app_main: add 5 s BOOT-button factory reset to recover commissioning …#47
app_main: add 5 s BOOT-button factory reset to recover commissioning …#47
Conversation
…mode If GPIO9 (BOOT button, active-low) is held at startup for 5 s, erase nvs_matter and reboot. This clears the fabric table, PAKE verifier, ACL and group keys, returning the device to commissioning mode so that BLE advertising restarts and Home Assistant can rediscover the device. Release the button within 5 s to cancel without side-effects. https://claude.ai/code/session_01SxqAiQApiRTwXefk9aQ6bR
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c90aac85bf
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
main/app_main.cpp
Outdated
| ESP_LOGW(kTag, "Factory reset in %d s…", i - 1); | ||
| } | ||
| ESP_LOGW(kTag, "Erasing nvs_matter — device will reboot into commissioning mode"); | ||
| nvs_flash_erase_partition("nvs_matter"); |
There was a problem hiding this comment.
nvs_flash_erase_partition("nvs_matter") wipes the entire Matter partition, but this repo routes all Matter namespaces (CONFIG_CHIP_FACTORY_NAMESPACE_PARTITION_LABEL, CONFIG_CHIP_CONFIG_NAMESPACE_PARTITION_LABEL, and CONFIG_ESP_MATTER_NVS_PART_NAME) to nvs_matter in sdkconfig.defaults (lines 47-49), with factory credentials described as write-once data (lines 33-35). In environments where those factory entries are not automatically reprovisioned, holding BOOT for this recovery path will also delete setup/attestation material and can leave the node unable to commission again; this reset path should clear only fabric/config state (or call the platform factory-reset API) instead of erasing the whole partition.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
The partition is mounted first via nvs_flash_init_partition, then each namespace is opened and cleared individually with nvs_erase_all + nvs_commit. The chip-factory namespace is never touched.
…p-factory
Replacing nvs_flash_erase_partition("nvs_matter") with targeted NVS
namespace erases: chip-config (fabric table, ACL, group keys, subscriptions)
and chip-counters are cleared, but chip-factory (discriminator, PAKE
verifier, DAC) is preserved.
Erasing the whole partition deleted write-once attestation material that
cannot be recovered without re-flashing, leaving the device unable to
commission again.
https://claude.ai/code/session_01SxqAiQApiRTwXefk9aQ6bR
2 participants
If GPIO9 (BOOT button, active-low) is held at startup for 5 s, erase nvs_matter and reboot. This clears the fabric table, PAKE verifier, ACL and group keys, returning the device to commissioning mode so that BLE advertising restarts and Home Assistant can rediscover the device.
Release the button within 5 s to cancel without side-effects.