Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add custom privileges for opcreds cluster #16590

Merged
merged 4 commits into from
Mar 25, 2022
Merged

Add custom privileges for opcreds cluster #16590

merged 4 commits into from
Mar 25, 2022

Conversation

mlepage-google
Copy link
Contributor

@mlepage-google mlepage-google commented Mar 23, 2022
edited
Loading

Problem

Operational Credentials Cluster needs its custom required privileges defined.

Change overview

One attribute and most commands require administer privilege.
(Cluster has no events.)

Testing

Commissioning chip-all-clusters-app via chip-tool on Linux results
in the following commands and their required privilege:

GeneralCommissioning/ArmFailSafe --> 0x30 0x0 --> operate
GeneralCommissioning/SetRegulatoryConfig --> 0x30 0x2 --> operate
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/AttestationRequest --> 0x3e 0x0 --> administer
OperationalCredentials/CSRRequest --> 0x3e 0x4 --> administer
OperationalCredentials/AddTrustedRootCertificate --> 0x3e 0xb --> administer
OperationalCredentials/AddNOC --> 0x3e 0x6 --> administer
GeneralCommissioning/CommissioningComplete --> 0x30 0x4 --> operate

The last is satisfied over CASE (via the AddNOC installed ACL) and the
others before it are satisfied by implicit administer privilege over
PASE during commissioning.

Also verified the read of OperationalCredentials/NOCs attribute (0x0).

@mlepage-google
Add custom privileges for opcreds cluster
db15ace 
One attribute and most commands require administer privilege.
(Cluster has no events.)

Commissioning chip-all-clusters-app via chip-tool on Linux results
in the following commands and their required privilege:

GeneralCommissioning/ArmFailSafe --> 0x30 0x0 --> operate
GeneralCommissioning/SetRegulatoryConfig --> 0x30 0x2 --> operate
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/AttestationRequest --> 0x3e 0x0 --> administer
OperationalCredentials/CSRRequest --> 0x3e 0x4 --> administer
OperationalCredentials/AddTrustedRootCertificate --> 0x3e 0xb --> administer
OperationalCredentials/AddNOC --> 0x3e 0x6 --> administer
GeneralCommissioning/CommissioningComplete --> 0x30 0x4 --> operate

The last is satisfied over CASE (via the AddNOC installed ACL) and the
others before it are satisfied by implicit administer privilege over
PASE during commissioning.
@boring-cyborg boring-cyborg bot added the app label Mar 23, 2022
@restyled-io restyled-io bot mentioned this pull request Mar 23, 2022
Closed
@github-actions
Copy link

