matter: samples: Implement factory reset for persistent storage

* Handle factory reset for secure/non-secure configurations.
* Add `FactoryReset` method to `AccessStorage` and
`BridgeStorageManager`.
* Add application specific factory reset handlers.

Signed-off-by: Adrian Gielniewski <adrian.gielniewski@nordicsemi.no>

Author: adigie

applications/matter_bridge/src/main.cpp

@@ -6,6 +6,7 @@
 
 #include "app_task.h"
 
+#include <bridge/bridge_storage_manager.h>
 #include <zephyr/logging/log.h>
 
 LOG_MODULE_REGISTER(app, CONFIG_CHIP_APP_LOG_LEVEL);
@@ -17,3 +18,8 @@ int main()
 	LOG_ERR("Exited with code %" CHIP_ERROR_FORMAT, err.Format());
 	return err == CHIP_NO_ERROR ? EXIT_SUCCESS : EXIT_FAILURE;
 }
+
+bool AppFactoryResetHandler()
+{
+	return Nrf::BridgeStorageManager::Instance().FactoryReset();
+}

samples/matter/common/src/bridge/bridge_storage_manager.cpp

@@ -188,7 +188,7 @@ template <> bool BridgeStorageManager::LoadBridgedDevice(BridgedDeviceV2 &device
 
 bool BridgeStorageManager::Init()
 {
-	const PSErrorCode status = Nrf::GetPersistentStorage().NonSecureInit();
+	const PSErrorCode status = Nrf::GetPersistentStorage().NonSecureInit("br");
 
 	if (status != PSErrorCode::Success) {
 		return false;
@@ -198,6 +198,15 @@ bool BridgeStorageManager::Init()
 	return MigrateData();
 }
 
+bool BridgeStorageManager::FactoryReset()
+{
+#ifndef CONFIG_CHIP_FACTORY_RESET_ERASE_SETTINGS
+	return Nrf::PSErrorCode::Success == Nrf::GetPersistentStorage().NonSecureFactoryReset();
+#else
+	return true;
+#endif
+}
+
 #ifdef CONFIG_BRIDGE_MIGRATE_PRE_2_7_0
 bool BridgeStorageManager::MigrateDataOldScheme(uint8_t bridgedDeviceIndex)
 {

samples/matter/common/src/bridge/bridge_storage_manager.h

@@ -92,6 +92,14 @@ class BridgeStorageManager {
 	 */
 	bool Init();
 
+	/**
+	 * @brief Factory reset the storage.
+	 *
+	 * @return true if success.
+	 * @return false otherwise.
+	 */
+	bool FactoryReset();
+
 	/**
 	 * @brief Store bridged devices count into settings
 	 *

samples/matter/common/src/persistent_storage/backends/persistent_storage_secure.cpp

@@ -12,8 +12,11 @@ namespace Nrf
 PersistentStorageSecure::UidMap PersistentStorageSecure::sUidMap{};
 PersistentStorageSecure::Byte PersistentStorageSecure::sSerializedMapBuff[kMaxMapSerializationBufferSize]{};
 
-PSErrorCode PersistentStorageSecure::_SecureInit()
+PSErrorCode PersistentStorageSecure::_SecureInit(const char *prefix)
 {
+	// Ignored in this backend
+	(void)prefix;
+
 	return LoadUIDMap();
 }
 
@@ -85,6 +88,28 @@ PSErrorCode PersistentStorageSecure::_SecureRemove(PersistentStorageNode *node)
 	return PSErrorCode::Failure;
 }
 
+PSErrorCode PersistentStorageSecure::_SecureFactoryReset()
+{
+	PSErrorCode error = PSErrorCode::Success;
+
+	// Remove all keys
+	for (auto it = std::begin(sUidMap.mMap); it != std::end(sUidMap.mMap) - sUidMap.FreeSlots(); ++it) {
+		psa_status_t status = psa_ps_remove(it->key);
+		if (status != PSA_SUCCESS) {
+			// Set error but try to remove all keys
+			error = PSErrorCode::Failure;
+		}
+	}
+
+	// Remove UidMap
+	psa_status_t status = psa_ps_remove(kKeyOffset);
+	if (status != PSA_SUCCESS) {
+		error = PSErrorCode::Failure;
+	}
+
+	return error;
+}
+
 psa_storage_uid_t PersistentStorageSecure::UIDFromString(char *str, bool *alreadyInTheMap)
 {
 	for (auto &it : sUidMap.mMap) {

samples/matter/common/src/persistent_storage/backends/persistent_storage_secure.h

