arch/xtensa/esp32: Implement board_boot_image for mcuboot/nxboot support

[aviralgarg05]

Note: Please adhere to Contributing Guidelines.

Summary

This PR implements board_boot_image() for ESP32 so bootloader-managed images (for example mcuboot / nxboot) can be chain-booted through BOARDIOC_BOOT_IMAGE.

Main changes:

1. Add ESP32 board-side board_boot_image() implementation in /boards/xtensa/esp32/common/src/esp32_boot_image.c.
2. Parse the ESP32 app load header and explicitly load RAM-resident segments before handoff:
   • IRAM
   • DRAM
   • LP RTC IRAM
   • LP RTC DRAM
3. Handoff from IRAM stub by disabling interrupts and jumping to image entry.
4. Keep legacy/simple image formats unsupported in this path (-ENOTSUP) for ESP32.
5. Keep partition-side API surface minimal (remove unused offset ioctl extension from this series).

Impact

• Enables ESP32 BOARDIOC_BOOT_IMAGE handoff for location-fixed bootloader image formats used by mcuboot / nxboot.
• Ensures RAM sections are loaded in chain-boot flow (normally done by ROM bootloader on cold boot).
• ESP32-only impact.

Testing

Static checks

• tools/checkpatch.sh -c -u -m -g upstream/master..HEAD : pass

Build coverage for boot configurations

Validated build paths with board_boot_image enabled:

• BOOT_MINIBOOT: pass
• BOOT_NXBOOT + NXBOOT_BOOTLOADER: pass
• BOOT_MCUBOOT + MCUBOOT_BOOTLOADER: pass

QEMU runtime validation (MCUboot path)

Base defconfig and reproducible option toggles:

./tools/configure.sh esp32-devkitc:qemu_openeth
kconfig-tweak -e ESP32_QEMU_IMAGE
kconfig-tweak -e ESP32_MERGE_BINS
kconfig-tweak -e ESP32_IGNORE_CHIP_REVISION_CHECK
make olddefconfig
make -j8

QEMU run command:

~/.local/espressif-qemu-xtensa/qemu/bin/qemu-system-xtensa \
  -nographic \
  -machine esp32 \
  -drive file=nuttx.merged.bin,if=mtd,format=raw \
  -nic user,model=open_eth

Observed key boot output:

[esp32] [INF] *** Booting MCUboot build ... ***
[esp32] [INF] Loading image 0 - slot 0 from flash, area id: 1
...
NuttShell (NSH) NuttX-12.12.0
nsh>

---

Fixes #17641

[acassis]

Hi @almir-okato could you please take a look?

[linguini1]

Waiting until someone can fulfill the test request.

[almir-okato]

Hi @almir-okato could you please take a look?

I'll take a look, thanks!

[tmedicci]

Hi @aviralgarg05 ,

Thanks for submitting it. Can you try running it on QEMU, please?

https://nuttx.apache.org/docs/latest/platforms/xtensa/esp32/index.html#using-qemu

[aviralgarg05]

@tmedicci

Ran the requested ESP32 QEMU validation locally and confirmed boot to NSH.

QEMU command used

~/.local/espressif-qemu-xtensa/qemu/bin/qemu-system-xtensa \
  -nographic \
  -machine esp32 \
  -drive file=nuttx.merged.bin,if=mtd,format=raw \
  -nic user,model=open_eth

Build/config check

grep -n "CONFIG_ESP32_IGNORE_CHIP_REVISION_CHECK\|CONFIG_ARCH_CHIP_ESP32\|CONFIG_BOARD_ESP32_DEVKITC" .config

Output:

137:CONFIG_ARCH_CHIP_ESP32=y
192:CONFIG_ESP32_IGNORE_CHIP_REVISION_CHECK=y

Boot logs (key excerpts)

Adding SPI flash device
ets Jul 29 2019 12:21:46
...
[esp32] [INF] *** Booting MCUboot build v2.2.0-151-g8a07053d ***
[esp32] [INF] [boot] chip revision: v0.0
...
[esp32] [INF] Loading image 0 - slot 0 from flash, area id: 1
...
WARNING: NuttX supports ESP32 chip revision >= v3.0 (chip is v0.0).
Ignoring this error and continuing because `ESP32_IGNORE_CHIP_REVISION_CHECK` is set...
THIS MAY NOT WORK! DON'T USE THIS CHIP IN PRODUCTION!