github-actions bot commented Mar 23, 2022
edited
Loading

PR #16590: Size comparison from c7b4913 to db15ace

Increases (22 builds for cyw30739, efr32, esp32, k32w, linux, p6)
platform target config section c7b4913 db15ace change % change
cyw30739 light cyw930739m2evb_01 (read/write) 603334 603494 160 0.0
.app_xip_area 510424 510584 160 0.0
lock cyw930739m2evb_01 (read/write) 561122 561282 160 0.0
.app_xip_area 469740 469900 160 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 573206 573366 160 0.0
.app_xip_area 472176 472336 160 0.0
efr32 lighting-app BRD4161A (read only) 922876 923012 136 0.0
.text 922868 923004 136 0.0
BRD4161A+rpc (read only) 951684 951828 144 0.0
.text 951676 951820 144 0.0
window-app BRD4161A (read only) 852680 852816 136 0.0
.text 852672 852808 136 0.0
esp32 all-clusters-app c3devkit (read only) 964186 964218 32 0.0
(read/write) 1393842 1393930 88 0.0
.flash.rodata 198648 198736 88 0.0
.flash.text 964186 964218 32 0.0
m5stack (read only) 1020723 1020743 20 0.0
(read/write) 461620 461700 80 0.0
.flash.rodata 228160 228240 80 0.0
.flash.text 1015339 1015359 20 0.0
k32w light k32w061+release (read/write) 701500 701660 160 0.0
.text 616176 616336 160 0.0
lock k32w061+release (read/write) 700936 701096 160 0.0
.text 615596 615756 160 0.0
linux all-clusters-app debug (read only) 2478273 2478369 96 0.0
.rodata 211845 211941 96 0.0
bridge-app debug+rpc (read only) 1753061 1753269 208 0.0
.rodata 144300 144428 128 0.1
.text 1493621 1493701 80 0.0
door-lock-app debug (read only) 2005121 2005217 96 0.0
.rodata 180956 181052 96 0.1
lighting-app debug+rpc (read only) 2178497 2178721 224 0.0
.rodata 174940 175068 128 0.1
.text 1844610 1844706 96 0.0
ota-provider-app debug (read only) 1946169 1946361 192 0.0
.rodata 166699 166795 96 0.1
.text 1627826 1627922 96 0.0
ota-requestor-app debug (read only) 1972977 1973201 224 0.0
.rodata 162692 162820 128 0.1
.text 1657730 1657826 96 0.0
shell debug (read only) 2427633 2427729 96 0.0
.rodata 209298 209394 96 0.0
thermostat-no-ble arm64 (read only) 2262588 2262684 96 0.0
.rodata 139564 139660 96 0.1
tv-app debug (read only) 2678929 2679153 224 0.0
.rodata 206901 207029 128 0.1
.text 2297250 2297346 96 0.0
p6 all-clusters-app default (read/write) 2493816 2493904 88 0.0
.text 1452080 1452168 88 0.0
light-app default (read/write) 2396752 2396896 144 0.0
.text 1355016 1355160 144 0.0
lock-app default (read/write) 2360288 2360432 144 0.0
.text 1318552 1318696 144 0.0
Decreases (1 build for esp32)
platform target config section c7b4913 db15ace change % change
esp32 all-clusters-app c3devkit .dram0.data 14204 14196 -8 -0.1
Full report (27 builds for cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section c7b4913 db15ace change % change
cyw30739 light cyw930739m2evb_01 (read/write) 603334 603494 160 0.0
.app_xip_area 510424 510584 160 0.0
.bss 75656 75656 0 0.0
.data 604 604 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 561122 561282 160 0.0
.app_xip_area 469740 469900 160 0.0
.bss 74160 74160 0 0.0
.data 568 568 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 573206 573366 160 0.0
.app_xip_area 472176 472336 160 0.0
.bss 83488 83488 0 0.0
.data 508 508 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 922876 923012 136 0.0
(read/write) 128756 128756 0 0.0
.bss 126760 126760 0 0.0
.data 1996 1996 0 0.0
.text 922868 923004 136 0.0
BRD4161A+rpc (read only) 951684 951828 144 0.0
(read/write) 144712 144712 0 0.0
.bss 142536 142536 0 0.0
.data 2176 2176 0 0.0
.text 951676 951820 144 0.0
window-app BRD4161A (read only) 852680 852816 136 0.0
(read/write) 126728 126728 0 0.0
.bss 124856 124856 0 0.0
.data 1872 1872 0 0.0
.text 852672 852808 136 0.0
esp32 all-clusters-app c3devkit (read only) 964186 964218 32 0.0
(read/write) 1393842 1393930 88 0.0
.dram0.bss 62072 62072 0 0.0
.dram0.data 14204 14196 -8 -0.1
.flash.rodata 198648 198736 88 0.0
.flash.text 964186 964218 32 0.0
.iram0.text 62016 62016 0 0.0
m5stack (read only) 1020723 1020743 20 0.0
(read/write) 461620 461700 80 0.0
.dram0.bss 67600 67600 0 0.0
.dram0.data 34024 34024 0 0.0
.flash.rodata 228160 228240 80 0.0
.flash.text 1015339 1015359 20 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 701500 701660 160 0.0
.bss 77648 77648 0 0.0
.data 1876 1876 0 0.0
.text 616176 616336 160 0.0
