• State Resolved
  • Locked Locked
  • Replies 14 replies
  • Answers 3 answers
  • Subscribers 52 subscribers
  • Views 3021 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2640R2F: HCI commands for cc2540 & cc2640r2f(BT5.0)

Jo Chen
Intellectual 2895 points
Part Number: CC2640R2F
Other Parts Discussed in Thread: CC2540

Hello team,

My customer is using host_test.hex in SDK v2.30.00.28 on cc2640R2Fand verifying some of the HCI commands in Btool. They found that in different version of Btools the supported HCI cmds have different parameters but same opCode. They want the new product is compatible with their earlier products made with cc2540.

Q1. Do we have a document specifying the changes and differences?

For example:

Q2: Do we have a opCode which can be used to read out chip ID to distinguish cc2540 or cc2640r2?

Q3: Do we have a op Code which can be used to read out BLE stack version?

Q4: How to use opCode 0xFC1B (HCI extention Build Version) properly?

Q5: 0xFC1D (HCI extention Reset System), Soft_Reset is not supported?

Q6: Customer used GAP related cmd to form beacon packets for CC2540, it seems to be replaced by GAP AE in new stack, do we have example for using GAP AE to form beacon packets for cc2640r2 with new stack?

Q7: For Bleedingbit flaw, SDK v2.30 is not affected, right? and for CVE-2018-7080 (OAD feature  for ALL chip), it is not affected if OAD function is not enabled?

BR & thanks, 

Jo

  • 0
    TI__Mastermind 40600 points

    Hi Jo

    Jo Chen said:
    Q1. Do we have a document specifying the changes and differences?

    The closest thing that we have is the migration guides that generally recommend how to move: http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_2_30_00_28/docs/ble5stack/ble_user_guide/html/ble-stack-5.x-guide/migration-cc2640.html

    The customer will have to ultimately port their code to work on the CC2640R2 so some effort will need to be made. A number of changes have been made to the stack, especially with the recent move to BLE5 stack so there will just be some inherent differences. We can help with specific questions, but our general recommendation is that people follow the migration documents above. 

    Jo Chen said:
    Q2: Do we have a opCode which can be used to read out chip ID to distinguish cc2540 or cc2640r2?

    You can find a register description of the dieID and BDADDR in the Device Configuration section of the CC26xx TRM, SWCU117. Refer to the Factory Configuration (FCFG) sub section.

    Jo Chen said:
    Q3: Do we have a op Code which can be used to read out BLE stack version?

    By this do you mean what version of the BLE5 Stack as in v1.0.0 vs 1.1.1 etc or do you mean BLE Version support such as BLE4.2 vs BLE5?

    Jo Chen said:
    Q4: How to use opCode 0xFC1B (HCI extention Build Version) properly?

    This command allows the embedded user code to set their own 16-bit revision number or read the build revision number of the Bluetooth low energy stack library software. The default value of the revision number is zero. When you update a Bluetooth low energy project by adding your own code, use this API to set your own revision number. When called with mode set to HCI_EXT_SET_USER_REVISION, the stack saves this value. No event is returned from this API when used this way.

    Documented here: dev.ti.com/.../group___h_c_i.html

    Jo Chen said:
    Q5: 0xFC1D (HCI extention Reset System), Soft_Reset is not supported?

    Soft reset is currently not supported on CC264x. 

    Documented here: http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_2_30_00_28/docs/ble5stack/ble_user_guide/doxygen/ble/html/group___h_c_i.html#gaffef67bdc99da95079971d9cabe512c1

    The cc26xx system has not been design to handle soft reset. Making a soft reset can make the system unstable. All soft reset needs to be replace by Hard reset.

    Jo Chen said:
    Q6: Customer used GAP related cmd to form beacon packets for CC2540, it seems to be replaced by GAP AE in new stack, do we have example for using GAP AE to form beacon packets for cc2640r2 with new stack?

    At this point, we do not, but the beacon specification (assuming iBeacon?) is well known and the same guidelines can be followed generally with the GAP Advertiser. Documentation on API's can be found here: http://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_2_30_00_28/docs/ble5stack/ble_user_guide/doxygen/ble/html/group___gap_adv.html

    Training here: http://dev.ti.com/tirex/#/?link=Software%2FSimpleLink%20CC26X2%20SDK%2FSimpleLink%20Academy%2FBluetooth%205%2FScanning%20and%20Advertising

    This is for CC26x2 but this also runs the BLE5 Stack and API's are the same. 

