Matter Fundamentals

Changing the version will not affect your certificate
Lesson 1 – Matter introduction
 5 Topics | 1 Quiz
What is Matter?
Matter architecture
Transport layers in Matter
Matter security model
Exercise 1 – Testing a Matter application
Lesson 1 quiz
Lesson 2 – Developing with Matter
 5 Topics | 1 Quiz
Matter integration in nRF Connect SDK
Matter API
Matter samples and applications
Thread networking
Exercise 1 – Running and controlling a Matter device
Lesson 2 quiz
Lesson 3 – Matter endpoints, clusters and attributes
 6 Topics | 1 Quiz
Matter device types
Matter clusters and their content
Controlling clusters in a Matter application
Exercise 1 – Supporting a Matter device type in your application
Exercise 2 – Creating a proprietary cluster
Exercise 3 – Extending clusters with custom functionality
Lesson 3 quiz
Lesson 4 – Power optimization in Matter
 4 Topics | 1 Quiz
Reducing power consumption in Matter
Intermittently Connected Devices (ICD)
Online Power Profiler for Matter over Thread
Exercise 1 – Enabling Matter ICD and measuring its power consumption
Lesson 4 quiz
Lesson 5 – Matter Over-The-Air
 4 Topics | 1 Quiz
Matter Over-The-Air software update
Device Firmware Upgrade over Bluetooth LE
Exercise 1 – Upgrading firmware using Matter OTA
Exercise 2 – Upgrading firmware using Bluetooth LE
Lesson 5 quiz
Get your certificate!
Feedback
Feedback

If you are having issues with the exercises, please create a ticket on DevZone: devzone.nordicsemi.com
Drag & Drop Files, Choose Files to Upload You can upload up to 2 files.
Loading
RegisterLog in

Matter security model

Matter includes a mandatory, built‑in security model designed to ensure that devices can trust each other and communicate securely from the very beginning of the commissioning process. This security model is an integral part of the Matter specification and applies to all certified Matter devices.

At the fundamentals level, you only need to understand the following core concepts:

  • Devices must prove their identity
  • All communication is encrypted
  • Commissioning establishes trust and fabric membership
  • Each fabric has its own unique security domain

This topic introduces these concepts so you can confidently get started with Matter development.

Security during commissioning

Before a device becomes part of a Matter fabric, it undergoes commissioning. Commissioning establishes a secure communication channel, verifies the device’s identity, and assigns operational credentials that allow the device to participate in the fabric.

Two security concepts are essential during commissioning: Passcode‑Authenticated Session Establishment (PASE) and device attestation.

PASE – Passcode‑Authenticated Session Establishment

During early onboarding, the commissioner (often a phone or smart‑home hub) uses PASE to establish a temporary secure channel with the device. PASE is based on the device’s setup passcode, which is encoded in the QR code, manual pairing code, or NFC tag.

PASE ensures:

  • Encrypted communication during commissioning
  • Only authorized commissioners can begin configuring the device

This secure channel is used only during commissioning and is replaced later by operational security sessions.

Device attestation

During commissioning, the commissioner verifies that the device is a genuine, certified Matter device. This process is called device attestation.

Each Matter device contains a Device Attestation Certificate (DAC) that is part of a certificate chain tracing back to a trusted Product Attestation Authority (PAA). By validating this chain, the commissioner can ensure that the device is authentic and has not been tampered with.

For this course, you only need to know that:

  • Every Matter device must have attestation credentials
  • The commissioner verifies these credentials automatically during commissioning

You do not generate or manage these certificates yourself at this stage. The Matter samples in the nRF Connect SDK include temporary test attestation material intended for development and testing.

Security in normal operation

After a device has been successfully commissioned and added to a fabric, it uses a different security mechanism for everyday communication. This mechanism is called Certificate‑Authenticated Session Establishment (CASE).

CASE – Certificate‑Authenticated Session Establishment

CASE sessions are used for normal device communication once the device is part of a fabric. These sessions are authenticated using the device’s operational credentials, also known as the Node Operational Certificate (NOC) chain, which were provisioned during commissioning.

CASE ensures:

  • Encrypted operational messages
  • Mutual authentication between nodes
  • Trust based on the fabric’s root of trust

As a developer, you do not manually create or manage CASE sessions. The Matter stack handles this automatically.

Fabrics and trust boundaries

A Matter fabric is a group of devices that share:

  • A root of trust
  • A common configuration state
  • A unique 64‑bit Fabric ID

Each fabric represents a separate security domain. Devices in one fabric cannot access or control devices in another fabric unless explicitly authorized.

Multiple fabrics

Matter supports multi‑fabric operation, which allows a single device to belong to more than one fabric at the same time.

Fundamental things to know:

  • Each fabric has its own set of operational certificates
  • A device’s stored credentials determine which fabrics it belongs to
  • Each commissioner who adds the device to a fabric becomes an administrator for that fabric

To add a device to another fabric, an existing administrator opens a new commissioning window using the Administrator Commissioning cluster.