lock k32w061+release (read/write) 700936 701096 160 0.0
.bss 77624 77624 0 0.0
.data 1916 1916 0 0.0
.text 615596 615756 160 0.0
linux all-clusters-app debug (read only) 2478273 2478369 96 0.0
(read/write) 143184 143184 0 0.0
.bss 57312 57312 0 0.0
.data 1280 1280 0 0.0
.data.rel.ro 78872 78872 0 0.0
.dynamic 592 592 0 0.0
.got 4168 4168 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 211845 211941 96 0.0
.text 2103026 2103026 0 0.0
bridge-app debug+rpc (read only) 1753061 1753269 208 0.0
(read/write) 89424 89424 0 0.0
.bss 44456 44456 0 0.0
.data 1984 1984 0 0.0
.data.rel.ro 37912 37912 0 0.0
.dynamic 592 592 0 0.0
.got 3920 3920 0 0.0
.init 27 27 0 0.0
.init_array 544 544 0 0.0
.rodata 144300 144428 128 0.1
.text 1493621 1493701 80 0.0
chip-tool debug (read only) 10186893 10186893 0 0.0
(read/write) 355072 355072 0 0.0
.bss 22400 22400 0 0.0
.data 1072 1072 0 0.0
.data.rel.ro 325496 325496 0 0.0
.dynamic 608 608 0 0.0
.got 4816 4816 0 0.0
.init 27 27 0 0.0
.init_array 632 632 0 0.0
.rodata 520405 520405 0 0.0
.text 8883301 8883301 0 0.0
chip-tool-ipv6only arm64 (read only) 9806636 9806636 0 0.0
(read/write) 473297 473297 0 0.0
.bss 40673 40673 0 0.0
.data 1144 1144 0 0.0
.data.rel.ro 371968 371968 0 0.0
.dynamic 560 560 0 0.0
.got 55704 55704 0 0.0
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 495780 495780 0 0.0
.text 8258020 8258020 0 0.0
door-lock-app debug (read only) 2005121 2005217 96 0.0
(read/write) 116800 116800 0 0.0
.bss 47584 47584 0 0.0
.data 992 992 0 0.0
.data.rel.ro 62824 62824 0 0.0
.dynamic 592 592 0 0.0
.got 4120 4120 0 0.0
.init 27 27 0 0.0
.init_array 664 664 0 0.0
.rodata 180956 181052 96 0.1
.text 1674578 1674578 0 0.0
lighting-app debug+rpc (read only) 2178497 2178721 224 0.0
(read/write) 123760 123760 0 0.0
.bss 48864 48864 0 0.0
.data 1472 1472 0 0.0
.data.rel.ro 67896 67896 0 0.0
.dynamic 608 608 0 0.0
.got 4168 4168 0 0.0
.init 27 27 0 0.0
.init_array 744 744 0 0.0
.rodata 174940 175068 128 0.1
.text 1844610 1844706 96 0.0
ota-provider-app debug (read only) 1946169 1946361 192 0.0
(read/write) 112528 112528 0 0.0
.bss 47456 47456 0 0.0
.data 1256 1256 0 0.0
.data.rel.ro 58168 58168 0 0.0
.dynamic 608 608 0 0.0
.got 4376 4376 0 0.0
.init 27 27 0 0.0
.init_array 616 616 0 0.0
.rodata 166699 166795 96 0.1
.text 1627826 1627922 96 0.0
ota-requestor-app debug (read only) 1972977 1973201 224 0.0
(read/write) 115784 115784 0 0.0
.bss 48448 48448 0 0.0
.data 1480 1480 0 0.0
.data.rel.ro 60392 60392 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 162692 162820 128 0.1
.text 1657730 1657826 96 0.0
shell debug (read only) 2427633 2427729 96 0.0
(read/write) 147240 147240 0 0.0
.bss 67240 67240 0 0.0
.data 800 800 0 0.0
.data.rel.ro 73504 73504 0 0.0
.dynamic 592 592 0 0.0
.got 4152 4152 0 0.0
.init 27 27 0 0.0
.init_array 920 920 0 0.0
.rodata 209298 209394 96 0.0
.text 2061682 2061682 0 0.0
thermostat-no-ble arm64 (read only) 2262588 2262684 96 0.0
(read/write) 148257 148257 0 0.0
.bss 62753 62753 0 0.0
.data 1040 1040 0 0.0
.data.rel.ro 76968 76968 0 0.0
.dynamic 560 560 0 0.0
.got 4480 4480 0 0.0
.init 24 24 0 0.0
.init_array 360 360 0 0.0
.rodata 139564 139660 96 0.1
.text 1899776 1899776 0 0.0
tv-app debug (read only) 2678929 2679153 224 0.0
(read/write) 247712 247712 0 0.0
.bss 164416 164416 0 0.0
.data 3136 3136 0 0.0
.data.rel.ro 74104 74104 0 0.0
.dynamic 592 592 0 0.0
.got 4552 4552 0 0.0
.init 27 27 0 0.0
.init_array 888 888 0 0.0
.rodata 206901 207029 128 0.1
.text 2297250 2297346 96 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2353428 2353428 0 0.0
.bss 184652 184652 0 0.0
.data 5760 5760 0 0.0
.text 1316028 1316028 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1139283 1139283 0 0.0
bss 142588 142588 0 0.0
rodata 141508 141508 0 0.0
text 780416 780416 0 0.0
p6 all-clusters-app default (read/write) 2493816 2493904 88 0.0
.bss 118072 118072 0 0.0
.data 2640 2640 0 0.0
.text 1452080 1452168 88 0.0
light-app default (read/write) 2396752 2396896 144 0.0
.bss 111544 111544 0 0.0
.data 2496 2496 0 0.0
.text 1355016 1355160 144 0.0
lock-app default (read/write) 2360288 2360432 144 0.0
.bss 111288 111288 0 0.0
.data 2456 2456 0 0.0
.text 1318552 1318696 144 0.0
telink lighting-app tlsr9518adk80d (read/write) 896794 896794 0 0.0
bss 87444 87444 0 0.0
noinit 37160 37160 0 0.0
text 634212 634212 0 0.0