NuttShell (NSH) NuttX-12.12.0
nsh>

Runtime sanity check in NSH

uname -a

Output:

NuttX  12.12.0 637c3300a5 Feb 10 2026 19:09:42 xtensa esp32-devkitc

Result

• QEMU boot is successful and reaches NSH on esp32-devkitc:qemu_openeth.

[tmedicci]

@tmedicci

Ran the requested ESP32 QEMU validation locally and confirmed boot to NSH.

QEMU command used

~/.local/espressif-qemu-xtensa/qemu/bin/qemu-system-xtensa \
  -nographic \
  -machine esp32 \
  -drive file=nuttx.merged.bin,if=mtd,format=raw \
  -nic user,model=open_eth

Build/config check

grep -n "CONFIG_ESP32_IGNORE_CHIP_REVISION_CHECK\|CONFIG_ARCH_CHIP_ESP32\|CONFIG_BOARD_ESP32_DEVKITC" .config

Output:

137:CONFIG_ARCH_CHIP_ESP32=y
192:CONFIG_ESP32_IGNORE_CHIP_REVISION_CHECK=y

Boot logs (key excerpts)

Adding SPI flash device
ets Jul 29 2019 12:21:46
...
[esp32] [INF] *** Booting MCUboot build v2.2.0-151-g8a07053d ***
[esp32] [INF] [boot] chip revision: v0.0
...
[esp32] [INF] Loading image 0 - slot 0 from flash, area id: 1
...
WARNING: NuttX supports ESP32 chip revision >= v3.0 (chip is v0.0).
Ignoring this error and continuing because `ESP32_IGNORE_CHIP_REVISION_CHECK` is set...
THIS MAY NOT WORK! DON'T USE THIS CHIP IN PRODUCTION!

NuttShell (NSH) NuttX-12.12.0
nsh>

Runtime sanity check in NSH

uname -a

Output:

NuttX  12.12.0 637c3300a5 Feb 10 2026 19:09:42 xtensa esp32-devkitc

Result

* QEMU boot is successful and reaches NSH on `esp32-devkitc:qemu_openeth`.

Thanks, @aviralgarg05.

It wasn't clear if you ran the tests you mentioned in the PR description using QEMU or not.

I suggest you update the Testing section and include those tests (either with mcuboot or with nxboot, preferably both) and the commands you used to run the firmware and the test.

You can use esp32s3-devkit:nsh as the base defconfig. The following commands append the necessary changes to build the firmware for QEMU:

kconfig-tweak -e ESP32_QEMU_IMAGE && kconfig-tweak -e ESP32_MERGE_BIN

I suggest you set other Kconfig options using kconfig-tweak as it is easier to replicate. Don't forget to run make olddefconfig before building the firmware.

[aviralgarg05]

@aviralgarg05 have you tried building nxboot/mcuboot/miniboot from nuttx-apps using the provided board_boot_image? miniboot might be the simplest for the first tests.

Validated with nuttx-apps boot paths and board_boot_image enabled:

• BOOT_MINIBOOT: build pass
• BOOT_NXBOOT + NXBOOT_BOOTLOADER: build pass
• BOOT_MCUBOOT + MCUBOOT_BOOTLOADER: build pass

I first hit local host-tool gaps (imgtool, esptool) and reran successfully after installing them in the build environment.

[Laczen]

@aviralgarg05 have you tried building nxboot/mcuboot/miniboot from nuttx-apps using the provided board_boot_image? miniboot might be the simplest for the first tests.

Validated with nuttx-apps boot paths and board_boot_image enabled:

• BOOT_MINIBOOT: build pass
• BOOT_NXBOOT + NXBOOT_BOOTLOADER: build pass
• BOOT_MCUBOOT + MCUBOOT_BOOTLOADER: build pass

I first hit local host-tool gaps (imgtool, esptool) and reran successfully after installing them in the build environment.

