• State Not Answered
  • Replies 3 replies
  • Subscribers 70 subscribers
  • Views 585 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 302911
Options

Enabling BLE security mode 4 only on BLE and not on BLE-Mesh

hiteshk014

Hello,

I wanted to enable L4 security on my BLE connection, 

    /** Level 4: Authenticated Secure Connections and 128-bit key. */
    BT_SECURITY_L4,
Hence added the param in my prj.conf as :
CONFIG_BT_SMP_SC_ONLY=y
CONFIG_BT_TINYCRYPT_ECC=y
CONFIG_BT_MAX_PAIRED=2
But now as an unintended result the L4 security is also enabled for my BLE-Mesh, and it is prompting me to enter key while provisioning.
It ask for passkey prior to provisioning when pairing happens 
Configuration of BT_SECURITY_L4 added
Is this a bug..?
We're using nRF Connect SDK 1.9.1

How can I enable L4 security only for BLE and not for BLE-Mesh..?
Thanks,
Regards,
Hitesh
  • 0

    Hi Hitesh,

    Could you please provide more details on
    - What is prompting you to enter the key?
    - What exact steps were you doing when the key was requested?
    - What key was requested?

    Passkey is not a Bluetooth Mesh feature and is not a part of any Bluetooth Mesh procedures.
    In BLE, passkey prompts should only happen during pairing. 
    During Bluetooth Mesh provisioning, the network key will be required, this is normal.

    Best regards,

    Hieu

  • 0 in reply to Hieu

    Hi Hieu,

    When we enabled this security layer,

    Prior to provisioning, when we select the respective device for provisioning from the list, pairing happens in nRF Mesh app, during that time it ask for passkey (as mentioned in attached screenshot)
    this passkey mechanism is enabled from smp.c from nRF Connect SDK.

  • 0 in reply to hiteshk014

    Hi Hitesh,

    My apology, last time I misunderstood your code as the code of the central for some reasons, and missed something obvious.

    On the peripheral, your code effectively trigger a security request right after connection is established.
    On the other hand, the provisioning using the nRF Mesh app is done via a (BLE) GATT connection (using the GATT Bearer, PB-GATT).
    As such, when provisioning starts, the GATT connection is established, then your peripheral/provisionee device requests security, and finally the central device accepts by starting the pairing process.

    So, this is normal behavior.

    If you want to see that the pairing did not become "tangled" with mesh operation, you provision the device using the Advertising Bearer (PB-ADV), there would be no GATT connection, and you would see that there is no pairing involved.
    The Bluetooth: Mesh Provisioner sample does provisioning using PB-ADV if you wish to try it.

    You can read more about peripheral requesting security in this DevZone answer by my colleague Vidar. There he also explains that if you wish, you can setup your GATT Profile so that security is only request when certain Characteristics or Descriptors are accessed by the Central, which will remove this behavior.

    Hieu

Related
Terms of service