Merge branch 'master' into build_variant_update

build/config/compiler/BUILD.gn

@@ -19,7 +19,7 @@ import("${build_root}/config/compiler/compiler.gni")
 import("${build_root}/config/sysroot.gni")
 import("${build_root}/config/target.gni")
 
-if (current_os == "mac") {
+if (current_os == "mac" || current_os == "ios") {
   import("${build_root}/config/mac/mac_sdk.gni")
 }
 
@@ -49,13 +49,11 @@ config("debug_default") {
 
 config("abi_default") {
   cflags = []
-  if (current_os == "mac") {
+  if (current_os == "mac" || current_os == "ios") {
     cflags += [
       "-target",
       mac_target_triple,
     ]
-  } else if (current_os == "ios") {
-    # iOS ABI currently set by chip_xcode_build_connector.sh
   }
 
   if (current_os != "mac" && current_os != "ios") {

build/config/mac/mac_sdk.gni

@@ -12,21 +12,34 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-_mac_deployment_target = "10.15"
-
-if (current_cpu == "arm64") {
-  _mac_deployment_target = "11.0"
+target_arch = current_cpu
+if (current_cpu == "x86") {
+  target_arch = "i386"
+} else if (current_cpu == "x64") {
+  target_arch = "x86_64"
+} else if (current_cpu == "armv7") {
+  target_arch = "arm"
+} else if (current_cpu == "arm64") {
+  target_arch = "arm64"
 }
 
-declare_args() {
-  # OS X version to target when compiling.
-  mac_deployment_target = _mac_deployment_target
+target_sdk = "macos"
+if (current_os != "mac") {
+  target_sdk = current_os
 }
 
-if (current_cpu == "x64") {
-  mac_target_arch = "x86_64"
+deployment_target = "10.15"
+if (current_os == "mac") {
+  if (current_cpu == "arm64") {
+    deployment_target = "11.0"
+  }
 } else {
-  mac_target_arch = current_cpu
+  deployment_target = "13.4"
+}
+
+declare_args() {
+  # SDK version to target when compiling.
+  mac_deployment_target = target_sdk + deployment_target
 }
 
-mac_target_triple = "${mac_target_arch}-apple-macos${mac_deployment_target}"
+mac_target_triple = "${target_arch}-apple-${mac_deployment_target}"

build_overrides/boringssl.gni

@@ -13,7 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import("//build_overrides/chip.gni")
+
 declare_args() {
   # Root directory for BoringSSL
-  boringssl_root = "//third_party/boringssl/repo"
+  boringssl_root = "${chip_root}/third_party/boringssl/repo"
 }

examples/darwin-framework-tool/BUILD.gn

@@ -24,6 +24,16 @@ if (config_use_interactive_mode) {
 
 assert(chip_build_tools)
 
+declare_args() {
+  chip_codesign = current_os == "ios"
+}
+
+if (current_os == "ios") {
+  output_sdk_type = "Debug-iphoneos"
+} else {
+  output_sdk_type = "Debug"
+}
+
 action("build-darwin-framework") {
   script = "${chip_root}/scripts/build/build_darwin_framework.py"
 
@@ -47,7 +57,7 @@ action("build-darwin-framework") {
 
   output_name = "Matter.framework"
   outputs = [
-    "${root_out_dir}/macos_framework_output/Build/Products/Debug/${output_name}",
+    "${root_out_dir}/macos_framework_output/Build/Products/${output_sdk_type}/${output_name}",
     "${root_build_dir}/darwin_framework_build.log",
     "${root_out_dir}/macos_framework_output/ModuleCache.noindex/",
     "${root_out_dir}/macos_framework_output/Logs",
@@ -64,11 +74,12 @@ config("config") {
     "${chip_root}/zzz_generated/controller-clusters",
     "${chip_root}/examples/chip-tool",
     "${chip_root}/zzz_generated/chip-tool",
-    "${root_out_dir}/macos_framework_output/Build/Products/Debug/",
+    "${root_out_dir}/macos_framework_output/Build/Products/${output_sdk_type}/",
   ]
 