@github-actions
Copy link

github-actions bot commented Mar 24, 2022
edited
Loading

PR #16590: Size comparison from 011efcf to 73b46f1

Increases (24 builds for cyw30739, efr32, esp32, k32w, linux, p6)
platform target config section 011efcf0 73b46f1 change % change
cyw30739 light cyw930739m2evb_01 (read/write) 603562 603722 160 0.0
.app_xip_area 510732 510892 160 0.0
lock cyw930739m2evb_01 (read/write) 561350 561510 160 0.0
.app_xip_area 470048 470208 160 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 573426 573586 160 0.0
.app_xip_area 472476 472636 160 0.0
efr32 lighting-app BRD4161A (read only) 923432 923568 136 0.0
.text 923424 923560 136 0.0
BRD4161A+rpc (read only) 952240 952384 144 0.0
.text 952232 952376 144 0.0
window-app BRD4161A (read only) 853220 853364 144 0.0
.text 853212 853356 144 0.0
esp32 all-clusters-app c3devkit (read only) 964804 964840 36 0.0
(read/write) 1394194 1394266 72 0.0
.flash.rodata 199064 199152 88 0.0
.flash.text 964804 964840 36 0.0
m5stack (read only) 1021107 1021127 20 0.0
(read/write) 461940 462020 80 0.0
.flash.rodata 228560 228640 80 0.0
.flash.text 1015723 1015743 20 0.0
k32w light k32w061+release (read/write) 701704 701864 160 0.0
.text 616460 616620 160 0.0
lock k32w061+release (read/write) 701156 701316 160 0.0
.text 615896 616056 160 0.0
linux all-clusters-app debug (read only) 2483153 2483249 96 0.0
.rodata 212229 212325 96 0.0
bridge-app debug+rpc (read only) 1755461 1755669 208 0.0
.rodata 144300 144428 128 0.1
.text 1495925 1496005 80 0.0
chip-tool debug (read/write) 355456 355712 256 0.1
.data.rel.ro 325800 326056 256 0.1
chip-tool-ipv6only arm64 .data.rel.ro 372312 372664 352 0.1
door-lock-app debug (read only) 2007345 2007441 96 0.0
.rodata 180956 181052 96 0.1
lighting-app debug+rpc (read only) 2181289 2181513 224 0.0
.rodata 174972 175100 128 0.1
.text 1847250 1847346 96 0.0
ota-provider-app debug (read only) 1948393 1948585 192 0.0
.rodata 166699 166795 96 0.1
.text 1629954 1630050 96 0.0
ota-requestor-app debug (read only) 1975201 1975425 224 0.0
.rodata 162692 162820 128 0.1
.text 1659858 1659954 96 0.0
shell debug (read only) 2431945 2432041 96 0.0
.rodata 209682 209778 96 0.0
thermostat-no-ble arm64 (read only) 2266140 2266236 96 0.0
.rodata 139708 139804 96 0.1
tv-app debug (read only) 2681737 2681961 224 0.0
.rodata 206933 207061 128 0.1
.text 2299906 2300002 96 0.0
p6 all-clusters-app default (read/write) 2494984 2495072 88 0.0
.text 1453248 1453336 88 0.0
light-app default (read/write) 2397360 2397504 144 0.0
.text 1355624 1355768 144 0.0
lock-app default (read/write) 2360888 2361032 144 0.0
.text 1319152 1319296 144 0.0
Decreases (3 builds for esp32, linux)
platform target config section 011efcf0 73b46f1 change % change
esp32 all-clusters-app c3devkit .dram0.data 14212 14204 -8 -0.1
linux chip-tool debug (read only) 10216325 10206533 -9792 -0.1
.rodata 521141 518101 -3040 -0.6
.text 8911253 8903925 -7328 -0.1
chip-tool-ipv6only arm64 (read only) 9832668 9825308 -7360 -0.1
(read/write) 473889 473793 -96 -0.0
.got 55864 55416 -448 -0.8
.rodata 496516 493732 -2784 -0.6
.text 8282052 8278148 -3904 -0.0
Full report (27 builds for cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 011efcf0 73b46f1 change % change
cyw30739 light cyw930739m2evb_01 (read/write) 603562 603722 160 0.0
.app_xip_area 510732 510892 160 0.0
.bss 75576 75576 0 0.0
.data 604 604 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 561350 561510 160 0.0
.app_xip_area 470048 470208 160 0.0
.bss 74080 74080 0 0.0
.data 568 568 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 573426 573586 160 0.0
.app_xip_area 472476 472636 160 0.0
.bss 83408 83408 0 0.0
.data 508 508 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 923432 923568 136 0.0
(read/write) 128680 128680 0 0.0
.bss 126680 126680 0 0.0
.data 1996 1996 0 0.0
.text 923424 923560 136 0.0
BRD4161A+rpc (read only) 952240 952384 144 0.0
(read/write) 144632 144632 0 0.0
.bss 142456 142456 0 0.0
.data 2176 2176 0 0.0
.text 952232 952376 144 0.0
window-app BRD4161A (read only) 853220 853364 144 0.0
(read/write) 126648 126648 0 0.0
.bss 124776 124776 0 0.0
.data 1872 1872 0 0.0
.text 853212 853356 144 0.0
esp32 all-clusters-app c3devkit (read only) 964804 964840 36 0.0
(read/write) 1394194 1394266 72 0.0
.dram0.bss 61992 61992 0 0.0
.dram0.data 14212 14204 -8 -0.1
.flash.rodata 199064 199152 88 0.0
.flash.text 964804 964840 36 0.0
.iram0.text 62016 62016 0 0.0
m5stack (read only) 1021107 1021127 20 0.0
(read/write) 461940 462020 80 0.0
.dram0.bss 67520 67520 0 0.0
.dram0.data 34024 34024 0 0.0
