HID Keyboard Example - how to create new bond without deleting old bond

Please ignore, I've just found the answer here

https://devzone.nordicsemi.com/f/nordic-q-a/51274/bonding-doesn-t-work-after-deleting-bond-info-on-nrf-connect

What I had missed is that the peer manager recognises the pairing request as from an already bonded peer (i.e. same laptop), so rejects it (to avoid attacks that update bonding info). Solution is to to enable allow_repairing. I just added following to pm_evt_handler()

        case PM_EVT_CONN_SEC_CONFIG_REQ:
            pm_conn_sec_config_t conn_sec_config = {.allow_repairing = true};
            pm_conn_sec_config_reply(p_evt->conn_handle, &conn_sec_config);
            break;

For my application I'll maybe just do that once it has been put back in pairing mode (i.e. I keep the old bond, but accept new ones)

Please ignore, I've just found the answer here

https://devzone.nordicsemi.com/f/nordic-q-a/51274/bonding-doesn-t-work-after-deleting-bond-info-on-nrf-connect

What I had missed is that the peer manager recognises the pairing request as from an already bonded peer (i.e. same laptop), so rejects it (to avoid attacks that update bonding info). Solution is to to enable allow_repairing. I just added following to pm_evt_handler()

        case PM_EVT_CONN_SEC_CONFIG_REQ:
            pm_conn_sec_config_t conn_sec_config = {.allow_repairing = true};
            pm_conn_sec_config_reply(p_evt->conn_handle, &conn_sec_config);
            break;

For my application I'll maybe just do that once it has been put back in pairing mode (i.e. I keep the old bond, but accept new ones)

Ah, doesn't work, this "allow_repairing" allows the new bonded connection to be established, but if I then restart the nodes they fail to connect.

To help debug I've copied this whitelist advertising stuff to the hrs example so I can debug both ends. The central node reports "<info> peer_manager_handler: Connection security failed: role: Central, conn_handle: 0x0, procedure: Encryption, error: 4352"

From what I can tell, the new bonded connection is not saved to flash (after repair). Any clues as to why the original bonded connection is saved fine (and whitelist advertising works for it), but the "repaired" connection is not saved?

I must admit I'm struggling to debug peer manager stuff - are there any tricks I'm missing? I'm mainly relying on debug logging (using RTT NRF_LOG stuff) and breakpoints in pm_evt_handler()

Thanks

(updated)

Hi, 

benmack said:

The central node reports "<info> peer_manager_handler: Connection security failed: role: Central, conn_handle: 0x0, procedure: Encryption, error: 4352"

Could you try to debug and find out which function returns the error code?

benmack said:

Any clues as to why the original bonded connection is saved fine (and whitelist advertising works for it), but the "repaired" connection is not saved?

Tthe PM_EVT_PEER_DATA_UPDATE_SUCCEEDED event handler code in pm_evt_handler() might need to be modified to the first check for the device on the list and keep the existing entry, only adding a new one if it does not already exist. Check out another post https://devzone.nordicsemi.com/f/nordic-q-a/36137/return-error-by-pm_device_identities_list_set

benmack said:

I must admit I'm struggling to debug peer manager stuff - are there any tricks I'm missing?

You could enable PM_LOG_ENABLED 1 and modify PM_LOG_LEVEL to Debug (4) in the sdk_config.h, and build the project with Debug mode in Segger.

-Amanda H.

Thanks Amanda

It was indeed a problem of duplicate entries. Adding code to the PM_EVT_PEER_DATA_UPDATE_SUCCEEDED event handler sorted it. Part of my confusion is that I have whitelists at both ends, to ensure I only ever have a 1:1 bonded connection.

However I have now broken it again.... I modified the code to use NUS services in place of the HRS&BAS&DIS services of the HRS example, and now I cannot establish a bonded connection at all. The pm_evt_handler just doesn't get called at all. Any clues on how to diagnose this?

It was working fine with the HRS services, and I made no changes to the peer manager init, advertising etc., just to the services. The central now connects to the periph with no pm events, and no bonding. I clearly don't understand how to force only bonded connections, any pointers welcome. I had added code to PM_EVT_CONN_SEC_FAILED to disconnect unbonded connections, but of course if pm_evt_handler is not even called this doesn't help...

I guess this thread is morphing into my other query https://devzone.nordicsemi.com/f/nordic-q-a/73528/peer-manager-bonding---no-pm-events-when-connecting but I had no replies to that

Thanks, any help much appreciated

I will look into that case and reply later. 

-Amanda H.

Reply in this case https://devzone.nordicsemi.com/support-private/support/267828

-Amanda H.