# Working with the CHIP Tool
The CHIP Tool (`chip-tool`) is a Matter controller implementation that allows to
commission a Matter device into the network and to communicate with it using
Matter messages, which may encode Data Model actions, such as cluster commands.
The tool also provides other utilities specific to Matter, such as parsing of
the setup payload or performing discovery actions.
## Source files
You can find source files of the CHIP Tool in the `examples/chip-tool`
directory.
> **Note:** The CHIP Tool caches the configuration state in the
> `/tmp/chip_tool_config.ini` file. Deleting this and other `.ini` files in the
> `/tmp` directory can sometimes resolve issues related to stale configuration.
## Building and running the CHIP Tool
Before you can use the CHIP Tool, you must compile it from source on Linux
(amd64/aarch64) or macOS. If you want to run it on Raspberry Pi, it must use a
64-bit OS.
> **Note:** To ensure compatibility, always build the CHIP Tool and the Matter
> device from the same revision of the `connectedhomeip` repository.
### Building the CHIP Tool
To build and run the CHIP Tool:
1. Install all required packages for Matter and prepare the source code and the
build system. Read the [Building Matter](BUILDING.md) guide for instructions.
2. Open a command prompt in the `connectedhomeip` directory.
3. Run the following command:
```
./scripts/examples/gn_build_example.sh examples/chip-tool BUILD_PATH
```
In this command, `BUILD_PATH` specifies where the target binaries are to be
placed.
### Running the CHIP Tool
To check if the CHIP Tool runs correctly, execute the following command from the
`BUILD_PATH` directory:
```
$ ./chip-tool
```
As a result, the CHIP Tool starts in the default
[single-command mode](#single-command-mode-default) and prints all available
commands. These are called _clusters_ in this context, but not all listed
commands correspond to the _clusters_ in the Data Model (for example, pairing or
discover commands). Each listed command can however become the root of the new
more complex command by appending it with sub-commands. Examples of specific
commands and their use cases are described in the
[Supported commands and options](#supported-commands-and-options) section.
## CHIP Tool modes
The CHIP Tool can run in one of the following modes:
### Single-command mode (default)
In this mode, the CHIP Tool will exit with a timeout error if any single command
does not complete within a certain timeout period.
The timeout error will look similar to the following one:
```
[1650992689511] [32397:1415601] CHIP: [TOO] Run command failure: ../../../examples/chip-tool/commands/common/CHIPCommand.cpp:392: CHIP Error 0x00000032: Timeout
```
Moreover, when using the single-command mode, the CHIP Tool will establish a new
CASE session with every command sent.
#### Modifying timeout duration in single-command mode
This timeout can be modified for any command execution by supplying the optional
`--timeout` parameter, which takes a value in seconds, with the maximum being
65535 seconds.
**Example of command:**
```
$ ./chip-tool otasoftwareupdaterequestor subscribe-event state-transition 5 10 0x1234567890 0 --timeout 65535
```
### Interactive mode
In this mode, a command will terminate with an error if it does not complete
within the timeout period. However, the CHIP Tool will not be terminated and it
will not terminate processes that previous commands have started. Moreover, when
using the interactive mode, the CHIP Tool will establish a new CASE session only
when there is no session available yet. On the following commands, it will use
the existing session.
#### Starting the interactive mode
For commands such as event subscriptions that need to run for an extended period
of time, the CHIP Tool can be started in interactive mode first before running
the command.
To start the interactive mode, run the following command:
```
$ ./chip-tool interactive start
```
In this mode, you can subscribe to events or attributes. For detailed steps, see
[Subscribing to events or attributes](#subscribing-to-events-or-attributes).
## Using CHIP Tool for Matter device testing
The following steps depend on the application clusters that you implemented on
the device.
The steps are using the
[Matter Lighting Application Example](https://github.com/project-chip/connectedhomeip/tree/master/examples/lighting-app)
with the Bluetooth LE commissioning method support. You can use other Matter
examples and still follow this procedure. If you use a different example, the
[Step 7](#step-7-control-application-data-model-clusters) may vary depending on
the clusters implemented in your application.