This model allows a single product to be controlled simultaneously by multiple ecosystems, without those ecosystems sharing a root of trust.

Within a fabric, Access Control Lists (ACLs) determine which nodes are allowed to read attributes, write attributes, or invoke commands on other nodes.

Secure transport

Regardless of the physical network used (Thread, Wi‑Fi, or Ethernet), all Matter operational traffic is encrypted and authenticated at the Matter layer.

Operational messages are protected by CASE, meaning security is independent of the underlying transport. Changing the transport does not weaken or alter the security of Matter interactions.

Security requirements for getting started

For this course, you do not need to prepare production‑grade certificates or manage security provisioning manually.

You only need to know that:

  • The nRF Connect SDK includes all required security components for Matter development
  • Example applications include test attestation material suitable for development
  • Commissioning automatically handles PASE, device attestation, and CASE

For production Matter products, real credentials and compliance requirements must be managed, but that level of detail is outside the scope of this course.

Make sure to Log in or Register to save your progress

Back
Next

Nordic Developer Academy Privacy Policy

 

1. Introduction 

In this Privacy Policy you will find information on Nordic Semiconductor ASA (“Nordic Semiconductor”) processes your personal data when you use the Nordic Developer Academy.

References to “we” and “us” in this document refers to Nordic Semiconductor.

 

2. Our processing of personal data when you use the Nordic Developer Academy 

2.1 Nordic Developer Academy 

Nordic Semiconductor processes personal data in order to provide you with the features and functionality of the Nordic Developer Academy. Creating a user account is optional, but required if you want to track you progress and view your completed courses and obtained certificates. If you choose to create a user account, we will process the following categories of personal data:

  • Email
  • Name
  • Password (encrypted)
  • Course progression (e.g. which course you have completely or partly completed)
  • Certificate information, which consists of name of completed course and the validity of the certificate
  • Course results

During your use of the Nordic Developer Academy, you may also be asked if you want to provide feedback. If you choose to respond to any such surveys, we will also process the personal data in your responses in that survey.

The legal basis for this processing is GDPR article 6 (1) b. The processing is necessary for Nordic Semiconductor to provide the Nordic Developer Academy under the Terms of Service.

 

2.2 Analytics 

If you consent to analytics, Nordic Semiconductor will use Google Analytics to obtain statistics about how the Nordic Developer Academy is used. This includes collecting information on for example what pages are viewed, the duration of the visit, the way in which the pages are maneuvered, what links are clicked, technical information about your equipment. The information is used to learn how Nordic Developer Academy is used and how the user experience can be further developed.

 

2.2 Newsletter 

You can consent to receive newsletters from Nordic from within the Nordic Developer Academy. How your personal data is processed when you sign up for our newsletters is described in the Nordic Semiconductor Privacy Policy.

 

3. Retention period 

We will store your personal data for as long you use the Nordic Developer Academy. If our systems register that you have not used your account for 36 months, your account will be deleted.

 

4. Additional information 

Additional information on how we process personal data can be found in the Nordic Semiconductor Privacy Policy and Cookie Policy.

‍‍ 

Nordic Developer Academy Terms of Service

 

1. Introduction

‍These terms and conditions (“Terms of Use”) apply to the use of the Nordic Developer Academy, provided by Nordic Semiconductor ASA, org. nr. 966 011 726, a public limited liability company registered in Norway (“Nordic Semiconductor”). ‍

Nordic Developer Academy allows the user to take technical courses related to Nordic Semiconductor products, software and services, and obtain a certificate certifying completion of these courses. By completing the registration process for the Nordic Developer Academy, you are agreeing to be bound by these Terms of Use.

These Terms of Use are applicable as long as you have a user account giving you access to Nordic Developer Academy.‍

‍2. Access to and use of Nordic Developer Academy

‍‍Upon acceptance of these Terms of Use you are granted a non-exclusive right of access to, and use of Nordic Developer Academy, as it is provided to you at any time. Nordic Semiconductor provides Nordic Developer Academy to you free of charge, subject to the provisions of these Terms of Use and the Nordic Developer Academy Privacy Policy.

To access select features of Nordic Developer Academy, you need to create a user account. You are solely responsible for the security associated with your user account, including always keeping your login details safe.

You will able to receive an electronic certificate from Nordic Developer Academy upon completion of courses. By issuing you such a certificate, Nordic Semiconductor certifies that you have completed the applicable course, but does not provide any further warrants or endorsements for any particular skills or professional qualifications.

Nordic Semiconductor will continuously develop Nordic Developer Academy with new features and functionality, but reserves the right to remove or alter any existing functions without notice.

‍3. Acceptable use

You undertake that you will use Nordic Developer Academy in accordance with applicable law and regulations, and in accordance with these Terms of Use.‍ You must not modify, adapt, or hack Nordic Developer Academy or modify another website so as to falsely imply that it is associated with Nordic Developer Academy, Nordic Semiconductor, or any other Nordic Semiconductor product, software or service.

