Tim Conrad – Senior Security Consultant
To set up the light switch, first pull the newest changes from the matter repository and set up the light switch example as follows:
# Only perform this if you do not have the esp idf tool setup already.
mkdir ${HOME}/tools
cd ${HOME}/tools
git clone https://github.com/espressif/esp-idf.git
cd esp-idf
git checkout v4.4
git submodule update --init
./install.sh
. ./export.sh
# Move to your matter repo
cd ~/connectedhomeip
git pull
# This will remove your environmental settings just in case you have errors during the activate.
rm -r .environment
# Bootstrap and activate Matter repo
source ./scripts/bootstrap.sh
source ./scripts/activate.sh
# Move to example
cd examples/light-switch-app/esp32
# Set the target
idf.py set-target esp32
# Build the app
idf.py build
# Flash it to your device
idf.py -p /dev/ttyUSB0 flash monitor
Now we have the light switch flashed with the firmware, to continue we need to add the device as an existing node to our fabric like we have done in Part 2 with the chip-tool.
./chip-tool pairing ble-wifi 12344320 "IoT Testing" NotTheRealPassword 20202021 3840
The light switch will have the Node ID 12344320 (and the all-cluster-app had the Node ID 12344321).
Now we need to provide the all-cluster-app [12344321] with an access control list (ACL) that allows the light-switch _[12344320] to access the on-off-cluster (Endpoint 1, Cluster 6). Then we will take a closer look at the following command:
./chip-tool accesscontrol write acl '[{"fabricIndex": 1, "privilege": 5, "authMode": 2, "subjects": [112233], "targets": null },{"fabricIndex": 1, "privilege": 3, "authMode": 2, "subjects": [12344320], "targets": null }]' 12344321 0
The comments explain the used ACL a bit closer:
[{
"fabricIndex": 1, // Symbolizes the fabric to which the ACL belongs (important for multi-fabric usage)
"privilege": 5, // 5 refers to highest privilege (Administer)
"authMode": 2, // CASE authentication (1 - PASE authentication)
"subjects": [112233], // Refers to the chip-tool node id
"targets": null // null means wildcard therefore all endpoints are targets
}, {
"fabricIndex": 1,
"privilege": 3, // 3 - Operate
"authMode": 2, // CASE authentication
"subjects": [12344320], // Node ID of the light switch
"targets": null // wildcard, operate all endpoints
}]
The Node Id 12344321 (all-cluster-app) and the endpoint 0 are reserved for matter protocol-specific clusters, e.g., binding, pairing, etc.
Basically, the first ACL was provided by the commissioning process and allows our CLI tool (chip-tool) to access and administer the two devices. The second ACL gives the light-switch the access to operate the on-off cluster (or in this case all clusters). (These are too many rights and should be limited in production use, but for an example, it is okay.)
./chip-tool binding write binding '[{"fabricIndex": 1, "node":12344321, "endpoint":1, "cluster":6}]' 12344320 1
The binding will tell the light switch where it can operate:
[{
"fabricIndex": 1, // Symbolizes the fabric to which the ACL belongs
"node": 12344321, // Node of the light (all-cluster-app)
"endpoint": 1, // Endpoint of the on-off-cluster
"cluster": 6 // on-off-cluster
}]
Now you can press the boot button on the light ESP (close to the USB-Port) and you will see the light turn on.
This concludes our series, we have now a fully working example end to end. Our two Matter devices communicate with each other and we learned about all basic concepts to start working on our own ideas.
In Part 4 we will take a step further and look at Matter Bridges, this will be especially interesting for all that already own or maintain an existing smart home system.
Patrick Sernetz – Head of Solution Architecture
Hi, I'm Patrick. Do you have any questions about Matter? Feel free to contact me by e-mail.