-  framework_dirs =
-      [ "${root_out_dir}/macos_framework_output/Build/Products/Debug/" ]
+  framework_dirs = [
+    "${root_out_dir}/macos_framework_output/Build/Products/${output_sdk_type}/",
+  ]
 
   defines = [
     "CONFIG_ENABLE_YAML_TESTS=${config_enable_yaml_tests}",
@@ -139,7 +150,7 @@ executable("darwin-framework-tool") {
 
   ldflags = [
     "-rpath",
-    "@executable_path/macos_framework_output/Build/Products/Debug/",
+    "@executable_path/macos_framework_output/Build/Products/${output_sdk_type}/",
   ]
 
   frameworks = [
@@ -151,3 +162,20 @@ executable("darwin-framework-tool") {
 
   output_dir = root_out_dir
 }
+
+if (chip_codesign) {
+  action("codesign") {
+    script = "entitlements/codesign.py"
+    public_deps = [ ":darwin-framework-tool" ]
+
+    args = [
+      "--target_path",
+      rebase_path("${root_build_dir}/darwin-framework-tool", root_build_dir),
+      "--log_path",
+      rebase_path("${root_build_dir}/codesign_log.txt", root_build_dir),
+    ]
+
+    output_name = "codesign_log.txt"
+    outputs = [ "${root_build_dir}/${output_name}" ]
+  }
+}

examples/darwin-framework-tool/args.gni

@@ -15,3 +15,5 @@
 import("//build_overrides/chip.gni")
 
 import("${chip_root}/config/standalone/args.gni")
+
+chip_crypto = "boringssl"

examples/darwin-framework-tool/entitlements/codesign.py

@@ -45,9 +45,8 @@ def get_identity():
 
 
 def codesign(args):
-    command = "codesign --force -d --sign {identity} --entitlements {entitlement} {target}".format(
+    command = "codesign --force -d --sign {identity} {target}".format(
         identity=get_identity(),
-        entitlement=args.entitlements_path,
         target=args.target_path)
     command_result = run_command(command)
 
@@ -59,8 +58,6 @@ def codesign(args):
 if __name__ == '__main__':
     parser = argparse.ArgumentParser(
         description='Codesign the darwin-framework-tool binary')
-    parser.add_argument('--entitlements_path', default='entitlements/darwin-framework-tool.entitlements',
-                        help='Set the entitlements for codesign', required=True)
     parser.add_argument(
         '--log_path', help='Output log file destination', required=True)
     parser.add_argument('--target_path', help='Binary to sign', required=True)

examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.cpp

@@ -30,8 +30,9 @@
 
 #include <crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h>
 
-#define DEV_ATTESTATION_KEY_ID 0xDADADADA
-#define DEV_ATTESTATION_CERT_ID 0xDADADADB
+/* Device attestation key ids */
+#define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000
+#define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001
 
 extern CHIP_ERROR se05xGetCertificate(uint32_t keyId, uint8_t * buf, size_t * buflen);
 
@@ -57,8 +58,8 @@ CHIP_ERROR ExampleSe05xDACProvider::GetDeviceAttestationCert(MutableByteSpan & o
     return CopySpanToMutableSpan(DevelopmentCerts::kDacCert, out_dac_buffer);
 #else
     size_t buflen = out_dac_buffer.size();
-    ChipLogDetail(Crypto, "Get certificate from se05x");
-    ReturnErrorOnFailure(se05xGetCertificate(DEV_ATTESTATION_CERT_ID, out_dac_buffer.data(), &buflen));
+    ChipLogDetail(Crypto, "Get DA certificate from se05x");
+    ReturnErrorOnFailure(se05xGetCertificate(DEV_ATTESTATION_CERT_SE05X_ID, out_dac_buffer.data(), &buflen));
     out_dac_buffer.reduce_size(buflen);
     return CHIP_NO_ERROR;
 #endif
@@ -142,7 +143,7 @@ CHIP_ERROR ExampleSe05xDACProvider::SignWithDeviceAttestationKey(const ByteSpan
     VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(out_signature_buffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL);
 
-    keypair.SetKeyId(DEV_ATTESTATION_KEY_ID);
+    keypair.SetKeyId(DEV_ATTESTATION_KEY_SE05X_ID);
     keypair.provisioned_key = true;
     keypair.Initialize();
 

examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample.h

@@ -30,6 +30,7 @@ namespace Examples {
  *          storage abstractions.
  */
 DeviceAttestationCredentialsProvider * GetExampleSe05xDACProvider();
+DeviceAttestationCredentialsProvider * GetExampleSe05xDACProviderv2();
 
 } // namespace Examples
 } // namespace Credentials