Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

manifest: Update Matter SDK revision to pull new crypto changes #13540

Merged
merged 1 commit into from
Jan 25, 2024
Merged

manifest: Update Matter SDK revision to pull new crypto changes #13540

merged 1 commit into from
Jan 25, 2024

Conversation

ArekBalysNordic
Copy link
Contributor

In this commit added a mechanism that migrates all existing operational keys from mbedTLS-related settings storage to the PSA ITS secure storage.

After the migration the entries in the settings storage will not be avaliable anymore.

@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. manifest labels Jan 4, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jan 4, 2024
edited
Loading

The following west manifest projects have been modified in this Pull Request:

Name Old Revision New Revision Diff
matter nrfconnect/sdk-connectedhomeip@b6a5e9a nrfconnect/sdk-connectedhomeip@288b64a (master) nrfconnect/[email protected]

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jan 4, 2024
edited
Loading

Test specification

CI/Jenkins/NRF

  • Integration Platforms

CI/Jenkins/integration

Test Module File based changes Manually selected West overwrite
test-fw-nrfconnect-chip X

test-fw-nrfconnect-chip: added because there was no .github/test-spec.yml in 'matter'

Detailed information of selected test modules

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publishing GitHub Action.

@ArekBalysNordic
Copy link
Contributor Author

@wiba-nordic I've added some lines to the migration guide, release notes, and Matter index. We need to inform our customers that they must use PSA Crypto API to use Thread certification inheritance. In the other way, they need to build Thread libraries from sources. Could you please check the recent changes?

wiba-nordic
wiba-nordic requested changes Jan 16, 2024
View reviewed changes
doc/nrf/protocols/matter/index.rst Outdated Show resolved Hide resolved
doc/nrf/protocols/matter/index.rst Outdated Show resolved Hide resolved
doc/nrf/protocols/matter/index.rst Outdated Show resolved Hide resolved
doc/nrf/protocols/matter/index.rst Outdated Show resolved Hide resolved
doc/nrf/releases_and_maturity/migration/migration_guide_2.6.rst Outdated Show resolved Hide resolved
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated Show resolved Hide resolved
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated Show resolved Hide resolved
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated Show resolved Hide resolved
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated Show resolved Hide resolved
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated Show resolved Hide resolved
@wiba-nordic
Copy link
Contributor

I am not sure what is breaking the documentation build.

kkasperczyk-no
kkasperczyk-no approved these changes Jan 19, 2024
View reviewed changes
Copy link
Contributor

@kkasperczyk-no kkasperczyk-no left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left one comment to consider. I don't have very strong opinion on that and I'm not going to insist, so approving.

@ArekBalysNordic ArekBalysNordic force-pushed the crypto_migration branch 4 times, most recently from 28d6116 to fccd5cc Compare January 22, 2024 15:18
kkasperczyk-no
kkasperczyk-no reviewed Jan 23, 2024
View reviewed changes
samples/matter/common/src/app/migration_manager.cpp Outdated Show resolved Hide resolved
samples/matter/common/src/app/migration_manager.h Outdated Show resolved Hide resolved
samples/matter/light_bulb/CMakeLists.txt Outdated Show resolved Hide resolved
samples/matter/common/src/app/migration_manager.cpp Outdated Show resolved Hide resolved
samples/matter/common/src/app/migration_manager.cpp Outdated Show resolved Hide resolved
samples/matter/common/src/app/migration_manager.cpp Outdated Show resolved Hide resolved
@ArekBalysNordic ArekBalysNordic force-pushed the crypto_migration branch 3 times, most recently from 165b004 to 4f526f0 Compare January 23, 2024 10:45
kkasperczyk-no
kkasperczyk-no approved these changes Jan 24, 2024
View reviewed changes
Copy link
Contributor

@kkasperczyk-no kkasperczyk-no left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, last round of comments from me. These are mostly minors, so approving in advance.

samples/matter/common/src/Kconfig Outdated Show resolved Hide resolved
samples/matter/common/src/migration/migration_manager.cpp Outdated Show resolved Hide resolved
samples/matter/common/src/migration/migration_manager.cpp Outdated Show resolved Hide resolved
samples/matter/common/src/migration/migration_manager.cpp Outdated Show resolved Hide resolved
samples/matter/common/src/migration/migration_manager.cpp
if (CHIP_NO_ERROR != err) {
chip::Server::GetInstance().ScheduleFactoryReset();
// Return a success to not block the Matter event Loop and allow to call scheduled factory reset.
err = CHIP_NO_ERROR;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it ok to return CHIP_NO_ERROR if migration actually failed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will add documentation to the API.

samples/matter/common/src/app/matter_event_handler.cpp Outdated Show resolved Hide resolved
@ArekBalysNordic ArekBalysNordic force-pushed the crypto_migration branch 2 times, most recently from d6daf62 to cf89a1a Compare January 25, 2024 09:22
@NordicBuilder NordicBuilder removed the DNM label Jan 25, 2024
@ArekBalysNordic
manifest: Update Matter SDK revision to pull new crypto changes
7159994 
In this commit added a mechanism that migrates all existing
operational keys from mbedTLS-related settings storage to the
PSA ITS secure storage.

After the migration the entries in the settings storage will not
be avaliable anymore.

From NCS 2.6.0 the Matter supports Arm PSA Crypto API by default,
and mbedTLS is deprecated.

We should not use CommonServerInitParams to initialize PSA crypto
and we should do it directly in the Application instead of
Chip::Server. To do it we moved PSA init and declaration from
the Chip::Server to the Nordic's Matter Init.

Signed-off-by: Arkadiusz Balys <[email protected]>
@rlubos rlubos merged commit 71d287f into nrfconnect:main Jan 25, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LuDuda LuDuda LuDuda approved these changes

@kkasperczyk-no kkasperczyk-no kkasperczyk-no approved these changes

@Damian-Nordic Damian-Nordic Damian-Nordic approved these changes

@wiba-nordic wiba-nordic wiba-nordic approved these changes

@markaj-nordic markaj-nordic markaj-nordic approved these changes

@carlescufi carlescufi Awaiting requested review from carlescufi

@tejlmand tejlmand Awaiting requested review from tejlmand

Assignees
No one assigned
Labels
doc-required PR must not be merged without tech writer approval. manifest manifest-matter
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@ArekBalysNordic @NordicBuilder @wiba-nordic @LuDuda @kkasperczyk-no @Damian-Nordic @markaj-nordic @rlubos