Connection security level is stuck at level 1 after it had successfully paired (with confirmed connection security level 4) with an iPhone.

Hi, 

Do you add setting support in your application to store data in flash? If not, please add it. Check out this DevAcademy course: https://academy.nordicsemi.com/courses/bluetooth-low-energy-fundamentals/lessons/lesson-5-bluetooth-le-security-fundamentals/topic/blefund-lesson-5-exercise-2/ 

Regards,
Amanda H.

Hi Amanda,

Of course, we did have those settings turned on to get the pairing feature work:

CONFIG_SETTINGS=y
CONFIG_BT_SETTINGS=y
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_FLASH_MAP=y
CONFIG_NVS=y

After it had paired with a Central (an iPhone or ESP32S3), it worked for a few hours (power-resetting the board still gets the Central reconnected successfully). Just sometimes, the connection is stuck at level 1, the Central is not populated with connected event (such as in iOS, Bluetooth Settings, the device is shown as Not Connected). In this error state, if I print out the connection info, application crash as I had mentioned above.   

Just a reminder: since we do use Accept list feature, there is no other device can connect to it, except for the paired Central (my device only accepts 1 pair:

)

It sticks to level 1 forever until the system crashes (causing reboot).

Could you provide the log?

Amanda,

I have minimized the log printout into the attached screenshot. This log is printed when a single click on a button is triggered.

When the single click is triggered, this function is called: 

void print_ecg_ble_state()
{
    print_data(sys_data, SYS_DATA_TOTAL_LEN, "sys_data");

    print_addr_le(bond_addr, "bonded addr");
    if (is_bonded()) // LED is currently off
    {
        led_start_blinking(LED_BLINK_CHECK_ALIVE, 3000);
    }
    // else, LED is blinking with pattern @ref LED_BLINK_PATTERN_BOND_CLEARED

    if (current_conn)
    {
        LOG_INF("conn available with security level: %d %d %d",
                bt_conn_get_security(current_conn),
                is_streaming,
                conn_param);
        print_connection_params(current_conn); // it goes here!!!
    }
    else
    {
        LOG_INF("conn not available");
    }

    print_remaining_time(&hold_adv_timer, "hold_adv_timer");
    LOG_INF("pairing attempt: %d", pairing_attempt_count);

    LOG_INF("NAND info\n\taddr: 0x%08x, mode: %d, pktnum: %d",
            NAND_Addr,
            NAND_mode,
            Pkt_num);
    if (NAND_mode == 1)
    {
        LOG_INF("NOfflen: %d", NOff_len);
    }
}

void print_connection_params(struct bt_conn *conn)
{
    struct bt_conn_info info;
    int err = bt_conn_get_info(conn, &info);
    if (err < 0)
    {
        LOG_ERR("Failed to get connection info: %d", err); // this line does not print!
    }
    else
    {
        LOG_INF("Connection params: interval %d*1.25ms, latency %d, timeout %d*10ms, security: %d",
                info.le.interval, info.le.latency, info.le.timeout,
                info.security.level);
    }
}

As in the green annotation line, `current_conn` is available with the printed security level at level 1.

`current_conn` is only established and referenced by `bt_conn_ref()` in `on_connected()` event. And `bt_conn_unref()` in `on_disconnected()` event

(Please refer to my original post for how I used it)

I can confirm that while in this error state, no other BLE scanner can "see" it (my device only accepts 1 connection).

When connection is made, the BLE stack should have been transitioned its security level from 1 to 4 without any interactions from the app. But in this error state, nothing happened after connection is established between the iPhone Central and my device (acting as a Peripheral).

What could have happened?

Best regards,

Amanda,

I have minimized the log printout into the attached screenshot. This log is printed when a single click on a button is triggered.

