Closed bilalmalik76 closed 3 months ago
201
means kPaiSignatureInvalid
. You can find the error information here: https://github.com/project-chip/connectedhomeip/blob/master/src/credentials/attestation_verifier/DeviceAttestationVerifier.h#L30.
Since CONFIG_SEC_CERT_DAC_PROVIDER=n
, firmware is trying to read the DAC and PAI from the factory partition. And as per your mfg_tool.py
command, I do not see a DAC and PAI being added to factory partition.
You have to use few more options, --dac-key <DAC-KEY>
--dac-cert --pai -c <PAI>
.
Please find more examples and help here: https://github.com/espressif/esp-matter/tree/main/tools/mfg_tool/#generate-factory-partition-using-existing-dac-certificate-and-private-key-optional-arguments----dac-cert-and---dac-key
I use this....
./mfg_tool.py -cn "Test" -v 0xFFF2 -p 0x8001 --pai \
-k ../../connectedhomeip/connectedhomeip/credentials/test/attestation/Chip-Test-PAI-FFF2-8001-Key.pem \
-c ../../connectedhomeip/connectedhomeip/credentials/test/attestation/Chip-Test-PAI-FFF2-8001-Cert.pem \
-cd ../../connectedhomeip/connectedhomeip/credentials/test/certification-declaration/Chip-Test-CD-FFF2-8001.der \
--vendor-name "Company" --product-name "Light" --serial-num "12345678" \
--hw-ver-str "1.0.0" \
--passcode 20202021 --discriminator 3840
@bilalmalik76 Please close the issue if resolved
@shubhamdp I got this after adding above flags: 2024-05-31 08:30:05,568] [ ERROR] - Please provide PAI certificate along with DAC certificate and DAC key
./mfg_tool.py --passcode 89674523 \ --discriminator 2245 \ -cd TEST_CD_1549_1234.der \ -v 0x1549 --vendor-name Espressif \ -p 0x1234 --product-name StarPower \ --hw-ver 1 --hw-ver-str DevKit \ --dac-key ../../connectedhomeip/connectedhomeip/credentials/test/certification-declaration/Chip-Test-CD-Signing-Key.pem \ --dac-cert ../../connectedhomeip/connectedhomeip/credentials/test/certification-declaration/Chip-Test-CD-Signing-Cert.pem
I use this....
./mfg_tool.py -cn "Test" -v 0xFFF2 -p 0x8001 --pai \ -k ../../connectedhomeip/connectedhomeip/credentials/test/attestation/Chip-Test-PAI-FFF2-8001-Key.pem \ -c ../../connectedhomeip/connectedhomeip/credentials/test/attestation/Chip-Test-PAI-FFF2-8001-Cert.pem \ -cd ../../connectedhomeip/connectedhomeip/credentials/test/certification-declaration/Chip-Test-CD-FFF2-8001.der \ --vendor-name "Company" --product-name "Light" --serial-num "12345678" \ --hw-ver-str "1.0.0" \ --passcode 20202021 --discriminator 3840
i want to add our own VID, is just replacing VID will work with command?
@bilalmalik76 , you can use your own vid in the command to generate the factory_partition.If you are using the latest commit from esp-matter, then the mfg_tool has been made pip installable and you can refer the documentation here to create partitions.
@bilalmalik76 Please close the issue if resolved
Closing this now
Describe the bug A clear and concise description of what the bug is.
Environment
ESP-Matter Commit Id:
01bebca56b42a35b5ad049f59292df7d4c08ea6b
ESP-IDF Commit Id:
cbce221e88d52665523093b2b6dd0ebe3f1243f1
SoC (eg: ESP32 or ESP32-C3):
ESP32C6
Device Logs (Please attach the log file): log_cert.txt
Host Machine OS:
Ubuntu22
Commissioner app and versions if present:
Apple home app
Commissioner's logs if present: NA Any additional details I am using following command to generate QR code and partition bin file but getting error while commissioning with apple home app:
chip-cert gen-cd --format-version 1 --vendor-id 0x1549 --product-id 0x1234 \ --device-type-id 0x0100 --certificate-id CSA00000SWC00000-01 \ --security-level 0 --security-info 0 --version-number 1 \ --certification-type 1 \ --key ../../credentials/test/certification-declaration/Chip-Test-CD-Signing-Key.pem \ --cert ../../credentials/test/certification-declaration/Chip-Test-CD-Signing-Cert.pem \ --out TEST_CD_FFF1_8007.der
`./mfg_tool.py --passcode 89674523 \ --discriminator 2245 \ -cd TEST_CD_FFF1_8007.der \ -v 0x1549 --vendor-name Espressif \ -p 0x1234 --product-name StarPower \ --hw-ver 1 --hw-ver-str DevKit \ `
following are set defconfig:
Disable the DS Peripheral support
CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=n
Use DAC Provider implementation which reads attestation data from secure cert partition
CONFIG_SEC_CERT_DAC_PROVIDER=n
Enable some options which reads CD and other basic info from the factory partition
CONFIG_ENABLE_ESP32_FACTORY_DATA_PROVIDER=y CONFIG_ENABLE_ESP32_DEVICE_INSTANCE_INFO_PROVIDER=y CONFIG_ENABLE_ESP32_DEVICE_INFO_PROVIDER=y CONFIG_FACTORY_COMMISSIONABLE_DATA_PROVIDER=y CONFIG_FACTORY_DEVICE_INSTANCE_INFO_PROVIDER=y CONFIG_FACTORY_DEVICE_INFO_PROVIDER=y CONFIG_FACTORY_PARTITION_DAC_PROVIDER=y