Merge branch 'master' into convertToMTD

.github/workflows/build.yaml

@@ -316,7 +316,9 @@ jobs:
             - name: Run Python library specific unit tests
               timeout-minutes: 5
               run: |
-                  scripts/run_in_build_env.sh 'pip3 install ./out/controller/python/chip-0.0-cp37-abi3-linux_x86_64.whl'
+                  scripts/run_in_build_env.sh 'pip3 install ./out/controller/python/chip_core-0.0-cp37-abi3-linux_x86_64.whl'
+                  scripts/run_in_build_env.sh 'pip3 install ./out/controller/python/chip_clusters-0.0-py3-none-any.whl'
+                  scripts/run_in_build_env.sh 'pip3 install ./out/controller/python/chip_repl-0.0-py3-none-any.whl'
                   scripts/run_in_build_env.sh '(cd src/controller/python/test/unit_tests/ && python3 -m unittest -v)'
 
     build_darwin:

.github/workflows/examples-mw320.yaml

@@ -0,0 +1,84 @@
+# Copyright (c) 2020-2021 Project CHIP Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Build example - MW320
+
+on:
+    push:
+    pull_request:
+
+concurrency:
+    group: ${{ github.ref }}-${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.event.number) || (github.event_name == 'workflow_dispatch' && github.run_number) || github.sha }}
+    cancel-in-progress: true
+
+jobs:
+    mw320:
+        name: MW320
+        timeout-minutes: 60
+
+        env:
+            BUILD_TYPE: gn_mw320
+
+        runs-on: ubuntu-latest
+        if: github.actor != 'restyled-io[bot]'
+
+        container:
+            image: connectedhomeip/chip-build:0.5.84
+            volumes:
+                - "/tmp/bloat_reports:/tmp/bloat_reports"
+        steps:
+            - uses: Wandalen/[email protected]
+              name: Checkout
+              with:
+                  action: actions/checkout@v3
+                  with: |
+                      token: ${{ github.token }}
+                  attempt_limit: 3
+                  attempt_delay: 2000
+            - name: Checkout submodules
+              run: scripts/checkout_submodules.py --shallow --platform mw320
+
+            - name: Set up environment for size reports
+              if: ${{ !env.ACT }}
+              env:
+                  GH_CONTEXT: ${{ toJson(github) }}
+              run: scripts/tools/memory/gh_sizes_environment.py "${GH_CONTEXT}"
+
+            - name: Bootstrap
+              timeout-minutes: 25
+              run: scripts/build/gn_bootstrap.sh
+            - name: Uploading bootstrap logs
+              uses: actions/upload-artifact@v2
+              if: ${{ always() && !env.ACT }}
+              with:
+                  name: bootstrap-logs
+                  path: |
+                      .environment/gn_out/.ninja_log
+                      .environment/pigweed-venv/*.log
+            - name: Build MW320 all clusters example app
+              timeout-minutes: 20
+              run: |
+                  ./scripts/run_in_build_env.sh \
+                     "./scripts/build/build_examples.py \
+                        --target 'mw320-all-clusters-app' \
+                        build \
+                        --copy-artifacts-to out/artifacts \
+                     "
+            - name: Uploading Size Reports
+              uses: actions/upload-artifact@v2
+              if: ${{ !env.ACT }}
+              with:
+                  name: Size,MW320-Examples,${{ env.GH_EVENT_PR }},${{ env.GH_EVENT_HASH }},${{ env.GH_EVENT_PARENT }},${{ github.event_name }}
+                  path: |
+                      /tmp/bloat_reports/

.gitignore

@@ -63,4 +63,5 @@ compile_commands.json
 *~
 
 # log files
-*.log
+*.log
+examples/thermostat/ameba/build

BUILD.gn

@@ -140,7 +140,7 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") {
         if (enable_pylib) {
           deps += [ "${chip_root}/src/pybindings/pycontroller" ]
         }
-        deps += [ "${chip_root}/src/controller/python" ]
+        deps += [ "${chip_root}/src/controller/python:chip-repl" ]
       }
     }
 
@@ -166,7 +166,7 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") {
         if (enable_pylib) {
           data_deps += [ "${chip_root}/src/pybindings/pycontroller" ]
         }
-        data_deps += [ "${chip_root}/src/controller/python" ]
+        data_deps += [ "${chip_root}/src/controller/python:chip-repl" ]
       }
 
       write_runtime_deps = "${root_out_dir}/certification.runtime_deps"

build/chip/linux/gdbus_library.gni

@@ -12,8 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-glib_config = rebase_path(":glib")
-gen_dbus_wrapper = rebase_path("gen_gdbus_wrapper.py")
+glib_config = get_label_info(":glib", "label_no_toolchain")
+gen_dbus_wrapper = get_path_info("gen_gdbus_wrapper.py", "abspath")
 
 # Runs gdbus-codegen and defines the resulting library.
 #

config/nrfconnect/chip-module/Kconfig

@@ -123,7 +123,7 @@ config CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE
 	  factory data.
 
