -p "$GITHUB_WORKSPACE/hosted"
+cp "$OUTPUT_DIR/esp32-arduino-libs/hosted"/*.bin "$GITHUB_WORKSPACE/hosted/"
+
 # Upload ZIP and XZ libs to release page
 
 echo "Uploading ZIP libs to release page ..."

.github/workflows/release.yml

@@ -36,3 +36,45 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.TOOLS_UPLOAD_PAT }}
         run: bash ./.github/scripts/on-release.sh
+
+      - name: Upload hosted binaries
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: hosted
+          if-no-files-found: ignore
+          path: ${{ github.workspace }}/hosted
+
+  upload-hosted-binaries:
+    name: Upload hosted binaries
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout gh-pages branch
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: gh-pages
+
+      - name: Download hosted binaries
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+        with:
+          name: hosted
+          path: ${{ github.workspace }}/hosted-latest
+
+      - name: Copy hosted binaries to proper directory and commit
+        env:
+          GITHUB_TOKEN: ${{ secrets.TOOLS_UPLOAD_PAT }}
+        run: |
+          # Create hosted directory if it doesn't exist
+          mkdir -p ${{ github.workspace }}/hosted
+
+          # Copy hosted binaries to proper directory without overwriting existing files
+          cp -n ${{ github.workspace }}/hosted-latest/*.bin ${{ github.workspace }}/hosted/
+
+          # Commit the changes
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add hosted/*.bin
+          if ! git diff --cached --quiet; then
+            git commit -m "Add new esp-hosted slave binaries"
+            git push origin HEAD:gh-pages
+          fi

cores/esp32/esp32-hal-touch-ng.c

@@ -117,8 +117,12 @@ bool touchDisable() {
   if (!enabled) {  // Already disabled
     return true;
   }
-  if (!running && (touch_sensor_disable(touch_sensor_handle) != ESP_OK)) {
-    log_e("Touch sensor still running or disable failed!");
+  if (running) {
+    log_e("Touch sensor still running!");
+    return false;
+  }
+  if (touch_sensor_disable(touch_sensor_handle) != ESP_OK) {
+    log_e("Touch sensor disable failed!");
     return false;
   }
   enabled = false;
@@ -129,8 +133,12 @@ bool touchStart() {
   if (running) {  // Already running
     return true;
   }
-  if (enabled && (touch_sensor_start_continuous_scanning(touch_sensor_handle) != ESP_OK)) {
-    log_e("Touch sensor not enabled or failed to start continuous scanning failed!");
+  if (!enabled) {
+    log_e("Touch sensor not enabled!");
+    return false;
+  }
+  if (touch_sensor_start_continuous_scanning(touch_sensor_handle) != ESP_OK) {
+    log_e("Touch sensor failed to start continuous scanning!");
     return false;
   }
   running = true;
@@ -395,7 +403,7 @@ static void __touchConfigInterrupt(uint8_t pin, void (*userFunc)(void), void *Ar
       return;
     }
 
-    touch_channel_config_t chan_cfg = {};
+    touch_channel_config_t chan_cfg = TOUCH_CHANNEL_DEFAULT_CONFIG();
     for (int i = 0; i < _sample_num; i++) {
 #if SOC_TOUCH_SENSOR_VERSION == 1  // ESP32
       chan_cfg.abs_active_thresh[i] = threshold;
@@ -416,17 +424,17 @@ static void __touchConfigInterrupt(uint8_t pin, void (*userFunc)(void), void *Ar
 
 // it keeps backwards compatibility
 static void __touchAttachInterrupt(uint8_t pin, void (*userFunc)(void), touch_value_t threshold) {
-  __touchConfigInterrupt(pin, userFunc, NULL, threshold, false);
+  __touchConfigInterrupt(pin, userFunc, NULL, false, threshold);
 }
 
 // new additional version of the API with User Args
 static void __touchAttachArgsInterrupt(uint8_t pin, void (*userFunc)(void), void *args, touch_value_t threshold) {
-  __touchConfigInterrupt(pin, userFunc, args, threshold, true);
+  __touchConfigInterrupt(pin, userFunc, args, true, threshold);
 }
 
 // new additional API to detach touch ISR
 static void __touchDettachInterrupt(uint8_t pin) {
-  __touchConfigInterrupt(pin, NULL, NULL, 0, false);  // userFunc as NULL acts as detaching
+  __touchConfigInterrupt(pin, NULL, NULL, false, 0);  // userFunc as NULL acts as detaching
 }
 
 // /*

docs/en/troubleshooting.rst

@@ -149,7 +149,7 @@ Solution
 ^^^^^^^^
 
 Newer ESP32 variants have two possible USB connectors - USB and UART. The UART connector will go through a USB->UART adapter, and will typically present itself with the name of that mfr (eg, Silicon Labs CP210x UART Bridge). The USB connector can be used as a USB-CDC bridge and will appear as an Espressif device (Espressif USB JTAG/serial debug unit). On Espressif devkits, both connections are available, and will be labeled. ESP32 can only use UART, so will only have one connector. Other variants with one connector will typically be using USB. Please check in the product [datasheet](https://products.espressif.com) or [hardware guide](https://www.espressif.com/en/products/devkits) to find Espressif products with the appropriate USB connections for your needs.
-If you use the UART connector, you should disable USB-CDC on boot under the Tools menu (-D ARDUINO_USB_CDC_ON_BOOT=0). If you use the USB connector, you should have that enabled (-D ARDUINO_USB_CDC_ON_BOOT=1) and set USB Mode to "Hardware CDC and JTAG" (-D ARDUINO_USB_MODE=0).
+If you use the UART connector, you should disable USB-CDC on boot under the Tools menu (-D ARDUINO_USB_CDC_ON_BOOT=0). If you use the USB connector, you should have that enabled (-D ARDUINO_USB_CDC_ON_BOOT=1) and set USB Mode to "Hardware CDC and JTAG" (-D ARDUINO_USB_MODE=1).
 USB-CDC may not be able to initialize in time to catch all the data if your device is in a tight reboot loop. This can make it difficult to troubleshoot initialization issues.
 
 SPIFFS mount failed

libraries/BLE/examples/Client_secure_static_passkey/Client_secure_static_passkey.ino

@@ -1,20 +1,27 @@
 /*
-  Secure client with static passkey
+  Secure client with static passkey and IRK retrieval
 
   This example demonstrates how to create a secure BLE client that connects to
   a secure BLE server using a static passkey without prompting the user.
   The client will automatically use the same passkey (123456) as the server.
 
+  After successful bonding, the example demonstrates how to retrieve the
+  server's Identity Resolving Key (IRK) in multiple formats:
+  - Comma-separated hex format: 0x1A,0x1B,0x1C,...
+  - Base64 encoded (for Home Assistant Private BLE Device service)
+  - Reverse hex order (for Home Assistant ESPresense)
+
   This client is designed to work with the Server_secure_static_passkey example.
 
   Note that ESP32 uses Bluedroid by default and the other SoCs use NimBLE.
   Bluedroid initiates security on-connect, while NimBLE initiates security on-demand.
   This means that in NimBLE you can read the insecure characteristic without entering
   the passkey. This is not possible in Bluedroid.
 
-  IMPORTANT: MITM (Man-In-The-Middle protection) must be enabled for password prompts
-  to work. Without MITM, the BLE stack assumes no user interaction is needed and will use
-  "Just Works" pairing method (with encryption if secure connection is enabled).
+  IMPORTANT:
+  - MITM (Man-In-The-Middle protection) must be enabled for password prompts to work.
+  - Bonding must be enabled to store and retrieve the IRK.
+  - The server must distribute its Identity Key during pairing.
 
   Based on examples from Neil Kolban and h2zero.
   Created by lucasssvaz.
@@ -36,10 +43,59 @@ static BLEUUID secureCharUUID("ff1d2614-e2d6-4c87-9154-6625d39ca7f8");
 static boolean doConnect = false;
 static boolean connected = false;
 static boolean doScan = false;
+static BLEClient *pClient = nullptr;
 static BLERemoteCharacteristic *pRemoteInsecureCharacteristic;
 static BLERemoteCharacteristic *pRemoteSecureCharacteristic;
 static BLEAdvertisedDevice *myDevice;
 
