diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.h b/src/darwin/Framework/CHIP/MTRDeviceController.h
index e53a3a86732958..f86443c77e7dab 100644
--- a/src/darwin/Framework/CHIP/MTRDeviceController.h
+++ b/src/darwin/Framework/CHIP/MTRDeviceController.h
@@ -134,6 +134,9 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS
  */
 - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue;
 
+/** Return the attestation challenge for the secure session of the device being commissioned. */
+- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId;
+
 /**
  * Compute a PASE verifier and passcode ID for the desired setup pincode.
  *
diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.mm b/src/darwin/Framework/CHIP/MTRDeviceController.mm
index 7e4aa25ad14d79..a908172ac65b7a 100644
--- a/src/darwin/Framework/CHIP/MTRDeviceController.mm
+++ b/src/darwin/Framework/CHIP/MTRDeviceController.mm
@@ -703,6 +703,37 @@ - (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint
     return result;
 }
 
+- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId
+{
+    __block CHIP_ERROR errorCode = CHIP_ERROR_INCORRECT_STATE;
+    if (![self isRunning]) {
+        [self checkForError:errorCode logMsg:kErrorNotRunning error:nil];
+        return nil;
+    }
+
+    __block NSData * attestationChallenge;
+    dispatch_sync(_chipWorkQueue, ^{
+        if ([self isRunning]) {
+            chip::CommissioneeDeviceProxy * deviceProxy;
+            errorCode = self.cppCommissioner->GetDeviceBeingCommissioned(deviceId, &deviceProxy);
+            if (errorCode != CHIP_NO_ERROR) {
+                [self checkForError:errorCode logMsg:@"Invalid Attestation Challenge device ID." error:nil];
+                return;
+            }
+
+            NSMutableData * challengeBuffer = [[NSMutableData alloc] initWithLength:chip::Crypto::kAES_CCM128_Key_Length];
+            chip::ByteSpan challenge((uint8_t *) [challengeBuffer mutableBytes], chip::Crypto::kAES_CCM128_Key_Length);
+
+            errorCode = deviceProxy->GetAttestationChallenge(challenge);
+            MTR_LOG_ERROR("GetAttestationChallenge: %s", chip::ErrorStr(errorCode));
+
+            attestationChallenge = [NSData dataWithBytes:challenge.data() length:challenge.size()];
+        }
+    });
+
+    return attestationChallenge;
+}
+
 - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
 {
     if (condition) {