.flash.rodata 228560 228640 80 0.0
.flash.text 1015723 1015743 20 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 701704 701864 160 0.0
.bss 77568 77568 0 0.0
.data 1876 1876 0 0.0
.text 616460 616620 160 0.0
lock k32w061+release (read/write) 701156 701316 160 0.0
.bss 77544 77544 0 0.0
.data 1916 1916 0 0.0
.text 615896 616056 160 0.0
linux all-clusters-app debug (read only) 2483153 2483249 96 0.0
(read/write) 143344 143344 0 0.0
.bss 57408 57408 0 0.0
.data 1280 1280 0 0.0
.data.rel.ro 78920 78920 0 0.0
.dynamic 592 592 0 0.0
.got 4176 4176 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 212229 212325 96 0.0
.text 2107202 2107202 0 0.0
bridge-app debug+rpc (read only) 1755461 1755669 208 0.0
(read/write) 89552 89552 0 0.0
.bss 44552 44552 0 0.0
.data 1984 1984 0 0.0
.data.rel.ro 37936 37936 0 0.0
.dynamic 592 592 0 0.0
.got 3920 3920 0 0.0
.init 27 27 0 0.0
.init_array 544 544 0 0.0
.rodata 144300 144428 128 0.1
.text 1495925 1496005 80 0.0
chip-tool debug (read only) 10216325 10206533 -9792 -0.1
(read/write) 355456 355712 256 0.1
.bss 22496 22496 0 0.0
.data 1072 1072 0 0.0
.data.rel.ro 325800 326056 256 0.1
.dynamic 608 608 0 0.0
.got 4816 4816 0 0.0
.init 27 27 0 0.0
.init_array 632 632 0 0.0
.rodata 521141 518101 -3040 -0.6
.text 8911253 8903925 -7328 -0.1
chip-tool-ipv6only arm64 (read only) 9832668 9825308 -7360 -0.1
(read/write) 473889 473793 -96 -0.0
.bss 40769 40769 0 0.0
.data 1144 1144 0 0.0
.data.rel.ro 372312 372664 352 0.1
.dynamic 560 560 0 0.0
.got 55864 55416 -448 -0.8
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 496516 493732 -2784 -0.6
.text 8282052 8278148 -3904 -0.0
door-lock-app debug (read only) 2007345 2007441 96 0.0
(read/write) 116896 116896 0 0.0
.bss 47680 47680 0 0.0
.data 992 992 0 0.0
.data.rel.ro 62840 62840 0 0.0
.dynamic 592 592 0 0.0
.got 4120 4120 0 0.0
.init 27 27 0 0.0
.init_array 664 664 0 0.0
.rodata 180956 181052 96 0.1
.text 1676706 1676706 0 0.0
lighting-app debug+rpc (read only) 2181289 2181513 224 0.0
(read/write) 123888 123888 0 0.0
.bss 48960 48960 0 0.0
.data 1472 1472 0 0.0
.data.rel.ro 67928 67928 0 0.0
.dynamic 608 608 0 0.0
.got 4168 4168 0 0.0
.init 27 27 0 0.0
.init_array 744 744 0 0.0
.rodata 174972 175100 128 0.1
.text 1847250 1847346 96 0.0
ota-provider-app debug (read only) 1948393 1948585 192 0.0
(read/write) 112624 112624 0 0.0
.bss 47552 47552 0 0.0
.data 1256 1256 0 0.0
.data.rel.ro 58184 58184 0 0.0
.dynamic 608 608 0 0.0
.got 4376 4376 0 0.0
.init 27 27 0 0.0
.init_array 616 616 0 0.0
.rodata 166699 166795 96 0.1
.text 1629954 1630050 96 0.0
ota-requestor-app debug (read only) 1975201 1975425 224 0.0
(read/write) 115880 115880 0 0.0
.bss 48544 48544 0 0.0
.data 1480 1480 0 0.0
.data.rel.ro 60408 60408 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 162692 162820 128 0.1
.text 1659858 1659954 96 0.0
shell debug (read only) 2431945 2432041 96 0.0
(read/write) 147400 147400 0 0.0
.bss 67336 67336 0 0.0
.data 800 800 0 0.0
.data.rel.ro 73568 73568 0 0.0
.dynamic 592 592 0 0.0
.got 4152 4152 0 0.0
.init 27 27 0 0.0
.init_array 920 920 0 0.0
.rodata 209682 209778 96 0.0
.text 2065394 2065394 0 0.0
thermostat-no-ble arm64 (read only) 2266140 2266236 96 0.0
(read/write) 148385 148385 0 0.0
.bss 62833 62833 0 0.0
.data 1040 1040 0 0.0
.data.rel.ro 77000 77000 0 0.0
.dynamic 560 560 0 0.0
.got 4504 4504 0 0.0
.init 24 24 0 0.0
.init_array 360 360 0 0.0
.rodata 139708 139804 96 0.1
.text 1903024 1903024 0 0.0
tv-app debug (read only) 2681737 2681961 224 0.0
(read/write) 247872 247872 0 0.0
.bss 164512 164512 0 0.0
.data 3136 3136 0 0.0
.data.rel.ro 74160 74160 0 0.0
.dynamic 592 592 0 0.0
.got 4552 4552 0 0.0
.init 27 27 0 0.0
.init_array 888 888 0 0.0
.rodata 206933 207061 128 0.1
.text 2299906 2300002 96 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2353772 2353772 0 0.0
.bss 184572 184572 0 0.0
.data 5760 5760 0 0.0
.text 1316372 1316372 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1140039 1140039 0 0.0
bss 142512 142512 0 0.0
rodata 141912 141912 0 0.0
text 780764 780764 0 0.0
p6 all-clusters-app default (read/write) 2494984 2495072 88 0.0
.bss 117992 117992 0 0.0
.data 2640 2640 0 0.0
.text 1453248 1453336 88 0.0
light-app default (read/write) 2397360 2397504 144 0.0
.bss 111464 111464 0 0.0
.data 2496 2496 0 0.0
.text 1355624 1355768 144 0.0
lock-app default (read/write) 2360888 2361032 144 0.0
.bss 111208 111208 0 0.0
.data 2456 2456 0 0.0
.text 1319152 1319296 144 0.0
telink lighting-app tlsr9518adk80d (read/write) 896606 896606 0 0.0
bss 87356 87356 0 0.0
noinit 37160 37160 0 0.0
text 633984 633984 0 0.0

