fix(gateway): enable KNX security device endpoints and enhance tunnel frame handling

Signed-off-by: Tony <tonylu@tony-cloud.com>

apps/gateway/sdkconfig

@@ -674,7 +674,7 @@ CONFIG_GATEWAY_KNX_BRIDGE_SUPPORTED=y
 CONFIG_GATEWAY_START_KNX_BRIDGE_ENABLED=y
 CONFIG_GATEWAY_KNX_DATA_SECURE_SUPPORTED=y
 # CONFIG_GATEWAY_KNX_IP_SECURE_SUPPORTED is not set
-# CONFIG_GATEWAY_KNX_SECURITY_DEV_ENDPOINTS is not set
+CONFIG_GATEWAY_KNX_SECURITY_DEV_ENDPOINTS=y
 CONFIG_GATEWAY_KNX_SECURITY_PLAIN_NVS=y
 CONFIG_GATEWAY_KNX_OEM_MANUFACTURER_ID=0x01e5
 CONFIG_GATEWAY_KNX_OEM_HARDWARE_ID=0xa401

components/gateway_knx/src/ets_device_runtime.cpp

@@ -123,6 +123,7 @@ EtsDeviceRuntime::EtsDeviceRuntime(std::string nvs_namespace,
   }
   ESP_LOGI("gateway_knx", "OpenKNX loading memory namespace=%s", nvs_namespace_.c_str());
   device_.readMemory();
+  ApplyReg1DaliIdentity(device_, platform_);
   installGroupObjectCallbacks();
   if (!IsUsableIndividualAddress(device_.deviceObject().individualAddress()) &&
       IsUsableIndividualAddress(fallback_individual_address)) {
@@ -520,6 +521,14 @@ bool EtsDeviceRuntime::shouldConsumeTunnelFrame(CemiFrame& frame) const {
       const uint16_t client_address = tunnelClientAddress();
       const bool commissioning = !const_cast<Bau07B0&>(device_).configured() || programmingMode();
 
+      // KNX Data Secure setup uses tool-access sync frames on group-address 0.
+      // Consume those locally so the secure layer can emit its response back on
+      // the active tunnel instead of forwarding the request to TP-UART only.
+      if (frame.addressType() == GroupAddress && dest == 0x0000 &&
+          frame.apdu().type() == SecureService) {
+        return true;
+      }
+
       if (frame.addressType() == IndividualAddress) {
         if (dest == own_address || dest == client_address ||
             (commissioning && dest == kKnxUnconfiguredBroadcastAddress)) {