ACME

Run the sample code as doc https://developer.apple.com/documentation/mattersupport?changes=latest_minor import MatterSupport let request = MatterAddDeviceRequest( topology: .init(ecosystemName: Acme SmartHome, homes: [ .init(displayName: Default Acme Home), ]) ) do { try await request.perform() print(Successfully set up a device!) } catch { print(Failed to set up a device with error: (error)) } it runs but stuck in the scene below, never get the callback. Another issue about MatterSupport, when integrated with objective-c the bridge file(eg xx-Swift.h) turn out to show error: Cannot find interface declaration for 'MatterAddDeviceExtensionRequestHandler', superclass of 'MatterAddDeviceHandler' Xcode Version 14.2 (14C18) My code: // // MatterHelper.swift // xx // // Created by Robin on 2023/3/21. // import Foundation import MatterSupport @available(iOS 16.1, *) class MatterHelper: NSObject { @objc class func commission() { let request = MatterAddDeviceRequest( topology: .init(ecosystemName: RR

Current Apple ACME Profile does not support EAB. Do you have any plan to support it?

I'm trying to implement managed device attestation, I have written server code in Go. So far, I have been able to implement all the steps except finalizing order by sending the Certificate url in the json response from where the client can download the certificate. ACME request flow failed at step 8: Error Domain=NSURLErrorDomain Code=-1002 unsupported URL UserInfo={NSLocalizedDescription=unsupported URL, NSErrorFailingURLStringKey=} For server, I am using localhost with https. The URL in certificate field of json response is working in browser/postman. I am not able to figure out what is the exact the cause of this error. As there is no FailingURLStringKey I suspect there might be some issue with key in the json response. Can anyone point me to the correct direction to figure out what is the issue?

I am attempting to communicate over serial with a USB-C device and an M-Series iPad. I have proven the device to communicate as expected (baud rate, parity, etc) via a Swift app on Mac using a third party library (IOKit) that utilizes the AppleUSBACM (v5.0.0) driver on macOS. I am looking to recreate this communication via iPadOS and a custom DriverKit driver that provides this same interface. There is not an example from Apple for serial communication and DriverKit but there is a couple for communicating from an app to the dext, and for other networking examples. There are also other mentions in WWDC videos but they are incomplete and do not provide the needed structure. Communicating between a driver extension and a client app Connecting a network driver Bring your driver to iPad with DriverKit System Extensions and DriverKit My question revolves around architecture and how to set up a driver for these needs. I have gotten the examples to run and understand what is needed for entitlements and other local si

Hi, I'm looking into ACME Managed Deice Attestation and was wondering about one of the values in the payload - AllowAllAppsAccess. From the documentation: If true, all apps have access to the private key but what is the case that you would have this set to true? seems like it opens up the device to potentially malicious software. Also, if this were set to true, how would an app access this private key when it is stored in the Secure Enclave? is there a specific tag that it is stored with?

I'm trying to implement ACME managed device attestation, I have ACME server code written in C# and I've been able to get all of the steps working except for the very last one - issuing the certificate. I so far have not been able to get the device to accept the certificate, the device logs show: Got certificate {length = ......} ACME request flow failed at step 9: Error Domain=NSOSStatusErrorDomain Code=-67673 failed to obtain certificate UserInfo={NSLocalizedDescription=failed to obtain certificate} The certificate is issued by an internal CA and the correct root certificate is in the device's trusted certs. I have tried returning the certificate chain as a file response or content response to the device as a application/pem-certificate-chain mime type (as outlined as the default in the ACME RFC), returning just the leaf certificate as PEM, returning the leaf certificate as DER with mime type application/pkix-cert, application/pkcs7-mime, application/x-pkcs12 or applicatio

This is my entitlements.plist: com.apple.security.app-sandbox com.apple.security.device.usb Check signing result, I run codesign -d --entitlements :- ./dist/My.app codesign -vv ./dist/My.app and I get this Executable=/dist/My.app/Contents/MacOS/main Warning: Specifying ':' in the path is deprecated and will not work in a future release com.apple.security.app-sandboxcom.apple.security.device.usbcom.apple.security.network.clientcom.apple.security.network.servercom.apple.security.temporary-exception.files.absolute-path.read-only/private/etc/apache2/mime.types ./dist/My.app: valid on disk ./dist/My.app: satisfies its Designated Requirement But when I run my app, I got ['/dev/cu.Bluetooth-Incoming-Port', 'n/a', 'n/a'] ['/dev/cu.usbmodem23401', 'GD32 USB CDC ACM in FS Mode', 'USB VID:PID=28E9:018A SER=GD32F30X-3.0.0-7z8x9yer LOCATION=2-3.4'] (1, could not open port /dev/cu.usbmodem23401: [Errno 1] Operation not permitted: '/dev/cu.usbmodem23401') My app can't access to my usb device, how can I solve this

I am sending DeclarativeManagement with the MDM command, but it seems that it is not valid even if I send it to declaration-items What can you think of? iOS 16 MDM Command Command Data eyJTeW5jVG9rZW5zIjp7IlRpbWVzdGFtcCI6IjIwMjMtMTAtMThUMTE6MDY6MDJaIiwi RGVjbGFyYXRpb25zVG9rZW4iOiJiNjU0NDAyN2EzMTVjZDAwODVkNGNmMDgxNzQ2MjRj MmQxNDI0NDQ4MDQzMGE4N2IxNzZhMjcyN2U3MzY2MDA5In19 RequestType DeclarativeManagement CommandUUID 3398d0c0-8b36-4647-86ab-6a63f26d1576 UDID XXXXXXX-ZZZZZZZZZZZZZz declaration-items Rersponse(json) { DeclarationsToken: 1429e356-c51a-42a3-aff2-22963df30202, Declarations: { Assets: [ ], Management: [ { Type: com.apple.management.organization-info, Identifier: e07d18d6-4ec6-432a-b474-9b8816d029a2, ServerToken: 4922d69c-c231-426d-9598-c3acb612069e, Payload: { Email: email@example.com, Name: Acme Inc, URL: https://www.example.com } } ], Configurations: [ { Type: com.apple.configuration.legacy, Identifier: 84fe24b1-ac21-4a29-b279-70f715b3ac82, ServerToken: 0283b145-5791-4d7a-8a8e-769