• State Verified Answer
  • Replies 8 replies
  • Subscribers 74 subscribers
  • Views 2250 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 265107
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Setting IO Capabilities with NCS

nrbrook

I've tried searching for some documentation on pairing IO capabilities with NCS/Zephyr but can't find any. I'm trying to modify the peripheral_hids_keyboard example to use "just works" pairing (no input no output device). Looking at the docs for bt_conn_auth_cb I thought simply removing the passkey_* and pairing_confirm callbacks would be sufficient, but pairing fails and I get "Security failed: <addr> (public) level 1 err 4" in the console output. The only reference I can see to IO capabilities is the "CONFIG_BT_SMP_ENFORCE_MITM" option (which is enabled in the example):

"With this option enabled, the Security Manager will set MITM option in the Authentication Requirements Flags whenever local IO Capabilities allow the generated key to be authenticated."

But I can't find any docs that detail how to specify those local IO capabilities.

What else do I need to do? Where is the documentation for this?

Parents Reply Children
  • 0 in reply to Mttrinh

    I still get the same error.

    The HID over GATT spec states:

    The HID Device shall use LE Security Mode 1 and either Security Level 2 or 3. All supported characteristics specified by the HID Service shall be set to Security Mode 1 and either Security Level 2 or 3.

    The Bluetooth spec defines this as:

    10.2.1 LE security mode 1
    LE security mode 1 has the following security levels:
    1. No security (No authentication and no encryption)
    2. Unauthenticated pairing with encryption
    3. Authenticated pairing with encryption
    4. Authenticated LE Secure Connections pairing with encryption using a 128- bit strength encryption key.

    So they do require pairing, but not authentication. With the nRF5 SDK this works correctly. Is unauthenticated pairing not supported in the nRF connect SDK?

  • +1 in reply to nrbrook

    I managed to get it working.

    # this can be left enabled
CONFIG_BT_HIDS_DEFAULT_PERM_RW_ENCRYPT=y
# we are using unauthenticated pairing
CONFIG_BT_HIDS_DEFAULT_PERM_RW_AUTHEN=n
# we do not want to enforce MITM as this requires authenticated pairing
CONFIG_BT_SMP_ENFORCE_MITM=n
# we want to overwrite old bonds from the same device (optional, security risk)
CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE=y

Related
Terms of service