https://devzone.nordicsemi.com/f/nordic-q-a/96659/enabling-ble-security-mode-4-only-on-ble-and-not-on-ble-meshHello, I wanted to enable L4 security on my BLE connection, /** Level 4: Authenticated Secure Connections and 128-bit key. */ BT_SECURITY_L4 , Hence added the param in my prj.conf as : CONFIG_BT_SMP_SC_ONLY=y CONFIG_BT_TINYCRYPT_ECCen-USTelligent Community 13Wed, 15 Feb 2023 09:02:28 GMThttps://devzone.nordicsemi.com/thread/410001?ContentTypeID=1Wed, 15 Feb 2023 09:02:28 GMT137ad170-7792-4731-bb38-c0d22fbe4515:216f108f-5964-4205-b57a-00eb27c77182Hieu<p>Hi Hitesh,</p> <p>My apology, last time I&nbsp;misunderstood your code as&nbsp;the code of the central for some reasons, and missed something obvious.</p> <p>On the peripheral,&nbsp;your code effectively trigger a security request right after connection is established. <br />On the other hand, the provisioning using the nRF Mesh app is done via a (BLE) GATT connection (using the GATT Bearer, PB-GATT). <br />As such, when provisioning starts, the GATT connection is established, then your peripheral/provisionee device requests security, and finally&nbsp;the central device accepts by starting the pairing process.</p> <p>So, this is normal behavior.</p> <p>If you want to see that the pairing did not become &quot;tangled&quot; with mesh operation, you provision the device using the Advertising Bearer (PB-ADV), there would be no GATT connection, and you would see that there&nbsp;is no pairing involved.<br />The&nbsp;<a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.2.0/zephyr/samples/bluetooth/mesh_provisioner/README.html">Bluetooth: Mesh Provisioner</a>&nbsp;sample does provisioning using&nbsp;PB-ADV if you wish to try it.</p> <p>You can read more about peripheral requesting security in <a href="https://devzone.nordicsemi.com/f/nordic-q-a/86794/how-to-initiate-ble-pairing-manually/362833">this DevZone answer by my colleague Vidar</a>. There he also explains that if you wish, you can setup your GATT Profile so that security is only request&nbsp;when certain Characteristics or Descriptors are accessed by the Central, which will remove this behavior.</p> <p>Hieu</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/409844?ContentTypeID=1Tue, 14 Feb 2023 12:27:31 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ff26a06f-7233-4942-bbc7-8e87a0722a43hiteshk014<p>Hi Hieu,</p> <p></p> <p>When we enabled this security layer,</p> <p>Prior to provisioning, when we select the respective device for provisioning from the list, pairing happens in nRF Mesh app, during that time it ask for passkey (as mentioned in attached screenshot)<br />this passkey mechanism is enabled from&nbsp;smp.c from nRF Connect SDK.</p> <p></p> <p><img style="max-height:240px;max-width:320px;" src="https://devzone.nordicsemi.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/4/pastedimage1676377752133v1.png" alt=" " /></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/409832?ContentTypeID=1Tue, 14 Feb 2023 11:57:23 GMT137ad170-7792-4731-bb38-c0d22fbe4515:23f51f78-9b66-45b6-a9f1-d8978e977fc3Hieu<p>Hi Hitesh,</p> <p>Could you please provide more details on <br />- What is prompting you to enter the key?<br />- What exact steps were you doing when the key was requested?<br />- What key was requested?</p> <p>Passkey is not a Bluetooth Mesh feature and is not a part of any Bluetooth Mesh procedures. <br />In BLE,&nbsp;passkey prompts should only happen during pairing.&nbsp;<br />During Bluetooth Mesh provisioning, the network key will be required, this is normal.</p> <p>Best regards,</p> <p>Hieu</p><div style="clear:both;"></div>