From b2d934f3f3069ebd7924bdc0912d487d6ee3bcf2 Mon Sep 17 00:00:00 2001 From: Peter Johanson Date: Wed, 6 Dec 2023 23:07:20 +0000 Subject: [PATCH 1/2] feat(bt): Add more experimental tweaks. * Support auto security upgrade for splits properly. * Disable 2M and legacy LLCP if the experimental Kconfig flag is selected. --- app/Kconfig | 22 +++++++++++++--------- app/src/split/bluetooth/central.c | 2 ++ docs/docs/config/bluetooth.md | 10 +++++----- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/app/Kconfig b/app/Kconfig index fff63a5b9fc..a9b1b39e696 100644 --- a/app/Kconfig +++ b/app/Kconfig @@ -144,28 +144,32 @@ if ZMK_BLE config ZMK_BLE_EXPERIMENTAL_FEATURES bool "Experimental: Enable experimental/advanced BLE settings/features" - select ZMK_BLE_PASSKEY_ENTRY - select BT_GATT_AUTO_SEC_REQ - select BT_SMP_ALLOW_UNAUTH_OVERWRITE + imply ZMK_BLE_PASSKEY_ENTRY + imply BT_GATT_AUTO_SEC_REQ + imply BT_SMP_ALLOW_UNAUTH_OVERWRITE help Enables a combination of settings that are planned to be default in future versions of ZMK. This includes changes to timing on BLE pairing initation, BT Secure Connection passkey entry, - and allowing overwrite of keys from previously paired hosts. + restores use of the updated/new LLCP implementation, disables 2M PHY support, and allows + overwrite of keys from previously paired hosts. config ZMK_BLE_PASSKEY_ENTRY bool "Require passkey entry on the keyboard to complete pairing" default n select RING_BUFFER -# BT_TINYCRYPT_ECC is required for BT_SMP_SC_PAIR_ONLY when using HCI -config BT_TINYCRYPT_ECC - default y if BT_HCI && !BT_CTLR - choice BT_LL_SW_LLCP_IMPL - default BT_LL_SW_LLCP_LEGACY + default BT_LL_SW_LLCP_LEGACY if !ZMK_BLE_EXPERIMENTAL_FEATURES endchoice +config BT_CTLR_PHY_2M + default n if ZMK_BLE_EXPERIMENTAL_FEATURES + +# BT_TINYCRYPT_ECC is required for BT_SMP_SC_PAIR_ONLY when using HCI +config BT_TINYCRYPT_ECC + default y if BT_HCI && !BT_CTLR + config SYSTEM_WORKQUEUE_STACK_SIZE default 4096 if SOC_RP2040 default 2048 diff --git a/app/src/split/bluetooth/central.c b/app/src/split/bluetooth/central.c index 6f3b78ab883..3635322431c 100644 --- a/app/src/split/bluetooth/central.c +++ b/app/src/split/bluetooth/central.c @@ -397,11 +397,13 @@ static void split_central_process_connection(struct bt_conn *conn) { LOG_DBG("Current security for connection: %d", bt_conn_get_security(conn)); +#if !IS_ENABLED(CONFIG_BT_GATT_AUTO_SEC_REQ) err = bt_conn_set_security(conn, BT_SECURITY_L2); if (err) { LOG_ERR("Failed to set security (reason %d)", err); return; } +#endif // !IS_ENABLED(CONFIG_BT_GATT_AUTO_SEC_REQ) struct peripheral_slot *slot = peripheral_slot_for_conn(conn); if (slot == NULL) { diff --git a/docs/docs/config/bluetooth.md b/docs/docs/config/bluetooth.md index f957b77e3a6..61477cb5381 100644 --- a/docs/docs/config/bluetooth.md +++ b/docs/docs/config/bluetooth.md @@ -9,8 +9,8 @@ See [Configuration Overview](index.md) for instructions on how to change these s ## Kconfig -| Option | Type | Description | Default | -| -------------------------------------- | ---- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | -| `CONFIG_ZMK_BLE_EXPERIMENTAL_FEATURES` | bool | Enables a combination of settings that are planned to