### Step 1: Prepare the Matter device
Build and program the device with the Matter device firmware by following the
[Matter Lighting Application Example](https://github.com/project-chip/connectedhomeip/tree/master/examples/lighting-app)
documentation.
### Step 2: Enable Bluetooth LE advertising on Matter device
Some examples are configured to advertise automatically on boot. Other examples
require physical trigger, for example pushing a button. Follow the documentation
of the Matter device example for the chosen platform to learn how Bluetooth LE
advertising is enabled for the given example.
### Step 3: Set up the IP network
To follow the next steps, the IP network must be up and running. For instance,
the Thread network can be established using
[OpenThread Border Router](https://openthread.io/codelabs/openthread-border-router#0).
### Step 4: Determine network pairing credentials
You must provide the CHIP Tool with network credentials that will be used in the
device commissioning procedure to configure the device with a network interface,
such as Thread or Wi-Fi.
The Matter specification does not define the preferred way of how the network
credentials are to be obtained by controller. In this guide, we are going to
provide steps for obtaining Thread and Wi-Fi network credentials.
#### Obtaining Thread network credentials
Fetch and store the current Active Operational Dataset from the Thread Border
Router. This step may vary depending on the Thread Border Router implementation.
If you are using
[OpenThread Border Router](https://openthread.io/codelabs/openthread-border-router#0)
(OTBR), retrieve this information using one of the following commands:
- For OTBR running in Docker:
```
sudo docker exec -it otbr sh -c "sudo ot-ctl dataset active -x"
0e080000000000010000000300001335060004001fffe002084fe76e9a8b5edaf50708fde46f999f0698e20510d47f5027a414ffeebaefa92285cc84fa030f4f70656e5468726561642d653439630102e49c0410b92f8c7fbb4f9f3e08492ee3915fbd2f0c0402a0fff8
Done
```
- For OTBR native installation:
```
sudo ot-ctl dataset active -x
0e080000000000010000000300001335060004001fffe002084fe76e9a8b5edaf50708fde46f999f0698e20510d47f5027a414ffeebaefa92285cc84fa030f4f70656e5468726561642d653439630102e49c0410b92f8c7fbb4f9f3e08492ee3915fbd2f0c0402a0fff8
Done
```
For Thread, you might also use a different out-of-band method to fetch the
network credentials.
#### Obtaining Wi-Fi network credentials
You must get the following Wi-Fi network credentials to commission the Matter
device to the Wi-Fi network:
- Wi-Fi SSID
- Wi-Fi password
The steps required to determine the SSID and password may vary depending on the
setup. For instance, you might need to contact your local Wi-Fi network
administrator.
### Step 5: Determine Matter device's discriminator and setup PIN code
Matter uses the following values:
- Discriminator - A 12-bit value used to discern between multiple
commissionable device advertisements.
- Setup PIN code - A 27-bit value used to authenticate the device.
You can find these values in the logging terminal of the device (for instance
UART) when the device boots up. For example:
```
I: 254 [DL]Device Configuration:
I: 257 [DL] Serial Number: TEST_SN
I: 260 [DL] Vendor Id: 65521 (0xFFF1)
I: 263 [DL] Product Id: 32768 (0x8000)
I: 267 [DL] Hardware Version: 1
I: 270 [DL] Setup Pin Code: 20202021
I: 273 [DL] Setup Discriminator: 3840 (0xF00)
I: 278 [DL] Manufacturing Date: (not set)
I: 281 [DL] Device Type: 65535 (0xFFFF)
```
In this printout, the discriminator is `3840 (0xF00)` and the setup PIN code is
`20202021`.
### Step 6: Commission Matter device into an existing IP network
Before communicating with the Matter device, first it must join an existing IP
network.
Matter devices can use different commissioning channels:
- Devices that are not yet connected to the target IP network use Bluetooth LE
as the commissioning channel.
