Skip to content

Commit

Permalink
[nrfconnect] Allow use of certifcates stored on the HDD for factory d…
Browse files Browse the repository at this point in the history
…ata (#24274)

* [nrfconnect] Allow use of certifcates stored somewhere on the HDD for factory data

Instead of just allow usage for the default certificates or certificates
generated on demand also add the possibility to use certificates already
located on the HDD. This makes it easier to use generated test DCL certificates.

* [nrfconnect] Rename options and provide help string

Signed-off-by: Robert Schulze <[email protected]>

* [nrfconnect] fix indententaion error in Kconfig

Signed-off-by: Robert Schulze <[email protected]>

Signed-off-by: Robert Schulze <[email protected]>
  • Loading branch information
deveritec-rosc authored Jan 6, 2023
1 parent 7f668cd commit e766102
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 9 deletions.
47 changes: 38 additions & 9 deletions config/nrfconnect/chip-module/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -135,16 +135,45 @@ config CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE
As a result, a new output file merged.hex will consist of all partitions including
factory data.

# Use default certificates without generating or providing them
config CHIP_FACTORY_DATA_USE_DEFAULT_CERTS
bool "Use default certificates located in Matter repository"
default y
# Select source of the certificates
choice CHIP_FACTORY_DATA_CERT_SOURCE
prompt "Attestation certificate file source"
default CHIP_FACTORY_DATA_USE_DEFAULT_CERTS

config CHIP_FACTORY_DATA_USE_DEFAULT_CERTS
bool "Use pre-generated development certificates"
help
Use pre-generated certificate files from the credentials/development/attestation/
directory that match the configured Product ID. This can be used for development
purpose.
config CHIP_FACTORY_DATA_CERT_SOURCE_GENERATED
bool "Auto-generate certificates"
help
Generate new certificates instead of using pre-generated ones.
The certificates are generated on every build.
config CHIP_FACTORY_DATA_CERT_SOURCE_USER
bool "Use user-provided certificate files"
help
Use user-provided certificate files.
The user needs to specify the absolute path to all necessary files.
endchoice

if CHIP_FACTORY_DATA_CERT_SOURCE_USER

config CHIP_FACTORY_DATA_USER_CERTS_DAC_CERT
string "Path to the DAC certificate *.der-file"
help
Absolute path to the DAC certificate file in binary format.
config CHIP_FACTORY_DATA_USER_CERTS_DAC_KEY
string "Path to the DAC private key *.der-file"
help
Pre-generated certificates can be used for development purpose.
This config includes default pre-generated certificates
which are located in credentials/development/attestation/ directory
instead of generating new ones.
If this config is set to `n` new certificates will be generated.
Absolute path to the DAC keysfile in binary format.
Note that both public and private keys must be present (will be extracted automatically).
config CHIP_FACTORY_DATA_USER_CERTS_PAI_CERT
string "Path to the PAI certificate *.der-file"
help
Absolute path pointing to the PAI certificate in binary format.
endif

# Configs for SPAKE2 generation
config CHIP_FACTORY_DATA_GENERATE_SPAKE2_VERIFIER
Expand Down
4 changes: 4 additions & 0 deletions config/nrfconnect/chip-module/generate_factory_data.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ if(CONFIG_CHIP_FACTORY_DATA_USE_DEFAULT_CERTS)
string(APPEND script_args "--dac_cert \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-DAC-${raw_pid_upper}-Cert.der\"\n")
string(APPEND script_args "--dac_key \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-DAC-${raw_pid_upper}-Key.der\"\n")
string(APPEND script_args "--pai_cert \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-PAI-noPID-Cert.der\"\n")
elseif(CONFIG_CHIP_FACTORY_DATA_CERT_SOURCE_USER)
string(APPEND script_args "--dac_cert \"${CONFIG_CHIP_FACTORY_DATA_USER_CERTS_DAC_CERT}\"\n")
string(APPEND script_args "--dac_key \"${CONFIG_CHIP_FACTORY_DATA_USER_CERTS_DAC_KEY}\"\n")
string(APPEND script_args "--pai_cert \"${CONFIG_CHIP_FACTORY_DATA_USER_CERTS_PAI_CERT}\"\n")
else()
find_program(chip_cert_exe NAMES chip-cert REQUIRED)
string(APPEND script_args "--gen_cd\n")
Expand Down

0 comments on commit e766102

Please sign in to comment.