Guide: Bypass matter attestation verifier

tronikos · July 3, 2024, 4:29am

If you have a new matter device for which there is no PAA yet or the manufacturer isn’t wiling to provide you with one and you get:

CHIP_ERROR [chip.native.CTL] Failed in verifying 'Attestation Information' command received from the device: err 101. Look at AttestationVerificationResult enum to understand the errors
CHIP_ERROR [chip.native.CTL] Error on commissioning step 'AttestationVerification': 'src/controller/CHIPDeviceController.cpp:1145: CHIP Error 0x000000AC: Internal error'
CHIP_ERROR [chip.native.EM] Failed to send Solitary ack for MessageCounter:19271811 on exchange 23003i with Node: <0000000000000000, 0>:src/messaging/ExchangeContext.cpp:99: CHIP Error 0x00000002: Connection aborted
WARNING [root] Failed to commission: src/controller/CHIPDeviceController.cpp:1145: CHIP Error 0x000000AC: Internal error

You can follow these steps:

Install Advanced SSH & Web Terminal add on and unselect Protection mode
Identify which chip version the python matter server is currently using:

$ docker exec -it $(docker ps -f name=addon_core_matter_server -q) bash
$ pip freeze | grep chip
home-assistant-chip-clusters==2024.5.2
home-assistant-chip-core==2024.5.2
$ exit

Build a modified version of home-assistant-chip-core and home-assistant-chip-clusters. If it’s 2024.5.2 you can skip these steps and use my built files

3.1. Fork GitHub - home-assistant-libs/chip-wheels: Python Matter Device Controller and make sure you select all branches, not just main

3.2. Navigate to Actions tab and Enable workflows

3.3. Create a new branch from the 2024.5.2 tag (replace with current version)

3.4. Upload chip-wheels/8766-Bypass-attestation-verification.patch at 8a5ec21d114010723cf428ffe79e244da7562390 · tronikos/chip-wheels · GitHub to your new branch

3.5. Create a new release from your new branch

3.6. Once the workflow finishes you will have some whl files in the release, example

pip install the above whl files. Open Advanced SSH & Web Terminal (replace URLs with yours)

mkdir /tmp/chip
cd /tmp/chip
wget https://github.com/tronikos/chip-wheels/releases/download/2024.5.2b1/home_assistant_chip_clusters-2024.5.2b1-py3-none-any.whl
wget https://github.com/tronikos/chip-wheels/releases/download/2024.5.2b1/home_assistant_chip_core-2024.5.2b1-cp37-abi3-manylinux_2_31_x86_64.whl

docker cp /tmp/chip  addon_core_matter_server:/tmp

docker exec -it $(docker ps -f name=addon_core_matter_server -q) bash

pip install /tmp/chip/*.whl

# Identify process listening at port 5580
ss -ap | grep 5580

# Replace pid with the output of the previous command
kill 126
# matter server should restart using the modified libraries

Pair your device with Home Assistant.
Once paired restart the Matter Server addon. Modifications will be lost and the device should remain paired.

In case I delete my fork, here are the contents of chip-wheels/8766-Bypass-attestation-verification.patch at 8a5ec21d114010723cf428ffe79e244da7562390 · tronikos/chip-wheels · GitHub

diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp
index 444b48bcf1..e014e531aa 100644
--- a/src/controller/CHIPDeviceController.cpp
+++ b/src/controller/CHIPDeviceController.cpp
@@ -1227,7 +1227,7 @@ void DeviceCommissioner::OnDeviceAttestationInformationVerification(
         }
     }
 
-    if (result != AttestationVerificationResult::kSuccess)
+    if (false && result != AttestationVerificationResult::kSuccess)
     {
         CommissioningDelegate::CommissioningReport report;
         report.Set<AttestationErrorInfo>(result);

satvikknischal · November 22, 2024, 8:41am

The command $ docker exec -it $(docker ps -f name=addon_core_matter_server -q) bash
gives me an error : zsh: command not found: $

I am an absolute noob here, so i apologise if the question is stupid!

nervousapps · March 13, 2025, 2:36pm

Hi, I have tested your workaround with no luck, wheel are not generated in the forked repo workflow
BUT I have successfully managed device commissioning by downgrading python-matter-server to 6.1.2, add device, and then updating to stable version.

The error on Attestation validation was due, in my case, to an Espressif Zero Code testing device (no more supported by python-matter-server).

EDIT 2025 : Just enable “Enable test-net DCL usage” in matter addon configuration

marius.s · September 21, 2025, 12:12pm

Same problem here.
It works for me running home assistant 2025.9.4 with python matter server 8.1.0 within docker containers on raspberry pi 4.

Gnnr · October 22, 2025, 12:48pm

It seems that there is a substitution problem. Try to do it in two steps:

Identify the container ID: docker ps -f name=addon_core_matter_server
Enter container with given ID from step 1: docker exec -it [container_id] bash

It might also work if you use quotes: docker exec -it "$(docker ps -f name=addon_core_matter_server -q)" bash

If you are still experiencing issues, try sh instead of bash

imagio · November 21, 2025, 2:25pm

Looking at this I wonder if it would make sense for HA to provide a patched/forked version (or contribute upstream) that makes attestation failure a warning instead of a failure and allows the user to ignore an attestation failure.

IDK what sort of changes/contributions the project-chip/connectedhomeip repo allows but it would probably be a fairly minor change to have a flag allowing ignoring attestation failure for a particular device (default false). That way behavior would stay the same but for open system users like HA we could retry a device that fails with ignore_attestation=true when we want to use it anyway.