• State Not Answered
  • Replies 11 replies
  • Subscribers 74 subscribers
  • Views 1858 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 320213
Options

Android chip-tool unable to commission nano leaf bulb, throwing pairing failed error on android chip-tool app

Sravan Kumar

Setup details:

In RPi running otbr-agent with nrf dongle RCP.

end device : nano leaf bulb.

Android chip-tool downloaded from : https://github.com/nrfconnect/sdk-connectedhomeip/releases/download/v2.2.0/chip-tool-android_aarch64.apk

as no logs available in  nano leaf bulb, so not captured logs.

android chip-tool logs:

Line 99936: 01-08 17:00:06.317 8821 8838 D CTL : Received ArmFailSafe response errorCode=0 Line 100071: 01-08 17:00:06.413 8821 8838 D CTL : Received SetRegulatoryConfig response errorCode=0

Line 101174: 01-08 17:00:07.431 8821 8838 E CTL : Failed in verifying 'Attestation Information' command received from the device: err 101. Look at AttestationVerificationResult enum to understand the errors

Line 101175: 01-08 17:00:07.431 8821 8838 D CTL : Error on commissioning step 'AttestationVerification': '../../src/controller/CHIPDeviceController.cpp:1031: CHIP Error 0x000000AC: Internal error'

Line 101177: 01-08 17:00:07.431 8821 8838 D CTL : Going from commissioning step 'AttestationVerification' with lastErr = '../../src/controller/CHIPDeviceController.cpp:1031: CHIP Error 0x000000AC: Internal error' -> 'Cleanup'

Line 101178: 01-08 17:00:07.431 8821 8838 D CTL : Performing next commissioning step 'Cleanup' with completion status = '../../src/controller/CHIPDeviceController.cpp:1031: CHIP Error 0x000000AC: Internal error'

Line 124310: 01-08 17:07:15.081 2940 8559 E cnlo : Phenotype API error. Event # ezbd@d734990d, EventCode: 5 [CONTEXT service_id=51 ] Line 125091: 01-08 17:07:16.375 2940 6988 E cnlo : Phenotype API error. Event # ezbd@e75e96aa, EventCode: 5 [CONTEXT service_id=51 ]

but otbr-agent running in Rpi no issues.

Let me know any further info required .

as per chip-tool logs some analysis:

how to add path to certificates in android chip-tool app or add --bypass-attestation-verifier to pairing command

Parents
  • 0

    Hi

    Okay, after another look at the logs it seems like the attestation verification isn't able to find a PAA as it reports "Failed in verifying 'Attestation Information' command received from the device: err 101" which points to "kPaaNotFound". Sorry I didn't catch that initially.

    This is likely because by default the chip-tool only uses the test PAA, while a "real" product like the nano leaf bulb will use a production quality PAA. You probably need to pass a --paa-trust-store-path argument or something to chip-tool that points to a directory of PAA certs that you want to trust and connect to.  If you just want to trust them all, passing the credentials/development/paa-root-certs or credentials/production/paa-root-certs directory in the Matter repo should work.

    Best regards,

    Simon

Reply
  • 0

    Hi

    Okay, after another look at the logs it seems like the attestation verification isn't able to find a PAA as it reports "Failed in verifying 'Attestation Information' command received from the device: err 101" which points to "kPaaNotFound". Sorry I didn't catch that initially.

    This is likely because by default the chip-tool only uses the test PAA, while a "real" product like the nano leaf bulb will use a production quality PAA. You probably need to pass a --paa-trust-store-path argument or something to chip-tool that points to a directory of PAA certs that you want to trust and connect to.  If you just want to trust them all, passing the credentials/development/paa-root-certs or credentials/production/paa-root-certs directory in the Matter repo should work.

    Best regards,

    Simon

Children
  • 0 in reply to Simonr

    Thanks Simon, for pointing out exact reason.

    reg production quality PAA, if it is linux chip-tool, then we can pass below commands:

    sudo ./chip-tool pairing ble-thread 1 hex:0e080000000000010000000300000f35060004001fffe0020811111111222222220708fd4d2e4edd59e21f051000112233445566778899aabbccddeeff030e4f70656e54687265616444656d6f010212340410445f2b5ca6f2a93a55ce570a70efeecb0c0402a0f7f8 83611958 1044 --cd-trust-store-path ../../credentials/development/cd-certs --paa-trust-store-path ../../credentials/production/paa-root-certs/ --trace_log 1 --trace_file trace.raw --trace-decode 1

    or

    sudo ./chip-tool pairing ble-thread 1 hex:0e080000000000010000000300000b35060004001fffe0020800000b2f4fc084780708fdcf1765bb15ebec051000112233445566778899aabbccddeeff030e4f70656e54687265616444656d6f010231240410445f2b5ca6f2a93a55ce570a70efeecb0c0402a0f7f8 83611958 1044 --bypass-attestation-verifier true

    but in android chip-tool how we can achieve the same, let us know if any way is there?

Related
Terms of service