• State Not Answered
  • +2 person also asked this people also asked this
  • Replies 7 replies
  • Subscribers 75 subscribers
  • Views 2965 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 216992
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF Mesh pre-provisioning in production

blaatschaap

I am developing a nRF-Mesh based product. This product consists of a fixed number of nodes in a Bluetooth Mesh Network.

Are there possibilities to factory-provision a set of nodes by flashing provisioning data rather then perform over-the-air provisioning each set. Each set should have its own keys, and the nodes are to have the same addresses in each network. Is it possible to generate such provisioning data off-line and flash it during production?

Parents
  • 0

    Hi,

    Yes, it should be possible to factory-provision a set of nodes by flashing provisioning data. It might take a lot of work to do this depending on how many nodes you need. How many nodes does this product consist of?

  • 0 in reply to Mttrinh

    Hi,

    I assume you want to do factory-provision like OP. Unfortunately we do not have a "guide" to do this, but it is possible to do. You should be able to read flash pages via flash manager and use this to "provision" other nodes directly. I suggest you to have a look through the provisioner example code, interactive pyaci script and documentation found on infocenter. With that said, we do not recommend you to do this because of security reasons.

  • 0 in reply to Mttrinh

    What are the security considerations here? How is writing the data to flash directly less secure then running a provisioner for each set? (Which would mean, an extra production step, which is prone to error, as all the devices must be powered on in sequence and it must be verified they are provioned correctly before the next device can be turned on, etc. so basically, we want to skip that step)

    (Blaatschaap is my other account I created when this one was broken) 

  • 0 in reply to Mttrinh

    You need to be careful that you use random generated device keys and other keys, if you want to factory provision many nodes. If many of the same keys are being used, then it will be possible for someone to do a trash can attack. Which means that it is possible to dump the memory and extract the keys. The hacker can then talk to the whole mesh network.

    It depends on how many nodes you plan to have in the Mesh network. If you are planning to have a small number of nodes in each set, then it will be less risky. Since if someone should get a hold of the keys, they will only have access to those few nodes.

Reply
  • 0 in reply to Mttrinh

    You need to be careful that you use random generated device keys and other keys, if you want to factory provision many nodes. If many of the same keys are being used, then it will be possible for someone to do a trash can attack. Which means that it is possible to dump the memory and extract the keys. The hacker can then talk to the whole mesh network.

    It depends on how many nodes you plan to have in the Mesh network. If you are planning to have a small number of nodes in each set, then it will be less risky. Since if someone should get a hold of the keys, they will only have access to those few nodes.

Children
Related
Terms of service