- Devices that have already joined an IP network only need to use the IP
protocol for commissioning to the Matter network.
#### Commissioning over Bluetooth LE
In this case, your device can join the existing IP network over Bluetooth LE and
then be commissioned into a Matter network.
Different scenarios are available for Thread and Wi-Fi networks, as described in
the following subsections.
After connecting the device over Bluetooth LE, the controller prints the
following log:
```
Secure Session to Device Established
```
This log message means that the PASE (Password-Authenticated Session
Establishment) session using SPAKE2+ protocol has been established.
##### Commissioning into a Thread network over Bluetooth LE
To commission the device to the existing Thread network, use the following
command pattern:
```
$ ./chip-tool pairing ble-thread hex:
```
In this command:
- __ is the user-defined ID of the node being commissioned.
- __ is the Operational Dataset determined in the
[step 4](#step-4-determine-network-pairing-credentials).
- __ and __ are device-specific keys determined in
the
[step 5](#step-5-determine-matter-devices-discriminator-and-setup-pin-code).
##### Commissioning into a Wi-Fi network over Bluetooth LE
To commission the device to the existing Wi-Fi network, use the following
command pattern:
```
$ ./chip-tool pairing ble-wifi
```
In this command:
- __ is the user-defined ID of the node being commissioned.
- __ and __ are credentials determined in the step 3.
- __ and __ are device-specific keys determined in
the
[step 5](#step-5-determine-matter-devices-discriminator-and-setup-pin-code).
If you prefer the hexadecimal format, use the `hex:` prefix. For example:
```
$ ./chip-tool pairing ble-wifi hex: hex:
```
> **Note:** The __ can be provided as a hexadecimal value with the `0x`
> prefix.
#### Commissioning into a network over IP
This option is available when the Matter device is already present in an IP
network, but it has not been commissioned to a Matter network yet.
To commission the device, you can use either the setup PIN code or the setup PIN
code and the discriminator, both of which you obtained in the
[step 5](#step-5-determine-matter-devices-discriminator-and-setup-pin-code).
Alternatively, you can also use a QR code payload.
##### Commissioning with setup PIN code
To discover devices and try to pair with one of them using the provided setup
code, use the following command pattern:
```
$ ./chip-tool pairing onnetwork
```
The command keeps trying devices until pairing with one of them succeeds or
until it runs out of pairing possibilities. In this command:
- __ is the user-defined ID of the node being commissioned.
- __ is device specific _setup PIN code_ determined in the
[step 5](#step-5-determine-matter-devices-discriminator-and-setup-pin-code)
and used to discover the device.
##### Commissioning with long discriminator
To discover devices with a long discriminator and try to pair with one of them
using the provided setup code, use the following command pattern:
```
$ ./chip-tool pairing onnetwork-long
```
The command keeps trying devices until pairing with one of them succeeds or
until it runs out of pairing possibilities. In this command:
- __ is the user-defined ID of the node being commissioned.
- __ and __ are device specific keys determined in
the
[step 5](#step-5-determine-matter-devices-discriminator-and-setup-pin-code).
##### Commissioning with QR code payload or manual pairing code
Matter devices log the QR code payload and manual pairing code when they boot.
To discover devices based on the given QR code payload or manual pairing code
and try to pair with one of them, use the following command pattern:
```
$ ./chip-tool pairing code
```
The command keeps trying devices until pairing with one of them succeeds or
until it runs out of pairing possibilities. In this command:
- __ is the user-defined ID of the node being commissioned.
- __ is the QR code payload ID, for example
`MT:Y.K9042C00KA0648G00`, or a manual pairing code like
`749701123365521327694`.
#### Forgetting the already-commissioned device
In case commissioning needs to be retested, the following command removes the
device with the given node ID from the list of commissioned Matter devices:
```
$ ./chip-tool pairing unpair
```
In this command, __ is the user-defined ID of the node which is going
to be forgotten by the CHIP Tool.
