Skip to content

Commit 77202ac

Browse files
ArekBalysNordicArekBalysNordic
committed
doc: matter: Add known issue entry for PSA NOC bug
If a Matter controller attempts to commission a device to the same Matter fabric to which it is already commissioned, the failsafe procedure is triggered. In this case, the new NOC key is discarded, but the old NOC key is not restored. This issue is caused by a bug where the same PSA key ID is used for both the active and pending NOC keys. When the pending key is being destroyed, the active key is also destroyed. As a result, the TC-OPCREDS-3.8 certification test fails. Signed-off-by: Arkadiusz Balys <[email protected]>
1 parent 22555da commit 77202ac

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

doc/nrf/releases_and_maturity/known_issues.rst

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -596,6 +596,18 @@ Matter
596596

597597
The issues in this section are related to the :ref:`ug_matter` protocol.
598598

599+
.. rst-class:: v3-1-0 v3-0-2 v3-0-1 v3-0-0 v2-9-0-nRF54H20-1 v2-9-2 v2-9-1 v2-9-0 v2-8-0 v2-7-0 v2-6-4 v2-6-3 v2-6-2 v2-6-1 v2-6-0
600+
601+
KRKNWK-20445: PSA crypto implementation does not properly revert NOC keys when failsafe occurs
602+
If a Matter controller attempts to commission a device to the same Matter fabric to which it is already commissioned, and the failsafe procedure occurs (for example, some error occurs during the commissioning process), the new NOC key is discarded, but the old NOC key is not restored.
603+
This issue is caused by a bug where the same PSA key ID is used for both the active and pending NOC keys.
604+
When the pending key is being destroyed, the active key is also destroyed.
605+
The TC-OPCREDS-3.8 certification test fails on the |NCS| release v3.1.0.
606+
607+
**Workaround:** Manually cherry-pick and apply the commit with the fix to ``sdk-connectedhomeip`` (commit hash: ``fe650a3ee4948ef1a2edd55a7fe4f6eb561c9e64``).
608+
This fix can be applied only to the |NCS| release v3.1.0.
609+
The workaround cannot be applied if the experimental :kconfig:option:`CONFIG_CHIP_STORE_KEYS_IN_KMU` Kconfig option is set to ``y``.
610+
599611
.. rst-class:: v3-0-2 v3-0-1 v3-0-0 v2-9-0-nRF54H20-1 v2-9-2 v2-9-1 v2-9-0 v2-8-0 v2-7-0
600612

601613
KRKNWK-19277: Invalid testing steps in the Light Switch README file

0 commit comments

Comments
 (0)