CC2640R2F: Missing "Encryption Response" from multi_role to SPhone encryption require (with conseguent bonding information lost)

Hi Federico, 

Assigning an expert to comment. 

Thanks,
Elin

Hello Frederico,

1. Have you profiled the heap? Heap exhaustion can sometimes lead to unresponsiveness.

http://dev.ti.com/tirex/explore/content/simplelink_cc2640r2_sdk_4_20_00_04/docs/blestack/ble_user_guide/html/ble-stack-3.x-guide/debugging-index.html#debugging-common-heap-issues 

If this is the case you can consider using cache as ram:

http://dev.ti.com/tirex/explore/content/simplelink_cc2640r2_sdk_4_20_00_04/docs/blestack/ble_user_guide/html/ble-stack-common/cache-as-ram.html?highlight=cache%20ram#configure-the-cache-as-gpram 

2. Have you tried the latest SDK?

Hi Eirik,

i'm already using cache_as_ram. I've used almost the entire FLASH available for my project, so I can't switch from my actual SDK to another one more new because they all require more FLASH than the FLASH uesd on SDK_1_35. Regarding the Heap, i'm using HEAPMGR_SIZE=0 and HEAPMGR_METRICS and I don't see any problem from Heap.

It seems that in debug this problem is less frequent(but also present). May be the "slow timing" in debug help the bonding process?

Also, I'm using OSAL_SNV=1 and from http://software-dl.ti.com/lprf/simplelink_cc2640r2_sdk/1.35.00.33/exports/docs/ble5stack/ble_user_guide/html/cc2640/memory_management.html

I've found "OSAL_SNV=1 --> One flash sector is allocated to SNV. Bonding info is stored in NV. Flash compaction uses flash cache RAM for intermediate storage, thus a power-loss during compaction results in SNV data loss. Also, due to temporarily disabling the cache, a system performance degradation may occur during the compaction. Set preprocessor symbol OSAL_SNV=1 in the Stack project."

Can be this "system performance degradation" the problem during the bonding process?

And last question: I've found these in 

http://software-dl.ti.com/simplelink/esd/simplelink_cc2640r2_sdk/3.30.00.20/exports/docs/blestack/ble_user_guide/html/ble-stack-3.x/gapbondmngr.html?highlight=osal_snv#gapbondmgr-and-snv

where is wrote 

To alleviate the amount of blocking required, the user application can generate the public-private key pair ahead of the pairing process, or it can define when the keys should be recycled by using the following parameters of the GapBondMgr. These options are mutually exclusive, as generation of keys by the application bypasses the recycle parameter.

• GAPBOND_ECC_KEYS
• GAPBOND_ECCKEY_REGEN_POLICY

So, may I use GAPBOND_ECC_KEYS or GAPBOND_ECCKEY_REGEN_POLICY to fix my problem?

Thanks and Regards,

Federico

Hi Federico,

I wanted to ask for some additional clarification to help with the issue you are facing. As Eirik stated, there is a possibility for the device to become unresponsive if the device runs out of memory and the heap gets corrupted.

To further debug if this is a memory related issue, reference the following document to debug common heap issues and more specifically track the heapmgrMemFail variable to pinpoint if memory allocation failures has occurred https://dev.ti.com/tirex/content/simplelink_cc2640r2_sdk_4_20_00_04/docs/blestack/ble_user_guide/html/ble-stack-3.x/creating-a-custom-bluetooth-low-energy-application.html#using-production-test-mode-ptm . This document was created for SDK v4_20_00_04 so the information may differ from what you might see in your SDK version. I would also reference the document located within your SDK v1_35_00_33 in /docs/ble5stack/ble_user_guide.html under the section Debugging -> Profiling the Icall Heap Manager (heapmgr.h) and Debugging Memory Problems -> Dynamic Allocation Errors for further information on debugging heap issues. You will have to add a preprocessor symbol HEAPMGR_METRICS to enable the collection of heap metrics.

Another tool that can be used to monitor if this is a heap issue is to have the ROV tool in CCS running while continuously updating information on HeapMem.

Best Regards,

Jenny

Hi Jenny,

thanks for your help. As I wrote above, I'm already monitoring the variables heapmgrMemFail,heapmgrMemAlo, heapmgrMemMax, etc. thorugh the preprocessor symbol HEAPMGR_METRICS as decribed in SDK_1_35_00_33. Unfortunately I'm not using CCS but instead IAR. Anyway with IAR I can monitor all these variables countinuosly while running in DEBUG using "Live Watch" variables option. 

I'm using also the auto_size feature for Heap(HEAPMGR_SIZE=0) , Cache_as_Ram and the Aux_as_Ram to increase the amount of heap available.