### Step 7: Control application Data Model clusters
Having completed all previous steps, you have the Matter device successfully
commissioned to the network. You can now test the device by interacting with
Data Model clusters.
#### Example: Matter Lighting Application Example
In case of the Matter Lighting Application Example we referenced in step 1, the
application implements the On/Off and Level Control clusters. This means that
you can test it by toggling the bulb (using the `onoff` cluster commands) or by
manipulating its brightness (using the `levelcontrol` cluster commands):
- Use the following command pattern to toggle the OnOff attribute state (e.g.
visualized by the LED state):
```
$ ./chip-tool onoff toggle
```
In this command:
- __ is the user-defined ID of the commissioned node.
- __ is the ID of the endpoint with OnOff cluster
implemented.
- Use the following command pattern to change the value of the CurrentLevel
attribute (e.g. visualized by the LED brightness):
```
$ ./chip-tool levelcontrol move-to-level
```
In this command:
- __ is the brightness level encoded between `0` and `254`, unless
a custom range is configured in the cluster.
- __ is the transition time.
- __ is the option mask.
- __ is the option override.
- __ is the user-defined ID of the commissioned node.
- __ is the ID of the endpoint with LevelControl cluster
implemented.
### Step 8: Read basic information from the Matter device
Every Matter device supports the Basic Information cluster, which maintains the
collection of attributes that a controller can obtain from a device. These
attributes can include the vendor name, the product name, or the software
version.
Use the CHIP Tool's `read` command on the `basicinformation` cluster to read
those values from the device:
```
$ ./chip-tool basicinformation read vendor-name
$ ./chip-tool basicinformation read product-name
$ ./chip-tool basicinformation read software-version
```
In these commands:
- __ is the user-defined ID of the commissioned node.
- __ is the ID of the endpoint with Basic Information cluster
implemented.
You can also use the following command to list all available commands for the
Basic Information cluster:
```
$ ./chip-tool basicinformation
```
## Supported commands and options
This section contains a general list of various CHIP Tool commands and options,
not limited to commissioning procedure and cluster interaction.
### Printing all supported clusters
To print all clusters supported by the CHIP Tool, run the following command:
```
$ ./chip-tool
```
**Example of output:**
```bash
[1647346057.900626][394605:394605] CHIP:TOO: Missing cluster name
Usage:
./chip-tool cluster_name command_name [param1 param2 ...]
+-------------------------------------------------------------------------------------+
| Clusters: |
+-------------------------------------------------------------------------------------+
| * accesscontrol |
| * accountlogin |
| * administratorcommissioning |
| * alarms |
| * any |
| * appliancecontrol |
| * applianceeventsandalert |
| * applianceidentification |
| * appliancestatistics |
| * applicationbasic |
```
### Getting the list of commands supported for a specific cluster
To print the list of commands supported by a specific cluster, use the following
command pattern:
```
$ ./chip-tool
```
In this command:
- __ is one of the available clusters (listed with
`chip-tool`).
**Example of command:**
```
$ ./chip-tool onoff
```
**Example of output:**
```bash
[1647417645.182824][404411:404411] CHIP:TOO: Missing command name
Usage:
./chip-tool onoff command_name [param1 param2 ...]
+-------------------------------------------------------------------------------------+
| Commands: |
+-------------------------------------------------------------------------------------+
| * command-by-id |
| * off |
| * on |
| * toggle |
| * off-with-effect |
| * on-with-recall-global-scene |
| * on-with-timed-off |
| * read-by-id |
| * read |
| * write-by-id |
| * write |
| * subscribe-by-id |
| * subscribe |
| * read-event-by-id |
| * subscribe-event-by-id |
+-------------------------------------------------------------------------------------+
[1647417645.183836][404411:404411] CHIP:TOO: Run command failure: ../../examples/chip-tool/commands/common/Commands.cpp:84: Error 0x0000002F
```
### Getting the list of attributes supported for a specific cluster
To get the list of attributes for a specific cluster, use the following command
pattern:
```
$ ./chip-tool read
```
In this command:
- __ is one of the available clusters (listed with
`chip-tool`).
