Closed MaplestoryAlen closed 3 months ago
@MaplestoryAlen , just to confirm looking at the partition-table, are you using nvs_encryption feature.
@MaplestoryAlen , just to confirm looking at the partition-table, are you using nvs_encryption feature.
The NVS encryption function is turned off
@MaplestoryAlen , can you please share the sdkconfig file. Seems like CONFIG_DEVICE_INSTANCE_INFO_PROVIDER=y
is not set in sdkconfig. For information on factory data you can refer here.
CONFIG_DEVICE_INSTANCE_INFO_PROVIDER
The current sdk.config file has been overwritten by me, and I only found 2 matching options below. Do I want to choose custom?
CONFIG_EXAMPLE_DEVICE_INSTANCE_INFO_PROVIDER=y
Can you please enable CONFIG_FACTORY_DEVICE_INSTANCE_INFO_PROVIDER=y
as done here.
CONFIG_FACTORY_DEVICE_INSTANCE_INFO_PROVIDER I have a new problem now, which is that I am unable to connect the network,this is the sdk.config file sdkconfig.txt
chip tool log:
Generate factorydata partition command:
./generate_esp32_chip_factory_bin.py -d 3434 -p 99663300 \ --product-name ESP-lighting-app --product-id 0x8000 \ --vendor-name Test-vendor --vendor-id 0xFFF1 \ --hw-ver 1 --hw-ver-str DevKit \ --cd /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/esp_dac_fff1_8000.der
../esp-matter/connectedhomeip/connectedhomeip/scripts/tools/bin (there are 2 files)
esp32s3 monitor log:
After writing factory data, the PINCODE in the log is still the default 20202021. Why isn't it 99663300 written by the command (generate_esp32uchip_factory-bin. py)?
@MaplestoryAlen , if you are using esp_secure_cert_partition
as I can see the CONFIG_SEC_CERT_DAC_PROVIDER=y
in the sdkconfig, you will get aAttestationVerification
error as it will fetch for DAC and PAI certificates from esp_secure_cert partition.
If you want to use the partiton, then you have to use the previous command
./generate_esp32_chip_factory_bin.py -d 3026 -p 88661234
--product-name ESPLighting --product-id 0x8000
--vendor-name Testvendor --vendor-id 0xFFF1
--hw-ver 1 --hw-ver-str DevKit
--dac-cert /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-DAC-01.der \
--dac-key /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-DAC-Key-01.der
--pai-cert /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-PAI-Cert.der
--cd /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/esp_dac_fff1_8000.der --dac-in-secure-cert --target esp32s3
with --dac-in-secure-cert and --target
option at the end which will generate a esp_secure_cert_parition.
Please flash both the partitons i.e factory and esp_secure_cert
at appropriate addresses as specified in the partitions.csv
file.
If you want to use only the factory_partition
, please set the option CONFIG_SEC_CERT_DAC_PROVIDER=n
using the command you specified without dac options and flash it at appropriate address specified in partitons.csv file.
For more information on providers, you can refer here.
FACTORY_DEVICE_INSTANCE_INFO_PROVIDER Or is the distribution network still failing. three files were generated based on the command
chip-tool log: chip-too-log.txt
download Command:
esptool.py -p /dev/ttyUSB0 write_flash 0xd000 /home/alen/esp-matter/connectedhomeip/connectedhomeip/scripts/tools/bin/esp_secure_cert_partititon.bin
esptool.py -p /dev/ttyUSB0 write_flash 0xc20000 /home/alen/esp-matter/connectedhomeip/connectedhomeip/scripts/tools/bin/factory_partition.bin
Partition address:
sdk.config sdkconfig.txt
@MaplestoryAlen , if you are using
esp_secure_cert_partition
as I can see theCONFIG_SEC_CERT_DAC_PROVIDER=y
in the sdkconfig, you will get aAttestationVerification
error as it will fetch forDAC and PAI certificates from esp_secure_cert partition.
If you want to use the partiton, then you have to use the previous command./generate_esp32_chip_factory_bin.py -d 3026 -p 88661234 --product-name ESPLighting --product-id 0x8000 --vendor-name Testvendor --vendor-id 0xFFF1 --hw-ver 1 --hw-ver-str DevKit --dac-cert /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-DAC-01.der \ --dac-key /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-DAC-Key-01.der --pai-cert /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-PAI-Cert.der --cd /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/esp_dac_fff1_8000.der --dac-in-secure-cert --target esp32s3
with
--dac-in-secure-cert and --target
option at the end which will generate aesp_secure_cert_parition.
Please flash both the partitons i.efactory and esp_secure_cert
at appropriateaddresses as specified in the partitions.csv
file. If you want to use only thefactory_partition
, please set the optionCONFIG_SEC_CERT_DAC_PROVIDER=n
using the command you specified without dac options and flash it at appropriate address specified in partitons.csv file. For more information on providers, you can refer here.