Running In debug, I can't see any failure in heapmgrMemFail, heapmgrMemAlo is always less then heapmgrMemMax (few time ago instead I was facing heapmgrMemFail problem and this is why I started using HEAPMGR_METRICS).  

The strange behaviour is that when I make the first pairing with Sphone, the bonding is always lost at the first sphone reconnection, than after the second try of bonding process, its work correctly (this means I can connect and disconnect many times the sphone from my product without lost the bonding). Then randomically (may be after few hours, may be after few minutes) of SPhone connections/disconnections without any problem, the bonding during the next SPhone connection will be lost.     

Thanks for your support

Regards, Federico

Hi Jenny,

I just finished another test. 

As I said, previously we had heap issue(so I started using HEAPMGR_METRICS) and to fix it I have decrease the preprocessor  symbol MAX_NUM_BLE_CONNS from =4  to =2. 

Today (even if actually I don't see any heapmgrMemFail) I have decrease the preprocessor  symbol MAX_NUM_BLE_CONNS from =2  to =1.

The strange behaviours I've described above is disappear(the Bonding now is kept since the first time and is not required anymore during the next connection/disconnection). I'm still testing to see if with this change, bonding is kept indefinitely

Thanks and Regards, Federico  

Hi Jenny and Eirik,

I try to explain better the strange behaviours I've found this morning using different MAX_NUM_BLE_CONNS

Case with predefined symbol MAX_NUM_BLE_CONNS=2 

SPhone and Product never paired

- 1° connection with SPhone -> Pairing and Bonding done with no problem

- disconnection from SPhone -> I can see from Sphone that the Bonding is kept in memory

- 2° connection with SPhone -> the Password is required again( I can see from Sphone that the Bonding is lost)-> Pairing Bonding done again with no problem

- disconnection from SPhone -> I can see from Sphone that the Bonding is kept in memory

- start from now, any SPhone connection and disconnection doesn't cause Bonding lost BUT FOR A RANDOM NUMBER/PERIOD OF TIMES

The 2° connection is Always required to have a bonding ok (at least for a period of time as i wrote)

Case with predefined symbol MAX_NUM_BLE_CONNS=1 

SPhone and Product never paired

- 1° connection with SPhone -> Pairing and Bonding done with no problem

- disconnection from SPhone -> I can see from Sphone that the Bonding is kept in memory

- 2° connection with SPhone -> no password required again, the Bonding is kept

- disconnection from SPhone -> I can see from Sphone that the Bonding is kept in memory

- any SPhone connection and disconnection doesn't cause Bonding lost. ACTUALLY ITS NEVER LOST BUT IT'S JUST FROM TODAY THAT I'M TRYING IT

Thanks and Regards

Federico 

Hi Federico,

Thank you for the detailed description of the behaviors based on different test cases. I wanted to give you an update on testing the issues you are seeing. Based on your information provided, I modified the multi_host project and tested with Light Blue to recreate the issue you are seeing with MAX_NUM_BLE_CONNS set to 2. I tested with both the debugger connected and disconnected and the results were roughly the same as follows:

- Connection asks to pair with passkey. Once passkey is entered, connection is successful and bond save successful

- 1st disconnect/reconnect is successful

- 2nd disconnect/reconnect asks to pair with passkey again

- Tested 10 more disconnects/reconnects all successful

At the moment when I set MAX_NUM_BLE_CONNS to 1, I am not able to recreate the results you described as it shows the multi_role as non connectable. I am debugging the difference in behavior at the moment, however, here are my modifications to the multi_role project. Please confirm that these are the changes you made or if there are additional changes made to the project that I may have overlooked.

Project: ble5_multi_role_cc2640r2lp_app

SDK: v1_35_00_33

Predefined Symbols:

- CACHE_AS_RAM

-AUX_AS_RAM

-OSAL_SNV=1

-HEAPMGR_SIZE=0

-MAX_NUM_BLE_CONNS=1

-GAP_BOND_MGR

-V42_FEATURES=SECURE_CONNS_CFG

Additions to the multi role initialization:

- During GAP Bond Manager Setup within multi_role_init

    uint8_t pairMode = GAPBOND_PAIRING_MODE_INITIATE;
    uint8_t mitm = TRUE;
    uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY;
    uint8_t bonding = TRUE;
    uint8_t gapbondSecure = GAPBOND_SECURE_CONNECTION_ONLY;

    GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode);
    GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
    GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);
    GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding);
    GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &gapbondSecure);

- At the end of multi_role_init

  #define APP_TX_PDU_SIZE 27
  #define APP_RX_PDU_SIZE 27
  #define APP_TX_TIME 328
  #define APP_RX_TIME 328

  HCI_EXT_SetMaxDataLenCmd(APP_TX_PDU_SIZE ,  APP_TX_TIME,
     APP_RX_PDU_SIZE, APP_RX_TIME);

  uint8_t featSet[8] = {0};
  CLR_FEATURE_FLAG( featSet[0], LL_FEATURE_DATA_PACKET_LENGTH_EXTENSION );
  HCI_EXT_SetLocalSupportedFeaturesCmd( featSet );

-Note: I left out #pragma optimize=none fix for IAR as I wanted to test this within CCS instead of IAR to utilize the ROV tool 

Tools:

CC2640R2F running multi_role and Samsung S9+ running LightBlue

Please let me know if there are differences in our setup. I will keep you updated on recreating the fix when setting MAX_NUM_BLE_CONNS to 1.

