Our peripheral medical product, based on the nRF5340, is designed to pair and bond with both PC and mobile devices via Bluetooth Low Energy (BLE).
I've implemented BLE Security Mode 1, Level 4 (LE Secure Connections with MITM protection and encryption), which is functioning correctly. Here'are the relevant configuration settings.
prj.conf: .. CONFIG_BT_SMP=y CONFIG_BT_SMP_APP_PAIRING_ACCEPT=y Kconfig: .. CONFIG_BT_SETTINGS CONFIG_NVS CONFIG_SETTINGS CONFIG_BT_BONDABLE mcuboot.conf: .. CONFIG_BOOT_SIGNATURE_TYPE_RSA=n CONFIG_BOOT_SIGNATURE_TYPE_ED25519=n CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y CONFIG_BOOT_SIGNATURE_KEY_FILE="../../../../my_priv_ecdsa.pem"
While I understand that this level of security isn't strictly required for FDA or CE compliance—since the device does not store or transmit sensitive data—Security Level 2 would technically be sufficient.
Moreover, a colleague raised a concern that enforcing Security Level 4 might cause compatibility issues, as some mobile or PC devices might not support this level of BLE security.
Based on your expertise, is this a valid concern?
In the settings listed above, what to change to downgrade from Level 4 to Level 2?