@github-actions
Copy link

github-actions bot commented Mar 25, 2022
edited
Loading

PR #16590: Size comparison from c14faeb to a705281

Increases (22 builds for cyw30739, efr32, esp32, k32w, linux, p6)
platform target config section c14faeb a705281 change % change
cyw30739 light cyw930739m2evb_01 (read/write) 604466 604626 160 0.0
.app_xip_area 511636 511796 160 0.0
lock cyw930739m2evb_01 (read/write) 562270 562430 160 0.0
.app_xip_area 470968 471128 160 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 574626 574786 160 0.0
.app_xip_area 473676 473836 160 0.0
efr32 lighting-app BRD4161A (read only) 925416 925552 136 0.0
.text 925408 925544 136 0.0
BRD4161A+rpc (read only) 954240 954384 144 0.0
.text 954232 954376 144 0.0
window-app BRD4161A (read only) 854828 854964 136 0.0
.text 854820 854956 136 0.0
esp32 all-clusters-app c3devkit (read only) 965550 965586 36 0.0
(read/write) 1394138 1394210 72 0.0
.flash.rodata 199008 199096 88 0.0
.flash.text 965550 965586 36 0.0
m5stack (read only) 1022039 1022059 20 0.0
(read/write) 461884 461964 80 0.0
.flash.rodata 228504 228584 80 0.0
.flash.text 1016655 1016675 20 0.0
k32w light k32w061+release (read/write) 702984 703144 160 0.0
.text 617740 617900 160 0.0
lock k32w061+release (read/write) 702084 702244 160 0.0
.text 616824 616984 160 0.0
linux all-clusters-app debug (read only) 2487249 2487345 96 0.0
.rodata 212133 212229 96 0.0
bridge-app debug+rpc (read only) 1759653 1759877 224 0.0
.rodata 144268 144396 128 0.1
.text 1500149 1500245 96 0.0
door-lock-app debug (read only) 2011633 2011729 96 0.0
.rodata 180924 181020 96 0.1
lighting-app debug+rpc (read only) 2185441 2185649 208 0.0
.rodata 174908 175036 128 0.1
.text 1851490 1851570 80 0.0
ota-provider-app debug (read only) 1952841 1953017 176 0.0
.rodata 166667 166763 96 0.1
.text 1634434 1634514 80 0.0
ota-requestor-app debug (read only) 1980417 1980641 224 0.0
.rodata 162788 162916 128 0.1
.text 1664882 1664978 96 0.0
shell debug (read only) 2436057 2436153 96 0.0
.rodata 209618 209714 96 0.0
thermostat-no-ble arm64 (read only) 2268996 2269092 96 0.0
.rodata 139652 139748 96 0.1
tv-app debug (read only) 2682465 2682673 208 0.0
.rodata 205579 205707 128 0.1
.text 2302258 2302338 80 0.0
p6 all-clusters-app default (read/write) 2496624 2496712 88 0.0
.text 1454888 1454976 88 0.0
light-app default (read/write) 2399016 2399152 136 0.0
.text 1357280 1357416 136 0.0
lock-app default (read/write) 2362552 2362696 144 0.0
.text 1320816 1320960 144 0.0
Decreases (1 build for esp32)
platform target config section c14faeb a705281 change % change
esp32 all-clusters-app c3devkit .dram0.data 14212 14204 -8 -0.1
Full report (27 builds for cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section c14faeb a705281 change % change
cyw30739 light cyw930739m2evb_01 (read/write) 604466 604626 160 0.0
.app_xip_area 511636 511796 160 0.0
.bss 75576 75576 0 0.0
.data 604 604 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 562270 562430 160 0.0
.app_xip_area 470968 471128 160 0.0
.bss 74080 74080 0 0.0
.data 568 568 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 574626 574786 160 0.0
.app_xip_area 473676 473836 160 0.0
.bss 83408 83408 0 0.0
.data 508 508 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 925416 925552 136 0.0
(read/write) 128688 128688 0 0.0
.bss 126688 126688 0 0.0
.data 1996 1996 0 0.0
.text 925408 925544 136 0.0
BRD4161A+rpc (read only) 954240 954384 144 0.0
(read/write) 144640 144640 0 0.0
.bss 142464 142464 0 0.0
.data 2176 2176 0 0.0
.text 954232 954376 144 0.0
window-app BRD4161A (read only) 854828 854964 136 0.0
(read/write) 126648 126648 0 0.0
.bss 124776 124776 0 0.0
.data 1872 1872 0 0.0
.text 854820 854956 136 0.0
esp32 all-clusters-app c3devkit (read only) 965550 965586 36 0.0
(read/write) 1394138 1394210 72 0.0
.dram0.bss 61992 61992 0 0.0
.dram0.data 14212 14204 -8 -0.1
.flash.rodata 199008 199096 88 0.0
.flash.text 965550 965586 36 0.0
.iram0.text 62016 62016 0 0.0
m5stack (read only) 1022039 1022059 20 0.0
(read/write) 461884 461964 80 0.0
.dram0.bss 67520 67520 0 0.0
.dram0.data 34024 34024 0 0.0
.flash.rodata 228504 228584 80 0.0
.flash.text 1016655 1016675 20 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 702984 703144 160 0.0
.bss 77568 77568 0 0.0
.data 1876 1876 0 0.0
.text 617740 617900 160 0.0