**Example of command:**
```
$ ./chip-tool onoff read
```
**Example of output:**
```bash
[1647417857.913942][404444:404444] CHIP:TOO: Missing attribute name
Usage:
./chip-tool onoff read attribute-name [param1 param2 ...]
+-------------------------------------------------------------------------------------+
| Attributes: |
+-------------------------------------------------------------------------------------+
| * on-off |
| * global-scene-control |
| * on-time |
| * off-wait-time |
| * start-up-on-off |
| * server-generated-command-list |
| * client-generated-command-list |
| * attribute-list |
| * feature-map |
| * cluster-revision |
+-------------------------------------------------------------------------------------+
[1647417857.914110][404444:404444] CHIP:TOO: Run command failure: ../../examples/chip-tool/commands/common/Commands.cpp:120: Error 0x0000002F
```
### Getting the list of command options
To get the list of parameters for a specific command, use the following command
pattern:
```
$ ./chip-tool
```
In this command:
- __ is one of the available clusters (listed with
`chip-tool`).
- __ is one of the target command names.
**Example of command:**
```
$ ./chip-tool onoff on
```
**Example of output:**
```bash
[1647417976.556313][404456:404456] CHIP:TOO: InitArgs: Wrong arguments number: 0 instead of 2
Usage:
./chip-tool onoff on node-id/group-id endpoint-id-ignored-for-group-commands [--paa-trust-store-path] [--commissioner-name] [--trace_file] [--trace_log] [--ble-adapter] [--timedInteractionTimeoutMs] [--suppressResponse]
[1647417976.556362][404456:404456] CHIP:TOO: Run command failure: ../../examples/chip-tool/commands/common/Commands.cpp:135: Error 0x0000002F
```
#### Selected command options
This section lists selected options that can be used to configure the input
command.
##### Choosing the Bluetooth adapter
To choose the Bluetooth adapter used by the CHIP Tool, use the following command
pattern:
```
--ble-adapter
```
In this command:
- __ is the ID of HCI device.
**Example of usage:**
```
$ ./chip-tool pairing ble-thread 1 hex:0e080000000000010000000300001335060004001fffe002084fe76e9a8b5edaf50708fde46f999f0698e20510d47f5027a414ffeebaefa92285cc84fa030f4f70656e5468726561642d653439630102e49c0410b92f8c7fbb4f9f3e08492ee3915fbd2f0c0402a0fff8 20202021 3840 --ble-adapter 0
```
##### Using message tracing
Message tracing allows capturing CHIP Tool secure messages that can be used for
test automation. The tracing uses several types of flags that control where the
traces should go.
The following flags are available:
- Trace file flag:
```
--trace_file
```
Here, __ is the name of the file where the trace data is stored.
It can be appended to a command in the following way:
```
$ ./chip-tool pairing --trace_file
```
- Trace log flag:
```
--trace_log
```
Here, __ is a `[0/1]` flag, which when set to `1` prints the trace
data with automation logs to the console.
### Commissioner name and ID flags
All CHIP Tool commands can be used together with the following
commissioner-related flags:
- `--commissioner-name`
- `--commissioner-nodeid`
These flags let you control which fabric and node ID are used for the CHIP Tool
when interacting with devices. They are especially useful in scenarios where you
are working with more than one fabric, but you can also use them with a single
CHIP Tool node identity.
#### `--commissioner-name` flag
This flag lets you control which fabric is used by selecting a specific fabric
commissioner.
As per the CHIP Tool implementation, the commissioners are required to have the
following names: `alpha` for the first one, `beta` for the second one, `gamma`
for the third one, `4` for the fourth one, `5` for the fifth one, and so on.
If you don't use this flag, the CHIP Tool assumes that the command is meant for
the `alpha` commissioner and hence for the fabric associated with this
commissioner.