+// Print an IRK buffer as hex with leading zeros and ':' separator
+static void printIrkBinary(uint8_t *irk) {
+  for (int i = 0; i < 16; i++) {
+    if (irk[i] < 0x10) {
+      Serial.print("0");
+    }
+    Serial.print(irk[i], HEX);
+    if (i < 15) {
+      Serial.print(":");
+    }
+  }
+}
+
+static void get_peer_irk(BLEAddress peerAddr) {
+  Serial.println("\n=== Retrieving peer IRK (Server) ===\n");
+
+  uint8_t irk[16];
+
+  // Get IRK in binary format
+  if (BLEDevice::getPeerIRK(peerAddr, irk)) {
+    Serial.println("Successfully retrieved peer IRK in binary format:");
+    printIrkBinary(irk);
+    Serial.println("\n");
+  }
+
+  // Get IRK in different string formats
+  String irkString = BLEDevice::getPeerIRKString(peerAddr);
+  String irkBase64 = BLEDevice::getPeerIRKBase64(peerAddr);
+  String irkReverse = BLEDevice::getPeerIRKReverse(peerAddr);
+
+  if (irkString.length() > 0) {
+    Serial.println("Successfully retrieved peer IRK in multiple formats:\n");
+    Serial.print("IRK (comma-separated hex): ");
+    Serial.println(irkString);
+    Serial.print("IRK (Base64 for Home Assistant Private BLE Device): ");
+    Serial.println(irkBase64);
+    Serial.print("IRK (reverse hex for Home Assistant ESPresense): ");
+    Serial.println(irkReverse);
+    Serial.println();
+  } else {
+    Serial.println("!!! Failed to retrieve peer IRK !!!");
+    Serial.println("This is expected if bonding is disabled or the peer doesn't distribute its Identity Key.");
+    Serial.println("To enable bonding, change setAuthenticationMode to: pSecurity->setAuthenticationMode(true, true, true);\n");
+  }
+
+  Serial.println("=======================================\n");
+}
+
 // Callback function to handle notifications
 static void notifyCallback(BLERemoteCharacteristic *pBLERemoteCharacteristic, uint8_t *pData, size_t length, bool isNotify) {
   Serial.print("Notify callback for characteristic ");
@@ -62,11 +118,30 @@ class MyClientCallback : public BLEClientCallbacks {
   }
 };
 
+// Security callbacks to print IRKs once authentication completes
+class MySecurityCallbacks : public BLESecurityCallbacks {
+#if defined(CONFIG_BLUEDROID_ENABLED)
+  void onAuthenticationComplete(esp_ble_auth_cmpl_t desc) override {
+    // Print the IRK received by the peer
+    BLEAddress peerAddr(desc.bd_addr);
+    get_peer_irk(peerAddr);
+  }
+#endif
+
+#if defined(CONFIG_NIMBLE_ENABLED)
+  void onAuthenticationComplete(ble_gap_conn_desc *desc) override {
+    // Print the IRK received by the peer
+    BLEAddress peerAddr(desc->peer_id_addr.val, desc->peer_id_addr.type);
+    get_peer_irk(peerAddr);
+  }
+#endif
+};
+
 bool connectToServer() {
   Serial.print("Forming a secure connection to ");
   Serial.println(myDevice->getAddress().toString().c_str());
 
-  BLEClient *pClient = BLEDevice::createClient();
+  pClient = BLEDevice::createClient();
   Serial.println(" - Created client");
 
   pClient->setClientCallbacks(new MyClientCallback());
@@ -192,15 +267,19 @@ void setup() {
   pSecurity->setPassKey(true, CLIENT_PIN);
 
   // Set authentication mode to match server requirements
-  // Enable secure connection and MITM (for password prompts) for this example
-  pSecurity->setAuthenticationMode(false, true, true);
+  // Enable bonding, MITM (for password prompts), and secure connection for this example
+  // Bonding is required to store and retrieve the IRK
+  pSecurity->setAuthenticationMode(true, true, true);
 
   // Set IO capability to KeyboardOnly
   // We need the proper IO capability for MITM authentication even
   // if the passkey is static and won't be entered by the user
   // See https://www.bluetooth.com/blog/bluetooth-pairing-part-2-key-generation-methods/
   pSecurity->setCapability(ESP_IO_CAP_IN);
 
