Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Platform] [Darwin] Add a way to perform DA outside of commissioning #24709

Open
carol-apple opened this issue Jan 27, 2023 · 1 comment · May be fixed by #28595
Open

[Platform] [Darwin] Add a way to perform DA outside of commissioning #24709

carol-apple opened this issue Jan 27, 2023 · 1 comment · May be fixed by #28595
Assignees
@bzbarsky-apple
Labels
api darwin p2 priority 2 work
Milestone
1.4 Feature Complete

Comments

@carol-apple
Copy link
Contributor

Reproduction steps

#24335 added VID/PID to MTRDeviceAttestationDeviceInfo. Currently, the only time we get MTRDeviceAttestationDeviceInfo is during DA which happens while commissioning.

It might be useful to perform DA again after an OTA completes. There isn't a way to perform DA without it going through the commissioning process. We should consider adding an explicit API to "perform attestation" such that any changes to MTRDeviceAttestationDeviceInfo may be retrieved at that time.

Platform

darwin

Platform Version(s)

v1.0

Type

Platform validated

(Optional) If manually tested please explain why this is only manually tested

No response

Anything else?

No response
@woody-apple woody-apple added the p2 priority 2 work label Apr 4, 2023
@bzbarsky-apple bzbarsky-apple mentioned this issue Apr 4, 2023
Closed
@bzbarsky-apple
Copy link
Contributor

Some notes for future reference:

  1. A minimal API surface here would let the consumer:
    1. Perform device attestation using the PAA bits that the controller knows about.
    2. On success, return that information and the VID+PID that were confirmed to match the attestation information.
    3. On failure, return some indication of what failed.
  2. A more expansive API would let the consumer:
    1. Get some representation of the attestation info for a device. Neither MTRDeviceAttestationDeviceInfo nor MTRDeviceAttestationInfo have "everything" you need to do "device attestation", but perhaps we can either expand those or do some subset of the checks internally (e.g. whatever involves the attestation challenge and nonce) and then provide the API consumer with the data needed to do the rest of the checks.
    2. Pass in the attestation info to have it checked against the set of PAAs Matter.framework has been told about.
@woody-apple woody-apple removed the v1.1 label Jun 23, 2023
@woody-apple woody-apple added this to the 1.3 milestone Jun 23, 2023
bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue Aug 9, 2023
@bzbarsky-apple
Add APIs for non-commissioning device attestation to Matter.framework.
cf57642 
Fixes project-chip#24709
@bzbarsky-apple bzbarsky-apple linked a pull request Aug 9, 2023 that will close this issue
Open
@woody-apple woody-apple changed the title [Platform] [Darwin] Add a way to perform DA outside of commissioning Oct 24, 2023
@woody-apple woody-apple changed the title [Platform] [Darwin] Add a way to perform DA outside of commissionin Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api darwin p2 priority 2 work
3 participants
@woody-apple @carol-apple @bzbarsky-apple