When the single click is triggered, this function is called: 

void print_ecg_ble_state()
{
    print_data(sys_data, SYS_DATA_TOTAL_LEN, "sys_data");

    print_addr_le(bond_addr, "bonded addr");
    if (is_bonded()) // LED is currently off
    {
        led_start_blinking(LED_BLINK_CHECK_ALIVE, 3000);
    }
    // else, LED is blinking with pattern @ref LED_BLINK_PATTERN_BOND_CLEARED

    if (current_conn)
    {
        LOG_INF("conn available with security level: %d %d %d",
                bt_conn_get_security(current_conn),
                is_streaming,
                conn_param);
        print_connection_params(current_conn); // it goes here!!!
    }
    else
    {
        LOG_INF("conn not available");
    }

    print_remaining_time(&hold_adv_timer, "hold_adv_timer");
    LOG_INF("pairing attempt: %d", pairing_attempt_count);

    LOG_INF("NAND info\n\taddr: 0x%08x, mode: %d, pktnum: %d",
            NAND_Addr,
            NAND_mode,
            Pkt_num);
    if (NAND_mode == 1)
    {
        LOG_INF("NOfflen: %d", NOff_len);
    }
}

void print_connection_params(struct bt_conn *conn)
{
    struct bt_conn_info info;
    int err = bt_conn_get_info(conn, &info);
    if (err < 0)
    {
        LOG_ERR("Failed to get connection info: %d", err); // this line does not print!
    }
    else
    {
        LOG_INF("Connection params: interval %d*1.25ms, latency %d, timeout %d*10ms, security: %d",
                info.le.interval, info.le.latency, info.le.timeout,
                info.security.level);
    }
}

As in the green annotation line, `current_conn` is available with the printed security level at level 1.

`current_conn` is only established and referenced by `bt_conn_ref()` in `on_connected()` event. And `bt_conn_unref()` in `on_disconnected()` event

(Please refer to my original post for how I used it)

I can confirm that while in this error state, no other BLE scanner can "see" it (my device only accepts 1 connection).

When connection is made, the BLE stack should have been transitioned its security level from 1 to 4 without any interactions from the app. But in this error state, nothing happened after connection is established between the iPhone Central and my device (acting as a Peripheral).

What could have happened?

Best regards,

Do you call settings_load() after initializing Bluetooth? Check out this Devacademy course: https://academy.nordicsemi.com/courses/bluetooth-low-energy-fundamentals/lessons/lesson-5-bluetooth-le-security-fundamentals/topic/blefund-lesson-5-exercise-2/ 

Could you test this sample project https://github.com/NordicDeveloperAcademy/bt-fund/tree/v2.9.0-v2.7.0/l5/l5_e2_sol? Do you see the same issue? If not, please refer to that project. 

Hi Amanda,

`settings_load()`: yes, we did have to call it to get the pairing feature work.

The Exercise 2 and the github resource: we build on this sample code.

The problem is: somehow, sometime, the SDK failed to transition the connection security level from 1 to 4.

To keep it simple for you, I outlined the code that you may need to track down the problem (if I had misused some libraries) and you may observe via the log that: when the BLE stack falls into this error state, the connection becomes invalidated; accessing any members of its struct crashes our application. After paired, transitioning connection security level is done by the BLE stack. Please correct me if I'm wrong.

What could be the problem?

Best regards,

Hi, 

If bonding information is deleted on one side but not the other, or if the stack is not configured to allow re-pairing, the security upgrade can fail. The default behaviour is not to allow re-pairing with just works. If you want this to be allowed, you can set CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE=y." 

As for the crash, you can refer to this DevAcademy course https://academy.nordicsemi.com/courses/nrf-connect-sdk-intermediate/lessons/lesson-2-debugging/ to debug.  

-Amanda H.

No, this is not bonding deleted at one side (either Central or peripheral); and as I had repeated a few times in the earlier replies, this connection security level is 4, i.e. Authenticated LE Secure Connections (MITM, ECDH), it's not Just-Work, i.e. level 2. So, the upper part of your reply is not applicable to our case.

We would take a look at the debug tutorial, which might be helpful.

Regards