**Example of commands:**
```
$ ./chip-tool any subscribe-by-id '0x0028,0x0028,0x0101,0x0028,0x0028,0x0028' '5,6,0,1,2,4' 100 1000 1 '0,0,1,0,0,0' --keepSubscriptions true
$ ./chip-tool any subscribe-by-id '0x0028,0x0028,0x0101,0x0028,0x0028,0x0028' '5,6,0,1,2,4' 100 1000 2 '0,0,1,0,0,0' --keepSubscriptions true --commissioner-name beta
$ ./chip-tool any subscribe-by-id '0x0028,0x0028,0x0101,0x0028,0x0028,0x0028' '5,6,0,1,2,4' 100 1000 3 '0,0,1,0,0,0' --keepSubscriptions true --commissioner-name gamma
```
#### `--commissioner-nodeid` flag
This flag lets you select the node ID to use on the fabric specified with the
`--commissioner-name` flag.
If you don't use this flag, the CHIP Tool assumes that the command is sent with
the ID value that the CHIP Tool has in storage. If there's none, the CHIP Tool
sends the command with the default fallback node ID `112233`.
> **Note:** If the device has been already commissioned with a specific
> `--commissioner-nodeid`, you must always provide the `--commissioner-nodeid`
> flag with the CHIP Tool commands or update the Access Control List (ACL) on
> the device. Otherwise, the default fallback node ID `112233` is used and the
> communication will fail.
**Example of commands:**
```
$ ./chip-tool pairing code-thread 1 hex:000030000150208562618342348532605109bd31cda6908667addca8789211addac0102c4a9 34970112332 --commissioner-name alpha --commissioner-nodeid 999999
```
```
$ ./chip-tool basicinformation read vendor-id --commissioner-name alpha --commissioner-nodeid 999999
```
### Running a test suite against a paired peer device
The CHIP Tool allows to run a set of tests, already compiled in the tool,
against a paired Matter device.
- To get the list of available tests, run the following command:
```
$ ./chip-tool tests
```
- To execute a particular test against the paired device, use the following
command pattern:
```
$ ./chip-tool tests
```
In this command:
- __ is the name of the particular test.
See the [Examples](#running-testclusters-test) section for an example of how to
run a test from the test suite.
Developer details on how the test suite is structured can be found
[here](https://github.com/project-chip/connectedhomeip/blob/master/src/app/tests/suites/README.md).
### Parsing the setup payload
The CHIP Tool offers a utility for parsing the Matter onboarding setup payload
and printing it in a readable form. For example, the payload can be printed on
the device console during boot.
To parse the setup code, use the `payload` command with the
`parse-setup-payload` sub-command, as in the following command pattern:
```
$ ./chip-tool payload parse-setup-payload
```
Here, __ is the ID of the payload to be parsed.
**Examples of commands:**
- Setup QR code payload:
```
$ ./chip-tool payload parse-setup-payload MT:6FCJ142C00KA0648G00
```
- Manual pairing code:
```
$ ./chip-tool payload parse-setup-payload 34970112332
```
### Parsing additional data payload
To parse additional data payload, use the following command pattern:
```
$ ./chip-tool payload parse-additional-data-payload
```
In this command:
- __ is the ID of the payload with additional data to be parsed.
### Discover actions
The `discover` command can be used to resolve node ID and discover available
Matter devices.
Use the following command to print the available sub-commands of the `discover`
command:
```
$ ./chip-tool discover
```
#### Resolving node name
To resolve the DNS-SD name corresponding with the given Node ID and update the
address of the node in the device controller, use the following command pattern:
```
$ ./chip-tool discover resolve
```
In this command:
- __ is the ID of node to be resolved.
- __ is the ID of the Matter fabric to which the node belongs.
#### Discovering available Matter devices
To discover all Matter commissionables available in the operation area, run the
following command:
```
$ ./chip-tool discover commissionables
```
#### Discovering available Matter commissioners
To discover all Matter commissioners available in the operation area, run the
following command:
```
$ ./chip-tool discover commissioners
```
### Pairing
The `pairing` command supports different methods for Matter device commissioning
procedure. The recommended methods are the following:
- `code-thread` - For Thread commissioning.
