-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update operational credentials code to match the specifications #7500
Update operational credentials code to match the specifications #7500
Conversation
5aad7e9
to
0c5c1ef
Compare
rebased |
98717d0
to
8ea02a9
Compare
rebased |
8ea02a9
to
b5ac149
Compare
b5ac149
to
e4b8ea2
Compare
Size increase report for "nrfconnect-example-build" from d29749b
Full report output
|
Size increase report for "esp32-example-build" from d29749b
Full report output
|
Size increase report for "gn_qpg6100-example-build" from d29749b
Full report output
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are many steps that are starting to line-up to spec, so this is great to see!
However, note that the operational certificate provisioning is still not "to spec", due to the NodeID being locally generated, and the full CSR not being passed along with signature and DA keys such that a CA could actually trust it.
The node ID is assigned by the commissioner app right now. I don't think it's being locally generated. |
…ect-chip#7500) * Move trusted root certs to operational credentials cluster * update zap files * Regenerate zap code and move trusted root code to op cred cluster * Send root cert before sending operational certificates * Add support for ICA certificates * fix telink build * fix build after rebase * add comment to describe why 2 certs are being stored * address review comments
Problem
Need updates to operational credentials provisioning code to match the latest specifications.
Change overview
Testing
This change impacts the device commissioning flow.
Tested commissioning using Python controller app, chip-tool, and iOS CHIPTool app.