@@ -15,17 +15,19 @@ namespace Nrf
 {
 class PersistentStorageSecure {
 protected:
-	PSErrorCode _NonSecureInit();
+	PSErrorCode _NonSecureInit(const char *prefix);
 	PSErrorCode _NonSecureStore(PersistentStorageNode *node, const void *data, size_t dataSize);
 	PSErrorCode _NonSecureLoad(PersistentStorageNode *node, void *data, size_t dataMaxSize, size_t &outSize);
 	PSErrorCode _NonSecureHasEntry(PersistentStorageNode *node);
 	PSErrorCode _NonSecureRemove(PersistentStorageNode *node);
+	PSErrorCode _NonSecureFactoryReset();
 
-	PSErrorCode _SecureInit();
+	PSErrorCode _SecureInit(const char *prefix);
 	PSErrorCode _SecureStore(PersistentStorageNode *node, const void *data, size_t dataSize);
 	PSErrorCode _SecureLoad(PersistentStorageNode *node, void *data, size_t dataMaxSize, size_t &outSize);
 	PSErrorCode _SecureHasEntry(PersistentStorageNode *node);
 	PSErrorCode _SecureRemove(PersistentStorageNode *node);
+	PSErrorCode _SecureFactoryReset();
 
 private:
 	static constexpr size_t kMaxEntriesNumber = CONFIG_NCS_SAMPLE_MATTER_SECURE_STORAGE_MAX_ENTRY_NUMBER;
@@ -90,7 +92,7 @@ class PersistentStorageSecure {
 	static Byte sSerializedMapBuff[kMaxMapSerializationBufferSize];
 };
 
-inline PSErrorCode PersistentStorageSecure::_NonSecureInit()
+inline PSErrorCode PersistentStorageSecure::_NonSecureInit(const char *prefix)
 {
 	return PSErrorCode::NotSupported;
 };
@@ -117,4 +119,9 @@ inline PSErrorCode PersistentStorageSecure::_NonSecureRemove(PersistentStorageNo
 	return PSErrorCode::NotSupported;
 }
 
+inline PSErrorCode PersistentStorageSecure::_NonSecureFactoryReset()
+{
+	return PSErrorCode::NotSupported;
+}
+
 } /* namespace Nrf */

samples/matter/common/src/persistent_storage/backends/persistent_storage_settings.cpp

@@ -20,6 +20,11 @@ struct ReadEntry {
 	bool result;
 };
 
+struct DeleteSubtreeEntry {
+	const char *prefix;
+	int result;
+};
+
 /* Random magic bytes to represent an empty value.
    It is needed because Zephyr settings subsystem does not distinguish an empty value from no value. */
 constexpr uint8_t kEmptyValue[] = { 0x22, 0xa6, 0x54, 0xd1, 0x39 };
@@ -61,12 +66,36 @@ int LoadEntryCallback(const char *name, size_t entrySize, settings_read_cb readC
 
 	return 1;
 }
+
+int DeleteSubtreeCallback(const char *name, size_t entrySize, settings_read_cb readCb, void *cbArg, void *param)
+{
+	DeleteSubtreeEntry &entry = *static_cast<DeleteSubtreeEntry *>(param);
+	char fullKey[SETTINGS_MAX_NAME_LEN + 1];
+
+	// name comes from Zephyr settings subsystem so it is guaranteed to fit in the buffer.
+	(void)snprintf(fullKey, sizeof(fullKey), "%s/%s", entry.prefix, name);
+	const int result = settings_delete(fullKey);
+
+	// Return the first error, but continue removing remaining keys anyway.
+	if (entry.result == 0) {
+		entry.result = result;
+	}
+
+	return 0;
+}
+
 } /* namespace */
 
 namespace Nrf
 {
-PSErrorCode PersistentStorageSettings::_NonSecureInit()
+PSErrorCode PersistentStorageSettings::_NonSecureInit(const char *prefix)
 {
+	if (prefix == nullptr) {
+		return PSErrorCode::Failure;
+	}
+
+	mPrefix = prefix;
+
 	return settings_load() ? PSErrorCode::Failure : PSErrorCode::Success;
 }
 
