examples: add custom certification declaration example in light example

Author: Jerry-ESP

components/esp_matter/esp_matter_providers.cpp

@@ -71,7 +71,7 @@ void set_custom_device_info_provider(DeviceInfoProvider *provider)
 }
 #endif
 
-static DeviceAttestationCredentialsProvider *get_dac_provider(void)
+DeviceAttestationCredentialsProvider *get_dac_provider(void)
 {
 #if CONFIG_SEC_CERT_DAC_PROVIDER
     static ESP32SecureCertDACProvider instance;

components/esp_matter/esp_matter_providers.h

@@ -58,4 +58,6 @@ void set_custom_device_info_provider(chip::DeviceLayer::DeviceInfoProvider *prov
 #endif
 
 void setup_providers();
+
+chip::Credentials::DeviceAttestationCredentialsProvider *get_dac_provider(void);
 } // namespace esp_matter

docs/en/developing.rst

@@ -1110,7 +1110,13 @@ For more info about the arguments, please check `here <https://github.com/espres
 2.7.3 Factory Partition
 ~~~~~~~~~~~~~~~~~~~~~~~
 
-Factory partition contains basic information like VID, PID, etc, and CD.
+Factory partition contains basic information like VID, PID, etc.
+
+By default, the CD(Certification Declaration) is stored in the factory partition and we need to add the ``-cd`` option when generating the factory partition.
+
+Alternatively, if you’d like to embed the CD in the firmware, you can enable the
+``CONFIG_ENABLE_SET_CERT_DECLARATION_API`` option and use the ``SetCertificationDeclaration()`` API to set the CD.
+You can refer to the reference implementation in :project_file: `light example <https://github.com/espressif/esp-matter/tree/main/examples/light>`__.
 
 Export the dependent tools path
 

examples/light/main/CMakeLists.txt

@@ -1,5 +1,9 @@
 idf_component_register(SRC_DIRS          "."
                        PRIV_INCLUDE_DIRS  "." "${ESP_MATTER_PATH}/examples/common/utils")
 
+if (CONFIG_ENABLE_SET_CERT_DECLARATION_API)
+    target_add_binary_data(${COMPONENT_TARGET} "certification_declaration/certification_declaration.der" BINARY)
+endif()
+
 set_property(TARGET ${COMPONENT_LIB} PROPERTY CXX_STANDARD 17)
 target_compile_options(${COMPONENT_LIB} PRIVATE "-DCHIP_HAVE_CONFIG_H")

examples/light/main/app_main.cpp

@@ -24,6 +24,17 @@
 #include <app/server/CommissioningWindowManager.h>
 #include <app/server/Server.h>
 
+#ifdef CONFIG_ENABLE_SET_CERT_DECLARATION_API
+#include <esp_matter_providers.h>
+#include <lib/support/Span.h>
+#ifdef CONFIG_SEC_CERT_DAC_PROVIDER
+#include <platform/ESP32/ESP32SecureCertDACProvider.h>
+#elif defined(CONFIG_FACTORY_PARTITION_DAC_PROVIDER)
+#include <platform/ESP32/ESP32FactoryDataProvider.h>
+#endif
+using namespace chip::DeviceLayer;
+#endif
+
 static const char *TAG = "app_main";
 uint16_t light_endpoint_id = 0;
 
@@ -34,6 +45,13 @@ using namespace chip::app::Clusters;
 
 constexpr auto k_timeout_seconds = 300;
 
+#ifdef CONFIG_ENABLE_SET_CERT_DECLARATION_API
+extern const uint8_t cd_start[] asm("_binary_certification_declaration_der_start");
+extern const uint8_t cd_end[] asm("_binary_certification_declaration_der_end");
+
+const chip::ByteSpan cdSpan(cd_start, static_cast<size_t>(cd_end - cd_start));
+#endif // CONFIG_ENABLE_SET_CERT_DECLARATION_API
+
 #if CONFIG_ENABLE_ENCRYPTED_OTA
 extern const char decryption_key_start[] asm("_binary_esp_image_encryption_key_pem_start");
 extern const char decryption_key_end[] asm("_binary_esp_image_encryption_key_pem_end");
@@ -208,6 +226,15 @@ extern "C" void app_main()
     set_openthread_platform_config(&config);
 #endif
 
+#ifdef CONFIG_ENABLE_SET_CERT_DECLARATION_API
+    auto * dac_provider = get_dac_provider();
+#ifdef CONFIG_SEC_CERT_DAC_PROVIDER
+    static_cast<ESP32SecureCertDACProvider *>(dac_provider)->SetCertificationDeclaration(cdSpan);
+#elif defined(CONFIG_FACTORY_PARTITION_DAC_PROVIDER)
+    static_cast<ESP32FactoryDataProvider *>(dac_provider)->SetCertificationDeclaration(cdSpan);
+#endif
+#endif // CONFIG_ENABLE_SET_CERT_DECLARATION_API
+
     /* Matter start */
     err = esp_matter::start(app_event_cb);
     ABORT_APP_ON_FAILURE(err == ESP_OK, ESP_LOGE(TAG, "Failed to start Matter, err:%d", err));