If you have generated the esp_secure_cert_partition
using the above command , please provide --paa-trust-store-path
i,e " Path to directory holding PAA certificate information." while commissioning with chip-tool. You will find this option
if you do ./chip-tool pairing ble-wifi 0x12 ssid password 88661234 3026 --help
for e.g.:
If you have generated the certs in the partition using chip-cert and if you have used the Chip-Development-PAA-Cert.pem
In this case your paa-trust-store-path will be relatice path to the directory where this PAA cert
is located.
Chip-Development-PAA-Cert.pem
I found the path to the Chip-Development-PAA-Cert. pem file (/home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/Chip-Development-PAA-Cert.pem), but when I send the chip-tool command, there are always errors, and I don't know where I went wrong
command:
./chip-tool pairing ble-wifi 0x12 Gerlsair_XizhenElec AcSmartExp 88661234 3026 --paa-trust-store-path /home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/Chip-Development-PAA-Cert.pem
or
./chip-tool pairing ble-wifi 0x12 Gerlsair_XizhenElec AcSmartExp 88661234 3026 --paa-trust-store-path paa/Chip-Development-PAA-Cert.pem/home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/
chip-tool log:
len@lee:~/esp-matter/connectedhomeip/connectedhomeip/out/host$ ./chip-tool pairing ble-wifi 0x12 Gerlsair_XizhenElec AcSmartExp 88661234 3026 --paa-trust-store-path paa/Chip-Development-PAA-Cert.pem/home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/ [1721176464.744833][297178:297178] CHIP:DL: ChipLinuxStorage::Init: Using KVS config file: /tmp/chip_tool_kvs [1721176464.746644][297178:297178] CHIP:DL: ChipLinuxStorage::Init: Using KVS config file: /tmp/chip_kvs [1721176464.746750][297178:297178] CHIP:DL: ChipLinuxStorage::Init: Attempt to re-initialize with KVS config file: /tmp/chip_kvs [1721176464.747315][297178:297178] CHIP:DL: ChipLinuxStorage::Init: Using KVS config file: /tmp/chip_factory.ini [1721176464.747569][297178:297178] CHIP:DL: ChipLinuxStorage::Init: Using KVS config file: /tmp/chip_config.ini [1721176464.747795][297178:297178] CHIP:DL: ChipLinuxStorage::Init: Using KVS config file: /tmp/chip_counters.ini [1721176464.748187][297178:297178] CHIP:DL: writing settings to file (/tmp/chip_counters.ini-VFIArr) [1721176464.749161][297178:297178] CHIP:DL: renamed tmp file to file (/tmp/chip_counters.ini) [1721176464.749513][297178:297178] CHIP:DL: NVS set: chip-counters/reboot-count = 27 (0x1B) [1721176464.750341][297178:297178] CHIP:DL: Got Ethernet interface: ens33 [1721176464.750933][297178:297178] CHIP:DL: Found the primary Ethernet interface:ens33 [1721176464.751789][297178:297178] CHIP:DL: Failed to get WiFi interface [1721176464.751886][297178:297178] CHIP:DL: Failed to reset WiFi statistic counts [1721176464.751974][297178:297178] CHIP:IN: UDP::Init bind&listen port=0 [1721176464.752184][297178:297178] CHIP:IN: UDP::Init bound to port=44347 [1721176464.752244][297178:297178] CHIP:IN: BLEBase::Init - setting/overriding transport [1721176464.752304][297178:297178] CHIP:IN: TransportMgr initialized [1721176464.752391][297178:297178] CHIP:FP: Initializing FabricTable from persistent storage [1721176464.752590][297178:297178] CHIP:TS: Last Known Good Time: 2023-10-14T01:16:48 [1721176464.752946][297178:297178] CHIP:FP: Fabric index 0x1 was retrieved from storage. Compressed FabricId 0x7AA4A885B54CF480, FabricId 0x0000000000000001, NodeId 0x000000000001B669, VendorId 0xFFF1 [1721176464.755407][297178:297178] CHIP:ZCL: Using ZAP configuration... [1721176464.756857][297178:297178] CHIP:CTL: System State Initialized... [1721176464.756977][297178:297178] CHIP:TOO: No PAAs found in path: paa/Chip-Development-PAA-Cert.pem/home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/ [1721176464.757038][297178:297178] CHIP:TOO: Please specify a valid path containing trusted PAA certificates using the argument [--paa-trust-store-path paa/file/path] or environment variable [CHIPTOOL_PAA_TRUST_STORE_PATH=paa/file/path] [1721176464.757119][297178:297178] CHIP:TOO: Run command failure: examples/chip-tool/commands/common/CHIPCommand.cpp:81: CHIP Error 0x0000002F: Invalid argument [1721176464.764680][297178:297178] CHIP:SPT: VerifyOrDie failure at src/lib/support/Pool.h:392: Allocated() == 0 Aborted (core dumped)