lock k32w061+release (read/write) 702084 702244 160 0.0
.bss 77544 77544 0 0.0
.data 1916 1916 0 0.0
.text 616824 616984 160 0.0
linux all-clusters-app debug (read only) 2487249 2487345 96 0.0
(read/write) 143344 143344 0 0.0
.bss 57408 57408 0 0.0
.data 1280 1280 0 0.0
.data.rel.ro 78920 78920 0 0.0
.dynamic 592 592 0 0.0
.got 4176 4176 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 212133 212229 96 0.0
.text 2111442 2111442 0 0.0
bridge-app debug+rpc (read only) 1759653 1759877 224 0.0
(read/write) 89552 89552 0 0.0
.bss 44552 44552 0 0.0
.data 1984 1984 0 0.0
.data.rel.ro 37936 37936 0 0.0
.dynamic 592 592 0 0.0
.got 3920 3920 0 0.0
.init 27 27 0 0.0
.init_array 544 544 0 0.0
.rodata 144268 144396 128 0.1
.text 1500149 1500245 96 0.0
chip-tool debug (read only) 1017902 1017902 0 0.0
(read/write) 355688 355688 0 0.0
.bss 22496 22496 0 0.0
.data 1072 1072 0 0.0
.data.rel.ro 326008 326008 0 0.0
.dynamic 608 608 0 0.0
.got 4816 4816 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 518517 518517 0 0.0
.text 8876101 8876101 0 0.0
chip-tool-ipv6only arm64 (read only) 9809852 9809852 0 0.0
(read/write) 473729 473729 0 0.0
.bss 40769 40769 0 0.0
.data 1144 1144 0 0.0
.data.rel.ro 372656 372656 0 0.0
.dynamic 560 560 0 0.0
.got 55352 55352 0 0.0
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 493908 493908 0 0.0
.text 8262772 8262772 0 0.0
door-lock-app debug (read only) 2011633 2011729 96 0.0
(read/write) 116896 116896 0 0.0
.bss 47680 47680 0 0.0
.data 992 992 0 0.0
.data.rel.ro 62840 62840 0 0.0
.dynamic 592 592 0 0.0
.got 4120 4120 0 0.0
.init 27 27 0 0.0
.init_array 664 664 0 0.0
.rodata 180924 181020 96 0.1
.text 1681026 1681026 0 0.0
lighting-app debug+rpc (read only) 2185441 2185649 208 0.0
(read/write) 123888 123888 0 0.0
.bss 48960 48960 0 0.0
.data 1472 1472 0 0.0
.data.rel.ro 67928 67928 0 0.0
.dynamic 608 608 0 0.0
.got 4168 4168 0 0.0
.init 27 27 0 0.0
.init_array 744 744 0 0.0
.rodata 174908 175036 128 0.1
.text 1851490 1851570 80 0.0
ota-provider-app debug (read only) 1952841 1953017 176 0.0
(read/write) 112688 112688 0 0.0
.bss 47616 47616 0 0.0
.data 1256 1256 0 0.0
.data.rel.ro 58184 58184 0 0.0
.dynamic 608 608 0 0.0
.got 4376 4376 0 0.0
.init 27 27 0 0.0
.init_array 616 616 0 0.0
.rodata 166667 166763 96 0.1
.text 1634434 1634514 80 0.0
ota-requestor-app debug (read only) 1980417 1980641 224 0.0
(read/write) 115912 115912 0 0.0
.bss 48544 48544 0 0.0
.data 1480 1480 0 0.0
.data.rel.ro 60440 60440 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 162788 162916 128 0.1
.text 1664882 1664978 96 0.0
shell debug (read only) 2436057 2436153 96 0.0
(read/write) 147400 147400 0 0.0
.bss 67336 67336 0 0.0
.data 800 800 0 0.0
.data.rel.ro 73568 73568 0 0.0
.dynamic 592 592 0 0.0
.got 4152 4152 0 0.0
.init 27 27 0 0.0
.init_array 920 920 0 0.0
.rodata 209618 209714 96 0.0
.text 2069618 2069618 0 0.0
thermostat-no-ble arm64 (read only) 2268996 2269092 96 0.0
(read/write) 148385 148385 0 0.0
.bss 62833 62833 0 0.0
.data 1040 1040 0 0.0
.data.rel.ro 77000 77000 0 0.0
.dynamic 560 560 0 0.0
.got 4504 4504 0 0.0
.init 24 24 0 0.0
.init_array 360 360 0 0.0
.rodata 139652 139748 96 0.1
.text 1905984 1905984 0 0.0
tv-app debug (read only) 2682465 2682673 208 0.0
(read/write) 247552 247552 0 0.0
.bss 164320 164320 0 0.0
.data 3136 3136 0 0.0
.data.rel.ro 74048 74048 0 0.0
.dynamic 592 592 0 0.0
.got 4552 4552 0 0.0
.init 27 27 0 0.0
.init_array 888 888 0 0.0
.rodata 205579 205707 128 0.1
.text 2302258 2302338 80 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2354708 2354708 0 0.0
.bss 184572 184572 0 0.0
.data 5760 5760 0 0.0
.text 1317308 1317308 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1140887 1140887 0 0.0
bss 142500 142500 0 0.0
rodata 142016 142016 0 0.0
text 781500 781500 0 0.0
p6 all-clusters-app default (read/write) 2496624 2496712 88 0.0
.bss 117992 117992 0 0.0
.data 2640 2640 0 0.0
.text 1454888 1454976 88 0.0
light-app default (read/write) 2399016 2399152 136 0.0
.bss 111464 111464 0 0.0
.data 2496 2496 0 0.0
.text 1357280 1357416 136 0.0
lock-app default (read/write) 2362552 2362696 144 0.0
.bss 111208 111208 0 0.0
.data 2456 2456 0 0.0
.text 1320816 1320960 144 0.0
telink lighting-app tlsr9518adk80d (read/write) 897458 897458 0 0.0
bss 87356 87356 0 0.0
noinit 37160 37160 0 0.0
text 634878 634878 0 0.0

