-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly manage operational key lifecycle for fail-safe #19277
Merged
tcarmelveilleux
merged 36 commits into
project-chip:master
from
tcarmelveilleux:keystore-wip2
Jun 10, 2022
Merged
Properly manage operational key lifecycle for fail-safe #19277
tcarmelveilleux
merged 36 commits into
project-chip:master
from
tcarmelveilleux:keystore-wip2
Jun 10, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Fail-safe did not properly manage the roll-back of operational keys - Operational key storage being centralized by value in FabricTable prevented ability to back keys by hardware/OS and allow the rollback of keys on failsafe expiry - CASE code was using "raw" FabricInfo * which could go stale on UpdateNOC or after fail-safe expiry. This PR: - Adds an OperationalKeystore interface - Make the FabricTable use the OperationalKeystore for when a commissionable node (with Opcreds cluster) is being commissioned - Retain legacy controller behavior that allows injection of operational keys - Simplifies the fail-safe handling lifecycle - Add logging to fail-safe handling - Add logging to general commissioning cluster - Make CASE use ScopedNodeId everywhere - Implement IsForUpdateNOC in fail-safe and opcreds cluster Fixes project-chip#19072 Issue project-chip#18633 Fixes project-chip#16443
pullapprove
bot
requested review from
andy31415,
anush-apple,
arkq,
Byungjoo-Lee,
bzbarsky-apple,
carol-apple,
chrisdecenzo,
chshu,
chulspro,
Damian-Nordic,
dhrishi,
electrocucaracha,
erjiaqing,
franck-apple,
gjc13,
harimau-qirex,
hawk248 and
harsha-rajendran
June 7, 2022 16:48
PR #19277: Size comparison from 49f6799 to e351173 Increases above 0.2%:
Increases (27 builds for cc13x2_26x2, cyw30739, esp32, k32w, linux)
Decreases (7 builds for cc13x2_26x2, linux)
Full report (27 builds for cc13x2_26x2, cyw30739, esp32, k32w, linux)
|
PR #19277: Size comparison from 47a51ce to 7686d00 Increases above 0.2%:
Increases (30 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
Decreases (6 builds for cc13x2_26x2, linux)
Full report (30 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
|
tehampson
reviewed
Jun 9, 2022
tehampson
approved these changes
Jun 9, 2022
woody-apple
approved these changes
Jun 9, 2022
Co-authored-by: tehampson <thampson@google.com>
bzbarsky-apple
approved these changes
Jun 10, 2022
tcarmelveilleux
added a commit
to tcarmelveilleux/connectedhomeip
that referenced
this pull request
Jun 10, 2022
- Leftover comments follow-up in method docs
tcarmelveilleux
added a commit
to tcarmelveilleux/connectedhomeip
that referenced
this pull request
Jun 10, 2022
- Semantic merge conflict between project-chip#19277 and project-chip#19261 - One line mismatch
andy31415
pushed a commit
that referenced
this pull request
Jun 10, 2022
bzbarsky-apple
pushed a commit
that referenced
this pull request
Jun 11, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
prevented ability to back keys by hardware/OS and allow the rollback
of keys on failsafe expiry
or after fail-safe expiry.
Fixes #19072
Issue #18633
Fixes #16443
Change overview
a commissionable node (with Opcreds cluster) is being commissioned
keys
Testing