- `code-wifi` - For Wi-Fi commissioning.
- `code` - For commissioning the device when it is already present in an IP
network.
Alternatively, you can also use the following methods described in the
[Using CHIP Tool for Matter device testing](#using-chip-tool-for-matter-device-testing)
section:
- `ble-thread` - For Thread commissioning; described under
[Commissioning into a Thread network over Bluetooth LE](#commissioning-into-a-thread-network-over-bluetooth-le).
- `ble-wifi` - For Wi-Fi commissioning; described under
[Commissioning into a Wi-Fi network over Bluetooth LE](#commissioning-into-a-wi-fi-network-over-bluetooth-le)
- `onnetwork` - For commissioning the device when it is already present in an
IP network; described under
[Commissioning with setup PIN code](#commissioning-with-setup-pin-code)
To list all `pairing` sub-commands and commissioning methods, run the following
command:
```
$ ./chip-tool pairing
```
**Example of commands:**
The following command commissions the Thread device with the node ID `1` to the
Matter fabric. The `hex:...` parameter is the operational dataset that contains
information about the Thread network to which the device is going to be
commissioned. The onboarding dataset payload `34970112332` (short manual pairing
code) is used to discover and commission the device.
```
$ ./chip-tool pairing code-thread 1 hex:000030000150208562618342348532605109bd31cda6908667addca8789211addac0102c4a9 34970112332
```
The following command commissions the Wi-Fi device with the node ID `1` to the
Matter fabric The SSID `wifi_test` and the password `admin123` is the required
information about the Wi-Fi network to which the device is going to be
commissioned. The onboarding dataset payload `34970112332` (short manual pairing
code) is used to discover and commission the device.
```
$ ./chip-tool pairing code-wifi 1 wifi_test admin123 34970112332
```
The following command commissions the device with the node ID `1` to the Matter
fabric. The onboarding dataset payload `MT:8IXS142C00KA0648G00` (QR code
payload) is used to discover and commission the device.
```
$ ./chip-tool pairing code 1 MT:8IXS142C00KA0648G00
```
#### Attestation-related flags
The `pairing` commissioning command can be run with several flags that allow you
to modify attestation-related settings:
- `--paa-trust-store-path` - Use to provide the path to the directory that
contains the information about Product Attestation Authority (PAA)
certificates. The path can be absolute or relative to the current working
directory. With this flag, the CHIP Tool looks for the PAA certificate that
matches the PAI and the DAC certificates programmed on the device. Without
this flag, the CHIP Tool uses the built-in test PAA certificate.
- `--cd-trust-store-path` - Use to provide the path to the directory
containing the key that is used to validate the device's Certification
Declaration. The path can be absolute or relative to the current working
directory. With this flag, the CHIP tool looks for additional public keys,
in addition to the well-known built-in public keys (built-in public keys
`src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp`),
to be used to validate Certification Declaration signatures.
* `--only-allow-trusted-cd-keys` - Use to only allow the keys from
`--cd-trust-store-path` and not the built-in test key. If the flag is not
provided or it is provided with the value `false`, untrusted CD verifying
keys are allowed. If it is provided with the value `true`
(`--only-allow-trusted-cd-keys true`), test keys are disallowed and CD
signed with the test key will not be accepted.
* `--bypass-attestation-verifier` - Use to bypass the attestation verifier. If
the flag is not provided or it is provided with the value `false`, the
attestation verifier is not bypassed. If it is provided with the value
`true` (`--bypass-attestation-verifier true`), the commissioning will
continue in case of the attestation verification failure. The failure can be
caused by errors in Certification Declaration, PAA or PAI certificates, or
in the Device Attestation Certificate. This option can be helpful if you
want to quickly commission a device with PAI and DAC certificates based on
an unknown PAA and/or with a Certification Declaration signed by an unknown
key.