@mlepage-google mlepage-google merged commit 927e237 into project-chip:master Mar 25, 2022
@mlepage-google mlepage-google deleted the access-for-opcreds branch March 25, 2022 21:11
rochaferraz pushed a commit to rochaferraz/connectedhomeip that referenced this pull request Mar 31, 2022
@mlepage-google @rochaferraz
Add custom privileges for opcreds cluster (project-chip#16590)
61f22f0 
One attribute and most commands require administer privilege.
(This cluster has no events.)

Commissioning chip-all-clusters-app via chip-tool on Linux results
in the following commands and their required privilege:

GeneralCommissioning/ArmFailSafe --> 0x30 0x0 --> operate
GeneralCommissioning/SetRegulatoryConfig --> 0x30 0x2 --> operate
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/AttestationRequest --> 0x3e 0x0 --> administer
OperationalCredentials/CSRRequest --> 0x3e 0x4 --> administer
OperationalCredentials/AddTrustedRootCertificate --> 0x3e 0xb --> administer
OperationalCredentials/AddNOC --> 0x3e 0x6 --> administer
GeneralCommissioning/CommissioningComplete --> 0x30 0x4 --> operate

The last is satisfied over CASE (via the AddNOC installed ACL) and the
others before it are satisfied by implicit administer privilege over
PASE during commissioning.
andrei-menzopol pushed a commit to andrei-menzopol/connectedhomeip that referenced this pull request Apr 14, 2022
@mlepage-google @andrei-menzopol
Add custom privileges for opcreds cluster (project-chip#16590)
d882321 
One attribute and most commands require administer privilege.
(This cluster has no events.)

Commissioning chip-all-clusters-app via chip-tool on Linux results
in the following commands and their required privilege:

GeneralCommissioning/ArmFailSafe --> 0x30 0x0 --> operate
GeneralCommissioning/SetRegulatoryConfig --> 0x30 0x2 --> operate
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/CertificateChainRequest --> 0x3e 0x2 --> administer
OperationalCredentials/AttestationRequest --> 0x3e 0x0 --> administer
OperationalCredentials/CSRRequest --> 0x3e 0x4 --> administer
OperationalCredentials/AddTrustedRootCertificate --> 0x3e 0xb --> administer
OperationalCredentials/AddNOC --> 0x3e 0x6 --> administer
GeneralCommissioning/CommissioningComplete --> 0x30 0x4 --> operate

The last is satisfied over CASE (via the AddNOC installed ACL) and the
others before it are satisfied by implicit administer privilege over
PASE during commissioning.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bzbarsky-apple bzbarsky-apple bzbarsky-apple approved these changes

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@austinh0 austinh0 Awaiting requested review from austinh0

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@erjiaqing erjiaqing Awaiting requested review from erjiaqing

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@hawk248 hawk248 Awaiting requested review from hawk248

@holbrookt holbrookt Awaiting requested review from holbrookt

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@kghost kghost Awaiting requested review from kghost

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@lzgrablic02 lzgrablic02 Awaiting requested review from lzgrablic02

@mrjerryjohns mrjerryjohns Awaiting requested review from mrjerryjohns

@msandstedt msandstedt Awaiting requested review from msandstedt

@mspang mspang Awaiting requested review from mspang

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

@yufengwangca yufengwangca Awaiting requested review from yufengwangca

Assignees

@tcarmelveilleux tcarmelveilleux

Labels
app review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mlepage-google @tcarmelveilleux @bzbarsky-apple