PSoC 4 MCU
- Home
- Products
- MCU & PSoC
- PSoC 4 MCU
- Change Bootloader Security Level via Fixed Stack O...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
We currently have devices (PSOC 4 BLE) in the field with Security Levels of "Authenticated pairing with encryption" enabled in the Bootloader project. Our bootloadable project works fine and isn't having any issues. Now we have a requirement for another PSOC 4 to connect to our units but they have no pin entry capability. I realize we can't change our Services (Encryption with Authentication Required) in our stack but are we able to change permissions from the bootloable project at all? The issue is our pairing code can be changed from a mobile app for our devices in the field but our standalone PSOC has no way to enter that PIN for a bond.
Can we change our Permission for our Services and our Security Level for our stack from within our Bootloadable project? Any suggestions as to how we could solve this issue if not?
Solved! Go to Solution.
- Labels:
-
BLE
GeonaP_26
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- As the new device do not have pin entry capability and if you would like to retain the same requirements; you can force the passkey in the firmware of the new PSoC 4 BLE device without keyboard. Please refer to Authenticate CyBLE Central and Peripheral when Devices do not have IO Capabilities – KBA220286
- If you cannot access the new BLE device / want to downgrade the requirements, please refer following code snippet. Please update the index (0x12) and permission requirement (0x09000001u) according to your application.
CYBLE_GATTS_DB_T custom_db[CYBLE_GATT_DB_INDEX_COUNT];
case CYBLE_EVT_STACK_ON:
cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;
cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );
memcpy(custom_db, cyBle_gattDB, CYBLE_GATT_DB_INDEX_COUNT * sizeof(CYBLE_GATTS_DB_T));
custom_db[0x12].permission = 0x09000001u;
CyBle_GattsDbRegister(custom_db, CYBLE_GATT_DB_INDEX_COUNT, CYBLE_GATT_DB_MAX_VALUE_LEN);
GeonaP_26
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Please check out this KBA Authenticate CyBLE Central and Peripheral when Devices do not have IO Capabilities – KBA220286
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thanks for the reply but that’s for a fixed passkey.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi mmccorkle,
I'm not sure I'm fully understanding your question, so I apologize if this is way off base, but in my bootloadable project, I'm doing
```
cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;
cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );
```
To disable the bonding and passcode requirement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thank you for the suggestion. That does indeed disable security at the global level but I still receive the normal "Authentication is insufficient" when actually trying to communicate with a service/characteristic that is setup with Authentication required in the GUI.
(ie)CYBLE_EVT_GAP_AUTH_FAILED is still called even with the following set.
cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;
cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );
Can I disable security / authentication at the service / characteristic level or is this failure caused by something else?
For reference, the solution for this other post was to disable these settings at the characteristic level but I'm not sure if I can do so programmatically.
GeonaP_26
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- As the new device do not have pin entry capability and if you would like to retain the same requirements; you can force the passkey in the firmware of the new PSoC 4 BLE device without keyboard. Please refer to Authenticate CyBLE Central and Peripheral when Devices do not have IO Capabilities – KBA220286
- If you cannot access the new BLE device / want to downgrade the requirements, please refer following code snippet. Please update the index (0x12) and permission requirement (0x09000001u) according to your application.
CYBLE_GATTS_DB_T custom_db[CYBLE_GATT_DB_INDEX_COUNT];
case CYBLE_EVT_STACK_ON:
cyBle_authInfo.bonding = CYBLE_GAP_BONDING_NONE;
cyBle_authInfo.security = (CYBLE_GAP_SEC_MODE_1 | CYBLE_GAP_SEC_LEVEL_1 );
memcpy(custom_db, cyBle_gattDB, CYBLE_GATT_DB_INDEX_COUNT * sizeof(CYBLE_GATTS_DB_T));
custom_db[0x12].permission = 0x09000001u;
CyBle_GattsDbRegister(custom_db, CYBLE_GATT_DB_INDEX_COUNT, CYBLE_GATT_DB_MAX_VALUE_LEN);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thank you for the response Geona. I actually decided to go ahead with an alternative route by allowing the device to connect and bond with a predetermined PIN within a 30 second window. After that time, the mobile app can connect and change PINs since the standalone device would have already been bonded and stored. This allows us to keep all of our previous legacy products in the field with minimal changes to our bootloadable peripheral project. Our stakeholder is satisfied with the result.
I hope this helps others with the same dilemma. I appreciate the feedback from everyone and this only helps to strengthen our understanding of the CyBle components and possibilities.
