I'm trying to figure out why I need to rebond after completing a DFU upgrade with Android 5.1.
My bootloader does not modify the device manager pstorage state, but I am passing the bonded connection state from the application side to the bootloader side. This works fine and the upgrade process is encrypted as confirmed with the sniffer. My bootloader has the option to erase the device manager pstorage parameters (via a flag in the init packet) but I am not setting that flag. I verified that I'm not corrupting the pstorage state by computing CRCs of the pstorage pages before and after the DFU process.
When I reconnect to the application after completing the DFU upgrade a new passkey bond is triggered. This doesn't seem to happen with iOS (but I have much less test coverage with iOS).
If I just switch to the bootloader and do a small number of encrypted IOs and then switch back to the application, I can reconnect without having to re-bond (enter a new passcode).
I thought the bond state was fairly stable (doesn't change from connection to connection) and the long-term state is only re-keyed after a fairly large number of packets (large relative to my 132K upgrade image).
Is my problem just that Android is doing something that changes the bond state (LTK rekey?) and because I'm not committing those changes. I would have thought a key was good for more then <8K packets.
Also, anyone know which specific bluetooth.org spec covers the encryption in detail, especially details on how the MIC and recommended practice for thing like re-keying? My google-foo failed me (or maybe it is covered in non-public docs, joy).
Any ideas?
