diff --git a/config/standalone/CHIPProjectConfig.h b/config/standalone/CHIPProjectConfig.h index b6a6cf69ea079b..6e3f47e2fbf1f5 100644 --- a/config/standalone/CHIPProjectConfig.h +++ b/config/standalone/CHIPProjectConfig.h @@ -53,6 +53,8 @@ // WARNING: These options make it possible to circumvent basic Chip security functionality, // including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS. // +// To build with this flag, pass 'treat_warnings_as_errors=false' to gn/ninja. +// #define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 1 diff --git a/examples/lock-app/cc13x2x7_26x2x7/main/include/CHIPProjectConfig.h b/examples/lock-app/cc13x2x7_26x2x7/main/include/CHIPProjectConfig.h index ade0aa02ee2ca9..96d0e31bcee6b0 100644 --- a/examples/lock-app/cc13x2x7_26x2x7/main/include/CHIPProjectConfig.h +++ b/examples/lock-app/cc13x2x7_26x2x7/main/include/CHIPProjectConfig.h @@ -41,7 +41,7 @@ // authentication in various protocols. // WARNING: These options make it possible to circumvent basic CHIP security functionality, // including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS. -#define CHIP_CONFIG_SECURITY_TEST_MODE 1 +#define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 0 // Use a default pairing code if one hasn't been provisioned in flash. diff --git a/examples/persistent-storage/cc13x2x7_26x2x7/include/CHIPProjectConfig.h b/examples/persistent-storage/cc13x2x7_26x2x7/include/CHIPProjectConfig.h index 46f509cb858528..67a63519b80984 100644 --- a/examples/persistent-storage/cc13x2x7_26x2x7/include/CHIPProjectConfig.h +++ b/examples/persistent-storage/cc13x2x7_26x2x7/include/CHIPProjectConfig.h @@ -41,7 +41,7 @@ // authentication in various protocols. // WARNING: These options make it possible to circumvent basic CHIP security functionality, // including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS. -#define CHIP_CONFIG_SECURITY_TEST_MODE 1 +#define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 0 // Use a default pairing code if one hasn't been provisioned in flash. diff --git a/examples/platform/qpg/project_include/CHIPProjectConfig.h b/examples/platform/qpg/project_include/CHIPProjectConfig.h index b0ad50a26707fa..78999997bde3f6 100644 --- a/examples/platform/qpg/project_include/CHIPProjectConfig.h +++ b/examples/platform/qpg/project_include/CHIPProjectConfig.h @@ -41,7 +41,7 @@ // WARNING: These options make it possible to circumvent basic Chip security functionality, // including message encryption. Because of this they MUST NEVER BE ENABLED IN PRODUCTION BUILDS. // -#define CHIP_CONFIG_SECURITY_TEST_MODE 1 +#define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 0 /** diff --git a/src/lib/core/CHIPConfig.h b/src/lib/core/CHIPConfig.h index bebb3037afd0c8..83c4461bed4b3e 100644 --- a/src/lib/core/CHIPConfig.h +++ b/src/lib/core/CHIPConfig.h @@ -1403,6 +1403,8 @@ * @note * WARNING: This option makes it possible to circumvent basic chip security functionality, * including message encryption. Because of this it SHOULD NEVER BE ENABLED IN PRODUCTION BUILDS. + * + * To build with this flag, pass 'treat_warnings_as_errors=false' to gn/ninja. */ #ifndef CHIP_CONFIG_SECURITY_TEST_MODE #define CHIP_CONFIG_SECURITY_TEST_MODE 0 diff --git a/src/transport/CryptoContext.cpp b/src/transport/CryptoContext.cpp index b238591faf4cfc..b76c53ec89e388 100644 --- a/src/transport/CryptoContext.cpp +++ b/src/transport/CryptoContext.cpp @@ -96,7 +96,7 @@ CHIP_ERROR CryptoContext::InitFromSecret(const ByteSpan & secret, const ByteSpan (void) info; (void) infoLen; -#pragma message \ +#warning \ "Warning: CONFIG_SECURITY_TEST_MODE=1 bypassing key negotiation... All sessions will use known, fixed test key. Node can only communicate with other nodes built with this flag set." ChipLogError(SecureChannel, "Warning: CONFIG_SECURITY_TEST_MODE=1 bypassing key negotiation... All sessions will use known, fixed test key. "