Change Bootloader Security Level via Fixed Stack OTA

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
MaMc_3367101
Level 3
Level 3
10 replies posted 5 replies posted 5 sign-ins

We currently have devices (PSOC 4 BLE) in the field with Security Levels of "Authenticated pairing with encryption" enabled in the Bootloader project. Our bootloadable project works fine and isn't having any issues. Now we have a requirement for another PSOC 4 to connect to our units but they have no pin entry capability. I realize we can't change our Services (Encryption with Authentication Required) in our stack but are we able to change permissions from the bootloable project at all? The issue is our pairing code can be changed from a mobile app for our devices in the field but our standalone PSOC has no way to enter that PIN for a bond.

Can we change our Permission for our Services and our Security Level for our stack from within our Bootloadable project? Any suggestions as to how we could solve this issue if not?

0 Likes
1 Solution
GeonaP_26
Moderator
Moderator
Moderator
250 solutions authored 100 solutions authored 50 solutions authored
  1. As the new device do not have pin entry capability and if you would like to retain the same requirements; you can force the passkey in the firmware of the new PSoC 4 BLE device without keyboard. Please refer to Authenticate CyBLE Central and Peripheral when Devices do not have IO Capabilities – KBA220286
  2. If you cannot access the new BLE device /  want to downgrade the requirements, please refer following code snippet. Please update the index (0x12) and permission requirement (0x09000001u) according to your application.

       

          CYBLE_GATTS_DB_T custom_db[CYBLE_GATT_DB_INDEX_COUNT];

        case CYBLE_EVT_STACK_ON:

       

        cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;

        cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );

       

        memcpy(custom_db, cyBle_gattDB, CYBLE_GATT_DB_INDEX_COUNT * sizeof(CYBLE_GATTS_DB_T));

        custom_db[0x12].permission = 0x09000001u;

        CyBle_GattsDbRegister(custom_db, CYBLE_GATT_DB_INDEX_COUNT, CYBLE_GATT_DB_MAX_VALUE_LEN);

View solution in original post

6 Replies

Thanks for the reply but that’s for a fixed passkey.

0 Likes
erlu_2343051
Level 1
Level 1
First like received First like given Welcome!

Hi mmccorkle,

I'm not sure I'm fully understanding your question, so I apologize if this is way off base, but in my bootloadable project, I'm doing

```

cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;

cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );

```


To disable the bonding and passcode requirement.

0 Likes

Thank you for the suggestion. That does indeed disable security at the global level but I still receive the normal "Authentication is insufficient" when actually trying to communicate with a service/characteristic that is setup with Authentication required in the GUI.

(ie)CYBLE_EVT_GAP_AUTH_FAILED is still called even with the following set.

cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;

cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );

Can I disable security / authentication at the service / characteristic level or is this failure caused by something else?

For reference, the solution for this other post was to disable these settings at the characteristic level but I'm not sure if I can do so programmatically.

Changing Encryption settings using API

0 Likes
GeonaP_26
Moderator
Moderator
Moderator
250 solutions authored 100 solutions authored 50 solutions authored
  1. As the new device do not have pin entry capability and if you would like to retain the same requirements; you can force the passkey in the firmware of the new PSoC 4 BLE device without keyboard. Please refer to Authenticate CyBLE Central and Peripheral when Devices do not have IO Capabilities – KBA220286
  2. If you cannot access the new BLE device /  want to downgrade the requirements, please refer following code snippet. Please update the index (0x12) and permission requirement (0x09000001u) according to your application.

       

          CYBLE_GATTS_DB_T custom_db[CYBLE_GATT_DB_INDEX_COUNT];

        case CYBLE_EVT_STACK_ON:

       

        cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;

        cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );

       

        memcpy(custom_db, cyBle_gattDB, CYBLE_GATT_DB_INDEX_COUNT * sizeof(CYBLE_GATTS_DB_T));

        custom_db[0x12].permission = 0x09000001u;

        CyBle_GattsDbRegister(custom_db, CYBLE_GATT_DB_INDEX_COUNT, CYBLE_GATT_DB_MAX_VALUE_LEN);

MaMc_3367101
Level 3
Level 3
10 replies posted 5 replies posted 5 sign-ins

Thank you for the response Geona. I actually decided to go ahead with an alternative route by allowing the device to connect and bond with a predetermined PIN within a 30 second window. After that time, the mobile app can connect and change PINs since the standalone device would have already been bonded and stored.  This allows us to keep all of our previous legacy products in the field with minimal changes to our bootloadable peripheral project. Our stakeholder is satisfied with the result.

I hope this helps others with the same dilemma. I appreciate the feedback from everyone and this only helps to strengthen our understanding of the CyBle components and possibilities.

0 Likes