 # Use default certificates without generating or providing them
-config CHIP_FACTORY_DATA_USE_DEFAULTS_CERTS
+config CHIP_FACTORY_DATA_USE_DEFAULT_CERTS
 	bool "Use default certificates located in Matter repository"
 	default y
 	help
@@ -254,6 +254,16 @@ config CHIP_DEVICE_ROTATING_DEVICE_UID
 	  A device rotating id unique id which will be generated if
 	  this config is not set in prj.conf file.
 
+config CHIP_DEVICE_ENABLE_KEY
+	string "Enable Key for triggering test actions on device"
+	default "00112233445566778899AABBCCDDEEFF"
+	help
+	  The Enable Key is a 128-bit value that triggers test action 
+	  while invoking the TestEventTrigger Command. 
+	  Pattern: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+	  This value is used during Certification Tests,
+	  and should not be present on production devices.
+
 config CHIP_CERTIFICATION_DECLARATION_STORAGE
 	bool "Enable storing Certification Declaration"
 	depends on CHIP_FACTORY_DATA
@@ -274,4 +284,5 @@ config CHIP_CERTIFiCATION_DECLARATION_OTA_IMAGE_ID
 
 endif
 
+
 endif

config/nrfconnect/chip-module/generate_factory_data.cmake

@@ -55,10 +55,12 @@ if(NOT CONFIG_CHIP_DEVICE_GENERATE_ROTATING_DEVICE_UID)
     else()
         string(APPEND script_args "--rd_uid \"${CONFIG_CHIP_DEVICE_ROTATING_DEVICE_UID}\"\n")
     endif()
+else()
+    string(APPEND script_args "--generate_rd_uid\n")
 endif()
 
 # for development purpose user can use default certs instead of generating or providing them
-if(CONFIG_CHIP_FACTORY_DATA_USE_DEFAULTS_CERTS)
+if(CONFIG_CHIP_FACTORY_DATA_USE_DEFAULT_CERTS)
     # convert decimal PID to its hexadecimal representation to find out certification files in repository
     math(EXPR LOCAL_PID "${CONFIG_CHIP_DEVICE_PRODUCT_ID}" OUTPUT_FORMAT HEXADECIMAL)
     string(SUBSTRING ${LOCAL_PID} 2 -1 raw_pid)
@@ -68,14 +70,9 @@ if(CONFIG_CHIP_FACTORY_DATA_USE_DEFAULTS_CERTS)
     string(APPEND script_args "--dac_key \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-DAC-${raw_pid}-Key.der\"\n")
     string(APPEND script_args "--pai_cert \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-PAI-noPID-Cert.der\"\n")
 else()
-    # try to generate a new DAC and PAI certs and DAC key
-    # request script to generate a new certificates
-    # by adding an argument to script_args
-    find_program(chip-cert NAMES chip-cert)
-    if(NOT chip-cert)
-        message(FATAL_ERROR "Could not find chip_cert_path executable in PATH")
-    endif()
-    string(APPEND script_args "--chip_cert_path ${chip-cert}\n") 
+    find_program(chip_cert_exe NAMES chip-cert REQUIRED)
+    string(APPEND script_args "--gen_cd\n")
+    string(APPEND script_args "--chip_cert_path ${chip_cert_exe}\n")
 endif()
 
 # add Password-Authenticated Key Exchange parameters
@@ -88,16 +85,18 @@ string(APPEND script_args "--passcode ${CONFIG_CHIP_DEVICE_SPAKE2_PASSCODE}\n")
 if(CONFIG_CHIP_FACTORY_DATA_GENERATE_SPAKE2_VERIFIER)
     # request script to generate a new spake2_verifier
     # by adding an argument to script_args
-    find_program(spake_exe NAMES spake2p)
-    if(NOT spake_exe)
-        message(FATAL_ERROR "Could not find spake2p executable in PATH")
-    endif()
+    find_program(spake_exe NAMES spake2p REQUIRED)
     string(APPEND script_args "--spake2p_path ${spake_exe}\n")   
 else()
     # Spake2 verifier should be provided using kConfig
     string(APPEND script_args "--spake2_verifier \"${CONFIG_CHIP_DEVICE_SPAKE2_TEST_VERIFIER}\"\n")
 endif()
 
