connectedhomeip icon indicating copy to clipboard operation
connectedhomeip copied to clipboard

Published 20 hours ago verified publisher icon project-chip

Unique ID for Rotating Device ID should be programmed per device during factory provisioning

Open kkasperczyk-no opened this issue 3 years ago • 4 comments

Problem

In https://github.com/project-chip/connectedhomeip/pull/15031 the initial change for making Rotating Device ID generation algorithm compatible with the spec was done (replacing serial number with unique ID). This change, for the purpose of rotating device id generation, added unique ID config that can be overwritten by the vendor, however it should not be a config at all as according to spec:

The unique identifier SHALL consist of a randomly-generated 128-bit or longer octet string which SHALL be programmed during factory provisioning or delivered to the device by the vendor using secure means after a software update.

Proposed Solution

Unique ID for Rotating Device ID should be part of factory data that are created per-device. Then the value should be read from flash and passed to the RDID generation algorithm. After that CHIP_DEVICE_CONFIG_ROTATING_DEVICE_ID_UNIQUE_ID should be removed.

kkasperczyk-no avatar Feb 16 '22 07:02 kkasperczyk-no

Spec Review: We do not believe this is a spec compliance issue, removing spec.

woody-apple avatar May 26 '22 17:05 woody-apple

Spec Review: @kkasperczyk-no can you please confirm this is still an issue and/or is it resolved with the linked PR?

woody-apple avatar May 26 '22 17:05 woody-apple

With my linked PR (#15031) it was not resolved, but I think the unique ID for Rotating Device ID was moved from the Configuration Manager to the DeviceInstanceInfoProvider interface in :https://github.com/project-chip/connectedhomeip/pull/18767. So I believe we could close the issue after this PR merge. @ArekBalysNordic could you confirm?

kkasperczyk-no avatar May 27 '22 08:05 kkasperczyk-no

Ok, I see what is the status, it is not done in the final shape yet.

I'm not sure how to handle this issue. In general there are many values that are factory data and it should be flashed and read from the memory, while currently we are using some default test values defined in the C header files. The unique ID is just one example of such value among the others like serial number, manufacturing date, hardware version etc.

I created this issue just to remember that current implementation is not in the final shape and we cannot use this default values in the release version. Nevertheless I believe we should handle it in one generic issue regarding all factory data that will be resolved only when all platforms will switch from using default configs to the real factory data read from flash.

kkasperczyk-no avatar May 27 '22 08:05 kkasperczyk-no

Issue Scrub: @kkasperczyk-no is this still an issue. If so, is this something you can look at?

woody-apple avatar Nov 02 '22 17:11 woody-apple

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] avatar May 02 '23 02:05 stale[bot]

This stale issue has been automatically closed. Thank you for your contributions.

stale[bot] avatar May 18 '23 18:05 stale[bot]