    Jo Chen said:
    Q7: For Bleedingbit flaw, SDK v2.30 is not affected, right? and for CVE-2018-7080 (OAD feature  for ALL chip), it is not affected if OAD function is not enabled?

    SDK 2.30 is not affected. Please reference this: https://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827 

    For more specific questions to this announcement, please contact Katie Pier. 

  • 0 in reply to Evan W
    Prodigy 70 points

    Hi Evan Wakefield,

    Thanks for your reply.

    Update as follows:

    Q2: Do we have a opCode which can be used to read out chip ID to distinguish cc2540 or cc2640r2?

    Evan Wakefield:
    You can find a register description of the dieID and BDADDR in the Device Configuration section of the CC26xx TRM, SWCU117. Refer to the Factory Configuration (FCFG) sub section.

    KunLin:
    Do you mean 0x118h~0x124h (SHDW_DIE_ID_0~3)?
    Which method can I use to access them, can I use cc2640r2lp_host_test.hex stack with HCI command to access?
    Do you have any correspondence tables (dieID vs. CHIP (CC2540 or CC2640R2)) for us to refer?

    Q3: Do we have a op Code which can be used to read out BLE stack version?

    Evan Wakefield:
    By this do you mean what version of the BLE5 Stack as in v1.0.0 vs 1.1.1 etc or do you mean BLE Version support such as BLE4.2 vs BLE5?

    KunLin:
    Can I use HCI command to read the Stack verion? (BLE5 Stack as v1.0.0 vs 1.1.1)


    Q6: Customer used GAP related cmd to form beacon packets for CC2540, it seems to be replaced by GAP AE in new stack, do we have example for using GAP AE to form beacon packets for cc2640r2 with new stack?

    I verified the simple_broadcaster and the function is ok, but we want send Beacon by HCI command with host_test Stack, so then I will check the "GAP AE" related opCode with Btool and reply to you if I have any problems.

    Thanks,

  • 0 in reply to KunLin Chung
    TI__Mastermind 40600 points
    Hi Kunlin,

    To Q3, we do not have something that can read the stack version out via HCI. You can reference the HCI docs to see all the options you have with HCI. Can you explain a little about why you'd like to do this?
    dev.ti.com/.../group___h_c_i.html

    To Q2, there is no HCI command to expose this. Can you explain what you're trying to do? for both Q2 and Q3 there may be something else that could be done if you could give more context and what you're trying to do. Thanks!
  • 0 in reply to Evan W
    Prodigy 70 points

    Hi Evan Wakefield,

    For Q2 and Q3, the following is an application scenario.

    When user plug a unknown USB dongle to our device:

       1. Identify the chip ID (e.g. BLE, BLE5 or others) and Stack version (the version has been verified and confirmed by us).

       2. Select the correct HCI command (e.g. "GAP" command for BLE with cc2640r2lp_host_test.hex or "GAP AE" command for BLE5 with ble5stack:CC2540_USBdongle_HostTestRelease_All.hex) based on the relevant chip to execute if we support this BLE chip .

       3. Skip the handle process for this USB dongle when the user plug a non-supported BLE into our device.

    So we need to be able to identify chip ID and stack version.

    Thanks,

  • 0 in reply to KunLin Chung
    TI__Mastermind 40600 points
    Hi,

    You can actually do stack version inquiry with HCI_EXT_BuildRevisionCmd() as well.

    As far as device ID, I do not see why you would need this so long as you have BLE Stack version number.
  • 0 in reply to Evan W
    Prodigy 70 points

    Hi Evan,

    We used to use HCI_EXT_BuildRevisionCmd() to confirm for CC2540

    => CC2540_USBdongle_HostTestRelease_All.hex (got from BLE-CC254x-1.4.2.2), the default BuildRevNum is 0x6928

    But for CC2640R2, we  may not  be able to use existing BLE products from the market (not produced by us) because the default UserRevNum and BuildRevNum are 0x0000 if the manufacturer did not modify before shipping.