+if(CONFIG_CHIP_DEVICE_ENABLE_KEY)
+# Add optional EnableKey that triggers user-specific action.
+string(APPEND script_args "--enable_key \"${CONFIG_CHIP_DEVICE_ENABLE_KEY}\"\n")
+endif()
+
 # Set output JSON file and path to SCHEMA file to validate generated factory data
 string(APPEND script_args "-o \"${output_path}/${factory_data_target}.json\"\n")
 string(APPEND script_args "-s \"${schema_path}\"\n")

docs/guides/nrfconnect_factory_data_configuration.md

@@ -228,14 +228,29 @@ $ python scripts/tools/nrfconnect/generate_nrfconnect_chip_factory_data.py -h
         --passcode <pass_code> --spake2p_path <path to spake2p executable>
         ```
 
+    > Note: To generate new SPAKE2+ verifier you need `spake2p` executable. See
+    > the note at the end of this section to learn how to get it.
+
     - Manual:
 
         ```
         --spake2_verifier <verifier>
         ```
 
     d. Add paths to `.der` files that contain PAI and DAC certificates and the
-    DAC private key (replace the respective variables with the file names):
+    DAC private key (replace the respective variables with the file names) using
+    one of the following methods:
+
+    - Automatic:
+
+    ```
+    --chip_cert_path <path to chip-cert executable>
+    ```
+
+    > Note: To generate new certificates, you need the `chip-cert` executable.
+    > See the note at the end of this section to learn how to get it.
+
+    - Manual:
 
     ```
     --dac_cert <path to DAC certificate>.der --dac_key <path to DAC key>.der --pai_cert <path to PAI certificate>.der
@@ -328,6 +343,17 @@ If the script finishes successfully, go to the location you provided with the
 > 3.  Add the `connectedhomeip/src/tools/spake2p/out/spake2p` path as an
 >     argument of `--spake2p_path` for the Python script.
 
+> Note: Generating new certificates is optional if default vendor and product
+> IDs are used and requires providing a path to the `chip-cert` executable. To
+> get it, complete the following steps:
+>
+> 1.  Navigate to the `connectedhomeip` root directory.
+> 2.  In a terminal, run the command:
+>     `cd src/tools/chip-cert && gn gen out && ninja -C out chip-cert` to build
+>     the executable.
+> 3.  Add the `connectedhomeip/src/tools/chip-cert/out/chip-cert` path as an
+>     argument of `--chip_cert_path` for the Python script.
+
 > Note: By default, overwriting the existing JSON file is disabled. This means
 > that you cannot create a new JSON file with the same name in the exact
 > location as an existing file. To allow overwriting, add the `--overwrite`
@@ -625,6 +651,27 @@ $ west build -b nrf52840dk_nrf52840 -- \
 -DCONFIG_CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE=y
 ```
 
+You can also build an example with auto-generation of new CD, DAC and PAI
+certificates. The newly generated certificates will be added to factory data set
+automatically. To generate new certificates disable using default certificates
+by building an example with the additional option
+`-DCHIP_FACTORY_DATA_USE_DEFAULT_CERTS=n`:
+
+```
+$ west build -b nrf52840dk_nrf52840 -- \
+-DCONFIG_CHIP_FACTORY_DATA=y \
+-DCONFIG_CHIP_FACTORY_DATA_BUILD=y \
+-DCONFIG_CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE=y \
+-DCONFIG_CHIP_FACTORY_DATA_USE_DEFAULT_CERTS=n
+```
+
+> Note: To generate new certificates using the nRF Connect platform build
+> system, you need the `chip-cert` executable in your system variable PATH. To
+> learn how to get `chip-cert`, go to the note at the end of
+> [creating the factory data partition with the second script](#creating-the-factory-data-partition-with-the-second-script)
+> section, and then add the newly built executable to the system variable PATH.
+> The Cmake build system will find this executable automatically.
+
 After that, use the following command from the example's directory to write
 firmware and newly generated factory data at the same time: