Hi,
I'm creating a device using CC2540 and I have some questions regarding its security. I searched a lot and found most of my answers in the web and the documents but I'm vague about some topics. Please look below and if anyone can help me, it'd be greatly appreciated.
1. If I set the characteristic values' permission to GATT_PERMIT_AUTHOR_READ and GATT_PERMIT_AUTHOR_WRITE, is it definitely safe? I just want to make sure, with above settings, not any device can access to them unless it's paired with CC2540. As I have passcode callback that generates random number whenever pairing request comes, with authorization permission to characteristic, I believe the data is out of reach from unknown connection. Am I right?
2. What is difference between GATT_PERMIT_AUTHOR_XX and GATT_PERMIT_AUTHEN_XX? With my above scenario, AUTHEN is enough or should I use AUTHOR permission (currently I'm planning to use AUTHOR)?
3. I'd like to make CC2540 to be paired with only one device. So I need to remove all bonds whenever new pairing was success but it's not possible as it will remove current bonding data as well. So I believe I need to use GAPBOND_ERASE_SINGLEBOND. Can anyone tell me what I should pass in GAPBondMgr_SetParameter( GAPBOND_ERASE_SINGLEBOND, len, pValue), especially pValue? I think I can use B_ADDR_LEN + 1 for len but I absolutely have no idea what to do with pValue. My assumption is that CC2540 stores the address info somewhere in NV memory when connection/pairing happens but I don't know where and when it happens.. Is there a code snippet I can use?
4. How do I set debug lock bit? By setting "Write protect boot block" and "Block debug commands (incl. read access)" from SmartRF Flash Programmer? And, by doing so, is the data in flash memory safe including user specific data in NV memory?
5. Is there a way to control transmission power so that it could be disconnected in longer than specific range? I'm using RSSI callback and GAPRole_TerminateConnection() to implement what I want but if I could simply set the connection (including advertising) range it would be definitely better.
Regards,
Brian