From 9d32c019f113f72d6518477ddf5e7fa7be4f0b26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Szablowski?= Date: Thu, 17 Aug 2023 10:36:39 +0200 Subject: [PATCH] Updates after review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: MichaƂ Szablowski --- docs/guides/chip_tool_guide.md | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/docs/guides/chip_tool_guide.md b/docs/guides/chip_tool_guide.md index 2ff0c002b92b01..5b55b020092cac 100644 --- a/docs/guides/chip_tool_guide.md +++ b/docs/guides/chip_tool_guide.md @@ -724,7 +724,7 @@ the command with the default fallback node ID `112233`. **Example of commands:** ``` -$ ./chip-tool pairing ble-thread 12378411096372871992 hex:0e08000000000001000035060004001fffe00708fd6be52118a6b9000410205c6257d29b2115d3065fdb6e855f830c0402a0f7f8000300000d0102adda02081111111122224589051000aa22dd445566778899aabbccddeeff030a4f70656e546872656164 20202021 3840 --commissioner-name alpha --commissioner-nodeid 999999 +$ ./chip-tool pairing code-thread 1 hex:000030000150208562618342348532605109bd31cda6908667addca8789211addac0102c4a9 34970112332 --commissioner-name alpha --commissioner-nodeid 999999 ``` ``` @@ -915,33 +915,31 @@ to modify attestation-related settings: certificates. The path can be absolute or relative to the current working directory. With this flag, the CHIP Tool looks for the PAA certificate that matches the PAI and the DAC certificates programmed on the device. Without - this flag, the CHIP Tool uses the test PAA certificate. + this flag, the CHIP Tool uses the built-in test PAA certificate. - `--cd-trust-store-path` - Use to provide the path to the directory containing the key that - is used to generate Certificate Declaration. The path can be absolute or + is used to validate the device's Certification Declaration. The path can be absolute or relative to the current working directory. With this flag, the CHIP tool - looks for the CD that matches other attestation data on the device. Without - this flag, the CHIP Tool uses the test CD. + looks for the public key that successfully validate device Certification Declaration's signature. + Without this flag, the CHIP Tool uses well-known built-in public keys + (built-in public keys `src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp`) + - `--only-allow-trusted-cd-keys` - Use to only allow the keys from `--cd-trust-store-path` and not the built-in test key. If the flag is not provided or it is provided with the value `false`, untrusted CD verifying keys are allowed. If it is provided with the value `true` (`--only-allow-trusted-cd-keys true`), test - keys are disallowed and CD used for attestation will not be accepted. This - setting is parsing CD for an `int` enumeration that sets the test status of - CD. + keys are disallowed and CD signed with the test key will not be accepted. - `--bypass-attestation-verifier` - Use to bypass the attestation verifier. If the flag is not provided or it is provided with the value `false`, the attestation verifier is not bypassed. If it is provided with the value `true` (`--bypass-attestation-verifier true`), the commissioning will continue in case of the attestation verification failure. The failure can be caused - by errors in Certification Declaration, the PAA or the PAI certificates, or - in the Device Attestation Certificate. This option can be useful if you want - to quickly commission a device with the PAI and the DAC certificates that - are based on an unknown PAA certificate, or when using a CD signing key to which we - don't have access (for example it is part of an officially certified - device). + by errors in Certification Declaration, PAA or PAI certificates, or + in the Device Attestation Certificate. This option can be helpful if you want + to quickly commission a device with PAI and DAC certificates based on + not known PAA and/or with not known Certification Declaration public key.