### Interacting with Data Model clusters
As mentioned in the
[Using CHIP Tool for Matter device testing](#using-chip-tool-for-matter-device-testing)
section, executing the `chip-tool` command with a particular cluster name lists
all operations supported for this cluster, as in the following command pattern:
```
$ ./chip-tool
```
**Example of command:**
```
$ ./chip-tool binding
```
**Example of output:**
```bash
[1647502596.396184][411686:411686] CHIP:TOO: Missing command name
Usage:
./chip-tool binding command_name [param1 param2 ...]
+-------------------------------------------------------------------------------------+
| Commands: |
+-------------------------------------------------------------------------------------+
| * command-by-id |
| * read-by-id |
| * read |
| * write-by-id |
| * write |
| * subscribe-by-id |
| * subscribe |
| * read-event-by-id |
| * subscribe-event-by-id |
+-------------------------------------------------------------------------------------+
[1647502596.396299][411686:411686] CHIP:TOO: Run command failure: ../../examples/chip-tool/commands/common/Commands.cpp:84: Error 0x0000002F
```
According to this list, the `binding` cluster supports operations such as read
or write. Attributes from that cluster can also be subscribed by the controller,
which means that the CHIP Tool will receive notifications, for instance when the
attribute value is changed or a specific event happens.
#### Examples
This section lists examples of the CHIP Tool commands dedicated to specific use
cases.
##### Writing ACL to the `accesscontrol` cluster
The Access Control List concept allows to govern all Data Model interactions
(such as read attribute, write attribute, invoke command). For more information
about ACL, see
[Access Control Guide](https://github.com/project-chip/connectedhomeip/blob/master/docs/guides/access-control-guide.md).
To write ACL to the `accesscontrol` cluster, use the following command pattern:
```
$ ./chip-tool accesscontrol write acl
```
In this command:
- __ is the ACL data formatted as a JSON array.
- __ is the ID of the node that is going to receive ACL.
- __ is the ID of the endpoint on which the `accesscontrol`
cluster is implemented.
##### Adding a binding table to the `binding` cluster
Binding describes a relationship between the device that contains the binding
cluster and the end device. The proper ACL must be added to allow the end device
to receive commands from the bonded device. After the binding process, the
bonded device contains information about connected device, such as IPv6 address
and the route to the endpoint in the Matter network.
To add a binding table to the `binding` cluster, use the following command
pattern:
```
$ ./chip-tool binding write binding
```
In this command:
- __ is the binding data formatted as a JSON array.
- __ is the ID of the node that is going to receive the binding.
- __ is the ID of the endpoint on which the `binding` cluster is
implemented.
##### Running `TestClusters` test
Complete the following steps to
[run one test from the test suite](#running-a-test-suite-against-a-paired-peer-device):
1. Clean the initialization of state using the following command:
```
rm -fr /tmp/chip_*
```
1. In a shell window, start the DUT device:
```
./out/debug/standalone/chip-all-clusters-app
```
1. In a second shell window, pair the DUT with the CHIP Tool:
```
./out/debug/standalone/chip-tool pairing onnetwork 333221 20202021
```
1. Run the test with the following command:
```
./out/debug/standalone/chip-tool tests TestCluster --nodeId 333221
```
Read the [CHIP Test Suits](../../src/app/tests/suites/README.md) page for more
information about how the test suite is structured.
### Multi-admin scenario
Multi-admin feature allows you to join Matter device to several Matter fabrics
and have several different Matter administrators administer it.
Complete the steps mentioned in the following sections.
#### Step 1: Commission to fabric
Commission the Matter device to first fabric following the
[Using CHIP Tool for Matter device testing](#using-chip-tool-for-matter-device-testing)
section.
#### Step 2: Open the commissioning window
Make sure the administrator from the first fabric opens the commissioning window
for a new administrator from another fabric.
Open the commissioning window on the paired Matter device by using the following
command pattern:
```
$ ./chip-tool pairing open-commissioning-window