@@ -160,4 +189,17 @@ bool PersistentStorageSettings::LoadEntry(const char *key, void *data, size_t da
 
 	return true;
 }
+
+PSErrorCode PersistentStorageSettings::_NonSecureFactoryReset()
+{
+	DeleteSubtreeEntry entry{ mPrefix, 0 };
+	int result = settings_load_subtree_direct(mPrefix, DeleteSubtreeCallback, &entry);
+
+	if (result == 0 && entry.result == 0) {
+		return PSErrorCode::Success;
+	}
+
+	return PSErrorCode::Failure;
+}
+
 } /* namespace Nrf */

samples/matter/common/src/persistent_storage/backends/persistent_storage_settings.h

@@ -12,23 +12,27 @@ namespace Nrf
 {
 class PersistentStorageSettings {
 protected:
-	PSErrorCode _NonSecureInit();
+	PSErrorCode _NonSecureInit(const char *prefix);
 	PSErrorCode _NonSecureStore(PersistentStorageNode *node, const void *data, size_t dataSize);
 	PSErrorCode _NonSecureLoad(PersistentStorageNode *node, void *data, size_t dataMaxSize, size_t &outSize);
 	PSErrorCode _NonSecureHasEntry(PersistentStorageNode *node);
 	PSErrorCode _NonSecureRemove(PersistentStorageNode *node);
+	PSErrorCode _NonSecureFactoryReset();
 
-	PSErrorCode _SecureInit();
+	PSErrorCode _SecureInit(const char *prefix);
 	PSErrorCode _SecureStore(PersistentStorageNode *node, const void *data, size_t dataSize);
 	PSErrorCode _SecureLoad(PersistentStorageNode *node, void *data, size_t dataMaxSize, size_t &outSize);
 	PSErrorCode _SecureHasEntry(PersistentStorageNode *node);
 	PSErrorCode _SecureRemove(PersistentStorageNode *node);
+	PSErrorCode _SecureFactoryReset();
 
 private:
 	bool LoadEntry(const char *key, void *data = nullptr, size_t dataMaxSize = 0, size_t *outSize = nullptr);
+
+	const char *mPrefix = nullptr;
 };
 
-inline PSErrorCode PersistentStorageSettings::_SecureInit()
+inline PSErrorCode PersistentStorageSettings::_SecureInit(const char *prefix)
 {
 	return PSErrorCode::NotSupported;
 };
@@ -55,4 +59,9 @@ inline PSErrorCode PersistentStorageSettings::_SecureRemove(PersistentStorageNod
 	return PSErrorCode::NotSupported;
 }
 
+inline PSErrorCode PersistentStorageSettings::_SecureFactoryReset()
+{
+	return PSErrorCode::NotSupported;
+}
+
 } /* namespace Nrf */

samples/matter/common/src/persistent_storage/persistent_storage.h

@@ -26,10 +26,11 @@ class PersistentStorage {
 	/**
 	 * @brief Perform the initialization required before using the storage.
 	 *
+	 * @param prefix storage key prefix
 	 * @return true if success.
 	 * @return false otherwise.
 	 */
-	PSErrorCode NonSecureInit();
+	PSErrorCode NonSecureInit(const char *prefix);
 
 	/**
 	 * @brief Store data into the persistent storage.
@@ -72,12 +73,21 @@ class PersistentStorage {
 	 */
 	PSErrorCode NonSecureRemove(PersistentStorageNode *node);
 
+	/**
+	 * @brief Perform factory reset and remove all keys.
+	 *
+	 * @return true if subtree has been removed successfully.
+	 * @return false an error occurred.
+	 */
+	PSErrorCode NonSecureFactoryReset();
+
 	/* Secure storage API counterparts.*/
-	PSErrorCode SecureInit();
+	PSErrorCode SecureInit(const char *prefix);
 	PSErrorCode SecureStore(PersistentStorageNode *node, const void *data, size_t dataSize);
 	PSErrorCode SecureLoad(PersistentStorageNode *node, void *data, size_t dataMaxSize, size_t &outSize);
 	PSErrorCode SecureHasEntry(PersistentStorageNode *node);
 	PSErrorCode SecureRemove(PersistentStorageNode *node);
+	PSErrorCode SecureFactoryReset();
 
 protected:
 	PersistentStorage() = default;
@@ -107,9 +117,9 @@ inline PersistentStorageImpl *PersistentStorage::Impl()
 }
 