    Thanks,

  • 0 in reply to KunLin Chung
    TI__Mastermind 40600 points
    Hi,

    I'm not sure there is another solution then. Can you help me understand your use case specifically? What is your end application?
  • 0 in reply to Evan W
    Prodigy 70 points

    Hi Evan,

    We execute an Linux daemon in our product, which can control BLE to send beacon packet by HCI command with host_test stack.
    But CCC2540 and CC2640R2 (BLE5) need to use different HCI command (such as "GAP" for CC2540 or "GAP AE" for CC2640R2), so we need to be able to identify which BLE dongle the user plugged in our product.

    Thanks

  • 0 in reply to KunLin Chung
    Prodigy 70 points

    Hi Evan,

    I try to use HCI command GapAdv_create (0xFE3E) by Btool and I got the following error, could you give me some advice on how to use GapAdv_create command?

    Thanks,

  • 0 in reply to KunLin Chung
    TI__Mastermind 40600 points
    Hi KunLin,

    I believe this is a bug with BTool or the host_test application as I'm able to reproduce this. I'll file this to get fixed.

    I did test the CC26x2 to see if this also had the same issue and it does not as of SDK 2.30. Please try that.
  • 0 in reply to Evan W
    Prodigy 70 points

    Hi Evan,

    Thank you for your confirmation.

    We don't have CC26x2 EVB board so we will wait for your next updated SDK to verify this problem.

    Thanks,

  • 0 in reply to KunLin Chung
    TI__Mastermind 40600 points
    Actually KunLin, I was wrong and made a mistake.

    The reason for receiving this Error after sending the "GapAdv_create" command is because the default "BLE Host Build Configurations" for the Ble5_host_test (under the build_config_src.opt) is -DHOST_CONFIG=CENTRAL_CFG. This configuration does not support the "GapAdv_create" command. In CC2640R2 host_test is only built with the Central Configuration and not central + peripheral.

    In order to run it:
    1) Go to the build_config_src.opt file and change the configuration to be PERIPHERAL_CFG.(unable to use the PERIPHERAL_CFG+CENTRAL_CFG configuration because there is no space left in the ble5_chameleon).
    2) In order for the "GapAdv_create" command to work properly you need to perform an "GAP_DeviceInit" command beforehand. Make sure the init is done on Peripheral and not the default Central role that is shown on the bTool.
    3) You might need to perform a reset to the device perform running these 2 commands.
  • 0 in reply to Evan W
    Prodigy 70 points

    Hi Evan,

    Thank you for your update.

    I tried to modify HOST_CONFIG, but I have some problems would like to ask you.

    1. How to load advertisement data to BLE with PERIPHERAL_CFG + broadcasterProfileRole mode?

    1-1. Change to -DHOST_CONFIG=PERIPHERAL_CFG then re-build by CCS(Version: 8.2.0.00007)

    1-2. Using BTool (v1.42.13) to execute the following commands in sequence.

    a). GAP_DeviceInit(0xFE00)

    broadcasterProfileRole: Enable
    centralProfileRole: Disable

    b). GapAdv_create (0xFE3E):

    propConnectable: Disable
    propScannable: Disable

    c). GapAdv_enable (0xFE3F)

    Test Resule1: I can scan the BLE signal without advertisement from my phone's App.

    1-3. Try to add advertisement data to BLE.

    d). GapAdv_disable(0xFE40)

    e). GapAdv_loadData(0xFE44):

    default advData: 00:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F

    f). GapAdv_enable (0xFE3F)

    Test Resule2: Can't use any scan app to get any BLE signal.

    2. BROADCASTER_CFG can't work properly?

    2-1. Change to -DHOST_CONFIG=BROADCASTER_CFG then re-build by CCS

    2-2. Using BTool to execute the following commands.

    a). GAP_DeviceInit(0xFE00)

    broadcasterProfileRole: Enable

    centralProfileRole: Disable

    Test Resule: No any response event

    Thanks,

  • 0 in reply to KunLin Chung
    TI__Mastermind 40600 points
    Hi KunLin,

    With the holidays in season, I am not going to have any time to reproduce your issues. Have you spent any time looking at enabling what your trying to enable in the code? I know all this is feasible in the code and am just curious.

    You can reference how the code calls each GAP/GAPAdv/GAPxyz API and re-emulate in BTool ensuring that you have the right host config enabled.

    Also make sure that after you change your host config, that you recompile both stack and application and re-flash.