+  // Set callbacks to handle authentication completion and print IRKs
+  BLEDevice::setSecurityCallbacks(new MySecurityCallbacks());
+
   // Retrieve a Scanner and set the callback we want to use to be informed when we
   // have detected a new device. Specify that we want active scanning and start the
   // scan to run for 5 seconds.

libraries/BLE/examples/Server_secure_static_passkey/Server_secure_static_passkey.ino

@@ -40,6 +40,73 @@
 // This is an example passkey. You should use a different or random passkey.
 #define SERVER_PIN 123456
 
+// Print an IRK buffer as hex with leading zeros and ':' separator
+static void printIrkBinary(uint8_t *irk) {
+  for (int i = 0; i < 16; i++) {
+    if (irk[i] < 0x10) {
+      Serial.print("0");
+    }
+    Serial.print(irk[i], HEX);
+    if (i < 15) {
+      Serial.print(":");
+    }
+  }
+}
+
+static void get_peer_irk(BLEAddress peerAddr) {
+  Serial.println("\n=== Retrieving peer IRK (Client) ===\n");
+
+  uint8_t irk[16];
+
+  // Get IRK in binary format
+  if (BLEDevice::getPeerIRK(peerAddr, irk)) {
+    Serial.println("Successfully retrieved peer IRK in binary format:");
+    printIrkBinary(irk);
+    Serial.println("\n");
+  }
+
+  // Get IRK in different string formats
+  String irkString = BLEDevice::getPeerIRKString(peerAddr);
+  String irkBase64 = BLEDevice::getPeerIRKBase64(peerAddr);
+  String irkReverse = BLEDevice::getPeerIRKReverse(peerAddr);
+
+  if (irkString.length() > 0) {
+    Serial.println("Successfully retrieved peer IRK in multiple formats:\n");
+    Serial.print("IRK (comma-separated hex): ");
+    Serial.println(irkString);
+    Serial.print("IRK (Base64 for Home Assistant Private BLE Device): ");
+    Serial.println(irkBase64);
+    Serial.print("IRK (reverse hex for Home Assistant ESPresense): ");
+    Serial.println(irkReverse);
+    Serial.println();
+  } else {
+    Serial.println("!!! Failed to retrieve peer IRK !!!");
+    Serial.println("This is expected if bonding is disabled or the peer doesn't distribute its Identity Key.");
+    Serial.println("To enable bonding, change setAuthenticationMode to: pSecurity->setAuthenticationMode(true, true, true);\n");
+  }
+
+  Serial.println("=======================================\n");
+}
+
+// Security callbacks to print IRKs once authentication completes
+class MySecurityCallbacks : public BLESecurityCallbacks {
+#if defined(CONFIG_BLUEDROID_ENABLED)
+  void onAuthenticationComplete(esp_ble_auth_cmpl_t desc) override {
+    // Print the IRK received by the peer
+    BLEAddress peerAddr(desc.bd_addr);
+    get_peer_irk(peerAddr);
+  }
+#endif
+
+#if defined(CONFIG_NIMBLE_ENABLED)
+  void onAuthenticationComplete(ble_gap_conn_desc *desc) override {
+    // Print the IRK received by the peer
+    BLEAddress peerAddr(desc->peer_id_addr.val, desc->peer_id_addr.type);
+    get_peer_irk(peerAddr);
+  }
+#endif
+};
+
 void setup() {
   Serial.begin(115200);
   Serial.println("Starting BLE work!");
@@ -76,8 +143,11 @@ void setup() {
   pSecurity->setCapability(ESP_IO_CAP_OUT);
 
   // Set authentication mode
-  // Require secure connection and MITM (for password prompts) for this example
-  pSecurity->setAuthenticationMode(false, true, true);
+  // Enable bonding, MITM (for password prompts), and secure connection for this example
+  pSecurity->setAuthenticationMode(true, true, true);
+
+  // Set callbacks to handle authentication completion and print IRKs
+  BLEDevice::setSecurityCallbacks(new MySecurityCallbacks());
 
   BLEServer *pServer = BLEDevice::createServer();
   pServer->advertiseOnDisconnect(true);