That the build pass is good, however it is not a test of board_boot_image, to test this it is needed to build a mcuboot format image, write it to OTA.... Build a miniboot image in simpleboot format (this is bootable by the rom bootloader) and write the miniboot image to 0x1000 (for esp32). Then restart and the mcuboot format image should start.

Regarding image formats:

• mcuboot and simpleboot images are location fixed images (meaning that they have to be placed at a specific location to be bootable). This is done to avoid having to map rom segments, or more correctly "delegate" the rom mapping to the image itself. This is achieved by "including" the image offset inside a part of the image that is loaded from flash to iram/dram. So in this case there is no need to map rom segments.
• legacy idf images are not location fixed. They require the ram to be loaded, but also the rom mappings to be done by the bootloader.

[Laczen]

@jerpelea @acassis please do not merge this yet. I don't think it is going to work.

The problem is that the routine that is going to start the new image is in IRAM and might have been overwritten by the copy to IRAM part of the new image. The copying to IRAM (and DRAM) of the new image should be postponed to the last action in the routine that is going to start the new image. The start address of the new image should also be stored in a register to avoid it being overwritten when it is in DRAM.

It is required that this routine is at least evaluated using a bootloader or a NuttX image that is created to execute the board_boot_image(). @aviralgarg05 can you confirm that such a test has been executed?

[aviralgarg05]

@jerpelea @acassis please do not merge this yet. I don't think it is going to work.

The problem is that the routine that is going to start the new image is in IRAM and might have been overwritten by the copy to IRAM part of the new image. The copying to IRAM (and DRAM) of the new image should be postponed to the last action in the routine that is going to start the new image. The start address of the new image should also be stored in a register to avoid it being overwritten when it is in DRAM.

It is required that this routine is at least evaluated using a bootloader or a NuttX image that is created to execute the board_boot_image(). @aviralgarg05 can you confirm that such a test has been executed?

Thanks for the feedback, your concern is valid, in the current flow, IRAM/DRAM loading happens before the final handoff path, so the loader stub/data can be overwritten.

I will rework this so the last-stage loader runs safely from IRAM, postpones RAM section copy to the final step, and keeps the entry address in a register-based handoff path.

I have not completed the dedicated runtime validation yet. I will run the boot test flow that exercises board_boot_image() and post the exact test steps/logs before requesting merge.

[acassis]

@Laczen could you please test before we merge it?

[acassis]

@aviralgarg05 I think it should be a nice idea to have some reference to this board_boot_image at https://nuttx.apache.org/docs/latest/platforms/xtensa/esp32/boards/esp32-devkitc/index.html#mcuboot-nsh or similar

[Laczen]

@aviralgarg05 could you mark the PR as draft until it has been verified.

[Laczen]

Hi @aviralgarg05 thanks for the rework. Although the proposed solution might work it might be limited by the available memory.

I think the simplest and best way to boot a different image is to use ioctl(fd, BIOC_PARTINFO, &partinfo) to retrieve the partition offset. Once the partition offset is known the rom based bootloader_mmap()/munmap() routines can be used in the "startup" routine to verify correct header info. Also in the "startup" routine the bootloader_mmap()/munmap() routines can be used together with memcpy() to load the rtc, dram, iram. The approach can be similar to the method used in the esp-idf port of mcuboot (https://github.com/mcu-tools/mcuboot/blob/main/boot/espressif/port/esp_loader.c).

[aviralgarg05]

Hi @aviralgarg05 thanks for the rework. Although the proposed solution might work it might be limited by the available memory.

I think the simplest and best way to boot a different image is to use ioctl(fd, BIOC_PARTINFO, &partinfo) to retrieve the partition offset. Once the partition offset is known the rom based bootloader_mmap()/munmap() routines can be used in the "startup" routine to verify correct header info. Also in the "startup" routine the bootloader_mmap()/munmap() routines can be used together with memcpy() to load the rtc, dram, iram. The approach can be similar to the method used in the esp-idf port of mcuboot (https://github.com/mcu-tools/mcuboot/blob/main/boot/espressif/port/esp_loader.c).

Thanks for the feedback, fixed it accordingly

[Laczen]

@aviralgarg05 I will need some time to review this. I am unsure about the bootloader stack requirement, as the dram copy is the last thing to do it might not be required to have a stack while doing this copy.