PAA file path:
Operation method for generating document files:
1.2.2 Generating Certification Declaration ./chip-cert gen-cd -K ../../credentials/test/certification-declaration/Chip-Test-CD-Signing-Key.pem \ -C ../../credentials/test/certification-declaration/Chip-Test-CD-Signing-Cert.pem \ -O esp_dac_fff1_8000.der -f 1 \ -V 0xfff1 -p 0x8000 -d 0x0016 -c "CSA00000SWC00000-01" -l 0 -i 0 -n 1 -t 0 1.2.3 Generating PAI ./chip-cert gen-att-cert -t i -c "ESP TEST PAI" -V 0xfff1 -P 0x8000 \ -C ../../credentials/development/attestation/Chip-Development-PAA-Cert.pem \ -K ../../credentials/development/attestation/Chip-Development-PAA-Key.pem \ -o Esp-Development-PAI-Cert.pem -O Esp-Development-PAI-Key.pem -l 4294967295 1.2.4 Generating DAC ./chip-cert gen-att-cert -t d -c "ESP TEST DAC 01" -V 0xfff1 -P 0x8000 \ -C Esp-Development-PAI-Cert.pem -K Esp-Development-PAI-Key.pem \ -o Esp-Development-DAC-01.pem -O Esp-Development-DAC-Key-01.pem -l 4294967295 1.2.5 Change format for the certificates and key (.pem to .der format) Convert DAC key from .pem to .der format. openssl ec -in Esp-Development-DAC-Key-01.pem -out Esp-Development-DAC-Key-01.der -inform pem -outform der Convert DAC and PAI cert from .pem to .der format openssl x509 -in Esp-Development-DAC-01.pem -out Esp-Development-DAC-01.der -inform pem -outform der openssl x509 -in Esp-Development-PAI-Cert.pem -out Esp-Development-PAI-Cert.der -inform pem -outform der
@MaplestoryAlen , please give the path till directory containing the PAA certs.
./chip-tool pairing ble-wifi 0x12 Gerlsair_XizhenElec AcSmartExp 88661234 3026 --paa-trust-store-path /home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/
Give this path itself. No need to give the file name. In the later case,
./chip-tool pairing ble-wifi 0x12 Gerlsair_XizhenElec AcSmartExp 88661234 3026 --paa-trust-store-path /home/alen/esp-matter/connectedhomeip/connectedhomeip/credentials/development/attestation/Chip-Development-PAA-Cert.pem
you need to provide the path of the PAA cert directory relative to the current directory path.
You can try either of the two solutions to get the device commissioned.
CONFIG_FACTORY_DEVICE_INSTANCE_INFO_PROVIDER=y
The issue has been resolved and I will close it. Thank you very much for your guidance these past few days
Generate a new product name using the command (./generate_esp32_chichip_factory-bin. py). The read data still hasn't changed (ProductName: TEST PRODUCT)
According to the document, the operation is as follows:
./generate_esp32_chip_factory_bin.py -d 3026 -p 88661234 \ --product-name ESPLighting --product-id 0x8000 \ --vendor-name Testvendor --vendor-id 0xFFF1 \ --hw-ver 1 --hw-ver-str DevKit \ --dac-cert /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-DAC-01.der \ --dac-key /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-DAC-Key-01.der \ --pai-cert /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/Esp-Development-PAI-Cert.der \ --cd /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/esp_dac_fff1_8000.der
Disable the DS Peripheral support
CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=n
Use DAC Provider implementation which reads attestation data from secure cert partition
CONFIG_SEC_CERT_DAC_PROVIDER=y
Enable some options which reads CD and other basic info from the factory partition
CONFIG_ENABLE_ESP32_FACTORY_DATA_PROVIDER=y CONFIG_ENABLE_ESP32_DEVICE_INSTANCE_INFO_PROVIDER=y CONFIG_CHIP_FACTORY_NAMESPACE_PARTITION_LABEL="fctry"
esptool.py -p /dev/ttyUSB0 write_flash 0xd000 /home/alen/esp-matter/connectedhomeip/connectedhomeip/out/host/esp_secure_cert_data/esp_secure_cert.bin
esptool.py -p /dev/ttyUSB0 write_flash 0xc20000 /home/alen/esp-matter/connectedhomeip/connectedhomeip/scripts/tools/bin/factory_partition.bin
chip-tool command:
/chip-tool basicinformation read product-name 0x11 0
Environment
Any additional details ...