You agree not to reproduce, duplicate, copy, sell, resell or in any other way exploit any portion of Nordic Developer Academy, use of Nordic Developer Academy, or access to Nordic Developer Academy without the express written permission by Nordic Semiconductor. You must not upload, post, host, or transmit unsolicited email, SMS, or \”spam\” messages.

You are responsible for ensuring that the information you post and the content you share does not;

  • contain false, misleading or otherwise erroneous information
  • infringe someone else’s copyrights or other intellectual property rights
  • contain sensitive personal data or
  • contain information that might be received as offensive or insulting.
  • Such information may be removed without prior notice.

‍Nordic Semiconductor reserves the right to at any time determine whether a use of Nordic Developer Academy is in violation of its requirements for acceptable use.

Violation of the at any time applicable requirements for acceptable use may result in termination of your account. We will take reasonable steps to notify you and state the reason for termination in such cases.

‍4. Routines for planned maintenance

‍Certain types of maintenance may imply a stop or reduction in availability of Nordic Developer Academy. Nordic Semiconductor does not warrant any level of service availability but will provide its best effort to limit the impact of any planned maintenance on the availability of Nordic Developer Academy.

5. Intellectual property rights

‍Nordic Semiconductor retains all rights to all elements of Nordic Developer Academy. This includes, but is not limited to, the concept, design, trademarks, know-how, trade secrets, copyrights and all other intellectual property rights.

Nordic Semiconductor receives all rights to all content uploaded or created in Nordic Developer Academy. You do not receive any license or usage rights to Nordic Developer Academy beyond what is explicitly stated in this Agreement.

‍6. Liability and damages

‍Nothing within these Terms of Use is intended to limit your statutory data privacy rights as a data subject, as described in the Nordic Developer Academy Privacy Policy. ‍You acknowledge that errors might occur from time to time and waive any right to claim for compensation as a result of errors in Nordic Developer Academy. When an error occurs, you shall notify Nordic Semiconductor of the error and provide a description of the error situation.

You agree to indemnify Nordic Semiconductor for any loss, including indirect loss, arising out of or in connection with your use of Nordic Developer Academy or violations of these Terms of Use. ‍Nordic Semiconductor shall not be held liable for, and does not warrant that (i) Nordic Developer Academy will meet your specific requirements, (ii) Nordic Developer Academy will be uninterrupted, timely, secure, or error-free, (iii) the results that may be obtained from the use of Nordic Developer Academy will be accurate or reliable, (iv) the quality of any products, services, information, or other material purchased or obtained by you through Nordic Developer Academy will meet your expectations, or that (v) any errors in Nordic Developer Academy will be corrected.

You accept that this is a service provided to you without any payment and hence you accept that Nordic Semiconductor will not be held responsible, or liable, for any breaches of these Terms of Use or any loss connected to your use of Nordic Developer Academy. Unless otherwise follows from mandatory law, Nordic Semiconductor will not accept any such responsibility or liability.

‍7. Change of terms

‍Nordic Semiconductor may update and change the Terms of Use from time to time. Nordic Semiconductor will seek to notify you about significant changes before such changes come into force and give you a possibility to evaluate the effects of proposed changes. Continued use of Nordic Developer Academy after any such changes shall constitute your acceptance of such changes. You can review the current version of the Terms of Use at any time at https://academy.nordicsemi.com/terms-of-service/

‍8. Transfer of rights

‍Nordic Semiconductor is entitled to transfer its rights and obligation pursuant to these Terms of Use to a third party as part of a merger or acquisition process, or as a result of other organizational changes.

‍9. Third Party Services

‍‍To the extent Nordic Developer Academy facilitates access to services provided by a third party, you agree to comply with the terms governing such third party services. Nordic Semiconductor shall not be held liable for any errors, omissions, inaccuracies, etc. related to such third party services.

‍10. Dispute resolution

‍‍The Terms of Use and any other legally binding agreement between yourself and Nordic Semiconductor shall be subject to Norwegian law and Norwegian courts’ exclusive jurisdiction.

 

Switch language?

Progress is tracked separately for each language. Switching will continue from your progress in that language or start fresh if you haven't begun.

Your current progress is saved, and you can switch back anytime.

Log in
Don’t have an account? Register an account

Forgot your password?
Register an account
Already have an account? Log in
(All fields are required unless specified optional)

  • 8 or more characters
  • Upper and lower case letters
  • At least one number or special character

Forgot your password?
Enter the email associated with your account, and we will send you a link to reset your password.

Back to Log in

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.

      Change summary

      What's new in the latest version

      Matter

      Matter

      •Matter over Thread support for nRF54LM20A and nRF54LM20B SoCs.
      •Matter over Wi-Fi® support for nRF54LM20A combined with the nRF7002-EB II shield.
      •Released the Matter Cluster Editor app v1.0.1 and Matter Quick Start app v1.1.0.
      MCUboot & Partition Manager

      MCUboot & Partition Manager

      •Single-Slot DFU and RAM Load mode are both promoted to fully supported
      •Partition Manager is officially deprecated in favor of Zephyr's devicetree-based partitioning.