be default in future versions of ZMK. This includes changes to timing on BLE pairing initation, BT Secure Connection passkey entry, and allowing overwrite of keys from previously paired hosts. | n | -| `CONFIG_ZMK_BLE_PASSKEY_ENTRY` | bool | Enable passkey entry during pairing for enhanced security. (Note: After enabling this, you will need to re-pair all previously paired hosts) | n | -| `CONFIG_BT_GATT_ENFORCE_SUBSCRIPTION` | bool | Low level setting for GATT subscriptions. Set to `n` to work around an annoying Windows bug with battery notifications. | y | +| Option | Type | Description | Default | +| -------------------------------------- | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `CONFIG_ZMK_BLE_EXPERIMENTAL_FEATURES` | bool | Enables a combination of settings that are planned to be default in future versions of ZMK. This includes changes to timing on BLE pairing initation, BT Secure Connection passkey entry, restores use of the updated/new LLCP implementation, disables 2M PHY support, and allows overwrite of keys from previously paired hosts. | n | +| `CONFIG_ZMK_BLE_PASSKEY_ENTRY` | bool | Enable passkey entry during pairing for enhanced security. (Note: After enabling this, you will need to re-pair all previously paired hosts) | n | +| `CONFIG_BT_GATT_ENFORCE_SUBSCRIPTION` | bool | Low level setting for GATT subscriptions. Set to `n` to work around an annoying Windows bug with battery notifications. | y | From 2f9e832bfc0294335d624779341655ca5089f146 Mon Sep 17 00:00:00 2001 From: Peter Johanson Date: Fri, 8 Dec 2023 14:11:36 -0800 Subject: [PATCH 2/2] fix(shields): Don't enable passkey support on Uno. * The ZMK Uno has no way to input the full range of digits, so skip that setting so it's not pulled in by BLE experimental feature flag. --- app/boards/shields/zmk_uno/zmk_uno.conf | 2 ++ app/boards/shields/zmk_uno/zmk_uno_split_left.conf | 2 ++ app/boards/shields/zmk_uno/zmk_uno_split_right.conf | 2 ++ 3 files changed, 6 insertions(+) diff --git a/app/boards/shields/zmk_uno/zmk_uno.conf b/app/boards/shields/zmk_uno/zmk_uno.conf index cf282bac2cb..0c46ea98834 100644 --- a/app/boards/shields/zmk_uno/zmk_uno.conf +++ b/app/boards/shields/zmk_uno/zmk_uno.conf @@ -4,6 +4,8 @@ CONFIG_LOG=y CONFIG_ZMK_LOG_LEVEL_DBG=y +CONFIG_ZMK_BLE_PASSKEY_ENTRY=n + # Uncomment for Single color backlight # CONFIG_ZMK_BACKLIGHT=y diff --git a/app/boards/shields/zmk_uno/zmk_uno_split_left.conf b/app/boards/shields/zmk_uno/zmk_uno_split_left.conf index cf282bac2cb..0c46ea98834 100644 --- a/app/boards/shields/zmk_uno/zmk_uno_split_left.conf +++ b/app/boards/shields/zmk_uno/zmk_uno_split_left.conf @@ -4,6 +4,8 @@ CONFIG_LOG=y CONFIG_ZMK_LOG_LEVEL_DBG=y +CONFIG_ZMK_BLE_PASSKEY_ENTRY=n + # Uncomment for Single color backlight # CONFIG_ZMK_BACKLIGHT=y diff --git a/app/boards/shields/zmk_uno/zmk_uno_split_right.conf b/app/boards/shields/zmk_uno/zmk_uno_split_right.conf index cf282bac2cb..0c46ea98834 100644 --- a/app/boards/shields/zmk_uno/zmk_uno_split_right.conf +++ b/app/boards/shields/zmk_uno/zmk_uno_split_right.conf @@ -4,6 +4,8 @@ CONFIG_LOG=y CONFIG_ZMK_LOG_LEVEL_DBG=y +CONFIG_ZMK_BLE_PASSKEY_ENTRY=n + # Uncomment for Single color backlight # CONFIG_ZMK_BACKLIGHT=y