 /* Non secure storage API. */
-inline PSErrorCode PersistentStorage::NonSecureInit()
+inline PSErrorCode PersistentStorage::NonSecureInit(const char *prefix)
 {
-	return Impl()->_NonSecureInit();
+	return Impl()->_NonSecureInit(prefix);
 };
 
 inline PSErrorCode PersistentStorage::NonSecureStore(PersistentStorageNode *node, const void *data, size_t dataSize)
@@ -133,10 +143,15 @@ inline PSErrorCode PersistentStorage::NonSecureRemove(PersistentStorageNode *nod
 	return Impl()->_NonSecureRemove(node);
 }
 
+inline PSErrorCode PersistentStorage::NonSecureFactoryReset()
+{
+	return Impl()->_NonSecureFactoryReset();
+}
+
 /* Secure storage API. */
-inline PSErrorCode PersistentStorage::SecureInit()
+inline PSErrorCode PersistentStorage::SecureInit(const char *prefix)
 {
-	return Impl()->_SecureInit();
+	return Impl()->_SecureInit(prefix);
 };
 
 inline PSErrorCode PersistentStorage::SecureStore(PersistentStorageNode *node, const void *data, size_t dataSize)
@@ -160,4 +175,9 @@ inline PSErrorCode PersistentStorage::SecureRemove(PersistentStorageNode *node)
 	return Impl()->_SecureRemove(node);
 }
 
+inline PSErrorCode PersistentStorage::SecureFactoryReset()
+{
+	return Impl()->_SecureFactoryReset();
+}
+
 } /* namespace Nrf */

samples/matter/common/src/persistent_storage/persistent_storage_impl.h

@@ -31,15 +31,16 @@ class PersistentStorageImpl : public PersistentStorage
 	friend class PersistentStorage;
 
 #ifdef CONFIG_NCS_SAMPLE_MATTER_SETTINGS_STORAGE_BACKEND
-
 	using PersistentStorageSettings::_NonSecureHasEntry;
 	using PersistentStorageSettings::_NonSecureInit;
 	using PersistentStorageSettings::_NonSecureLoad;
 	using PersistentStorageSettings::_NonSecureRemove;
+	using PersistentStorageSettings::_NonSecureFactoryReset;
 	using PersistentStorageSettings::_NonSecureStore;
 #endif
 
 #ifdef CONFIG_NCS_SAMPLE_MATTER_SECURE_STORAGE_BACKEND
+	using PersistentStorageSecure::_SecureFactoryReset;
 	using PersistentStorageSecure::_SecureHasEntry;
 	using PersistentStorageSecure::_SecureInit;
 	using PersistentStorageSecure::_SecureLoad;

samples/matter/lock/src/access/access_storage.cpp

@@ -53,16 +53,27 @@ bool GetStorageFreeSpace(size_t &freeBytes)
 #define PSStore SecureStore
 #define PSRemove SecureRemove
 #define PSLoad SecureLoad
+#define PSFactoryReset SecureFactoryReset
 #elif defined(CONFIG_NCS_SAMPLE_MATTER_SETTINGS_STORAGE_BACKEND)
 #define PSInit NonSecureInit
 #define PSStore NonSecureStore
 #define PSLoad NonSecureLoad
 #define PSRemove NonSecureRemove
+#define PSFactoryReset NonSecureFactoryReset
 #endif
 
 bool AccessStorage::Init()
 {
-	return (Nrf::PSErrorCode::Success == Nrf::GetPersistentStorage().PSInit());
+	return Nrf::PSErrorCode::Success == Nrf::GetPersistentStorage().PSInit(kAccessPrefix);
+}
+
+bool AccessStorage::FactoryReset()
+{
+#ifndef CONFIG_CHIP_FACTORY_RESET_ERASE_SETTINGS
+	return Nrf::PSErrorCode::Success == Nrf::GetPersistentStorage().PSFactoryReset();
+#else
+	return true;
+#endif
 }
 
 bool AccessStorage::PrepareKeyName(Type storageType, uint16_t index, uint16_t subindex)

samples/matter/lock/src/access/access_storage.h

@@ -63,6 +63,14 @@ class AccessStorage {
 	 */
 	bool Init();
 
+	/**
+	 * @brief Factory reset the storage.
+	 *
+	 * @return true if success.
+	 * @return false otherwise.
+	 */
+	bool FactoryReset();
+
 	/**
 	 * @brief Store the entry into the persistent storage.
 	 *