tree: 6065b0ccfaceadb0473edb951ed2f082a8f2fba9 [path history] [tgz]
  1. base_matter_mg12_nvm3.s37
  2. base_matter_mg24_nvm3.s37

#FactoryDataProvider for EFR32 Matter device


The python script allows a user to store a set of commissionable data in the matter nvm3 section of an EFR32 device. This script can handle writing to any MCU EFR32MG12 or EFR32MG24 family.


The users need to have in their hands a valid and matching set of spake2p+ credentials:

  • Setup Discriminator
  • Setup Passcode
  • Spake2p Iteration count
  • Spake2p Salt

and one of the following:

  • Spake2p Verifier


  • path to spake2p generator binary

You can use this same spake2p generator to randomly generate a set of credentials or generate your a verifier based on the given Passcode, Iteration count and Salt.

More info on the Spake2p generator and how to build it can be found here Spake2p

How to use

Using Python 3 call the FactoryDataProvider script and provide the needed arguments. The script will validate the received data and if the device is connected to the host, write the data in the right nvm3 location.

If the device is not connected, The script will generate an image that can be flashed to your device at a later time but you must provide the MCU family name. (EFR32MG12 or EFR32MG24).

If you have more than one device connected to the host. Provide the J-tag serial number to ensure you are writing to the right device.

--discriminatorRequireddec/hexProvide BLE pairing discriminator. e.g: 3840 or 0xF00.
--passcodeRequireddec/hexProvide the default PASE session passcode used to generate the spake2p verifier.
--spake2_iterationRequireddec/hexProvide Spake2+ iteration count used to generate the spake2p verifier.
--spake2_saltRequiredstring1Provide Spake2+ salt used to generate the spake2p verifier.
--spake2_verifieroptional2string1Provide The pre-generated Spake2+ verifier.
--gen_spake2p_pathoptional2stringProvide the absolute path to spake2p generator.
--mcu_familyoptionalstringMCU Family target. Only needed if your board isn't plugged in (EFR32MG12 or EFR32MG24).
--jtag_serialoptionalstringProvide the serial number of the jtag if you have more than one board connected.
--product_idoptionaldec/hexProvide the product ID. e.g: 32773 or 0x8005 (Max 2 bytes).
--vendor_idoptionaldec/hexProvide the vendor ID. e.g: 65521 or 0xFFF1 (Max 2 bytes).
--product_nameoptionalstringProvide the product name (Max 32 char).
--vendor_nameoptionalstringProvide the vendor name (Max 32 char).
--hw_versionoptionaldec/hexProvide the hardware version value (Max 2 bytes).
--hw_version_stroptionalstringProvide the hardware version string (Max 64 char).
--rotating_idoptionalHex stringA 128 bits hex string unique id (without 0x).
--serial_numberoptionalstringProvide serial number of the device (Max 32 char).
--commissioning_flowoptionaldec/hexProvide Commissioning Flow 0=Standard, 1=User Action, 2=Custom.
--rendezvous_flagoptionaldec/hexProvide Rendez-vous flag: 1=SoftAP, 2=BLE 4=OnNetwork (Can be combined).

1 Salt and verifier must be provided as base64 string

2 You need to provide either a pre-generated spake2_verifier or path to the spake2p generator to generate the verifier

For the hex type, provide the value with the 0x prefix. For hex string type, do not add the 0x prefix.


 # With spake2_verifier
 python3 --passcode 20202021 --discriminator 0xf00 --spake2_iteration 1000 --spake2_salt U1BBS0UyUCBLZXkgU2FsdA== --spake2_verifier uWFwqugDNGiEck/po7KHwwMwwqZgN10XuyBajPGuyzUEV/iree4lOrao5GuwnlQ65CJzbeUB49s31EH+NEkg0JVI5MGCQGMMT/SRPFNRODm3wH/MBiehuFc6FJ/NH6Rmzw==
 # With gen_spake2p_path
 python3 --passcode 62034001 --discriminator 0xf01 --spake2_iteration 15000 --spake2_salt 95834coRGvFhCB69IdmJyr5qYIzFgSirw6Ja7g5ySYA= --gen_spake2p_path /Users/GitHub/connectedhomeip/src/tools/spake2p/out/spake2p