Best Regards,

Jenny

Hi Federico,

An update since my last post. I was able to recreate what you are seeing when setting MAX_NUM_BLE_CONNS=1 where my central has never paired with the CC2640 running multi_role. The following steps of what occurs, which is the same as your description, is listed below:

- Phone and CC2640 have never been paired.

- Pairing and bond is successful after first connect

- All subsequent disconnects/reconnects are successful and do not require a passkey.

I started testing MAX_NUM_BLE_CONNS=2 again to see why a passkey is always required during 2nd or third disconnect/reconnect and then subsequent disconnects/reconnects no longer require a passkey to successfully connect. I discovered that the device address of the phone is changing. To give an example:

1. Phone and Multi_role have never bonded before. Once bonding and connection is successful, I see the device address of the phone is 0x41E0CB73530A.

2. I perform a 1st disconnect/reconnect and the device address of phone is now updated to 0x78337990EB56

3. I perform a 2nd disconnect/reconnect and the device address of phone is now updated to 0x306A854170C7 (This is the step that requires the additional passkey re-entry)

4. Every subsequent disconnect/reconnect will always result in the same device address of phone 0x306A854170C7 (No passkey is needed for all subsequent disconnects/reconnects)

Is this the same behavior you are seeing?

Best Regards,

Jenny

Hi Jenny,

APP Linker symbols I'm using are:

CC2650=2
FLASH_ROM_BUILD=2
CACHE_AS_RAM=1
AUX_AS_RAM=1 
RTOS_ROM=1

while in STACK Compiler preprocessor I'm using

OSAL_CBTIMER_NUM_TASKS=1
OSAL_SNV=1

and also

-GAP_BOND_MGR

-V42_FEATURES=SECURE_CONNS_CFG

My multi_role init setup is:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

uint8_t pairMode = GAPBOND_PAIRING_MODE_INITIATE;

uint8_t mitm = TRUE;
uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY;
uint8_t bonding = TRUE;
#endif 

GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode); 
GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm); 
GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap); 
GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding); 

uint8_t gapbondSecure = GAPBOND_SECURE_CONNECTION_ONLY; 
GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION_ONLY, sizeof(uint8_t), &gapbondSecure); 

#define APP_TX_PDU_SIZE 27
#define APP_RX_PDU_SIZE 27
#define APP_TX_TIME 328
#define APP_RX_TIME 328

HCI_EXT_SetMaxDataLenCmd(APP_TX_PDU_SIZE , APP_TX_TIME, APP_RX_PDU_SIZE, APP_RX_TIME);

// Register and start Bond Manager

VOID GAPBondMgr_Register(&multi_role_BondMgrCBs); 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

As you can see, 
- I added gapbondSecure
- I added the HCI_EXT_SetMaxDataLenCmd just below the various GAPBondMgr_SetParameter and not at the end of the multi_role init 
- I didn't set the  CLR_FEATURE_FLAG. Some weeks ago I've tryied to use it, but because I didn't see any improvements regarding the bonding problem, I've delete it
 

Thanks again for your support

Regards, Federico

Hi Jenny,

together with the Android/Apple APP supplier, we have intensively test many different SPhone: during these test we've found that some device change its mac address once re-connected (as you describe in p.1, p.2 and p.3) but franckly speacking I didn't check the behaviours you wrote in p.4.

However I'm sure about a different behaviours compared with yours in p.4: after some subsequent disconnections/reconnections (random: its can be few or many of them) the bonding may be lost yet (but I don't know if this happen because the Sphone has changed again its mac address).

Let me know if I can help you with more informations

Thanks and Regards

Federico

Hi Federico,

I wanted to give you an update on the efforts we are taking to debug this issue at the moment. I have filed an internal ticket with elevated priority on this issue to have the software team shed light on what is causing this behavior. On top of being able to recreate your original test case, I performed additional tests cases listed below and will also continue to debug this issue:

Test case 1

Setup:

CC2640R2F - Simple Peripheral

Android - Running LightBlue as Central Device

Modifications:

- Change pair mode to be GAPBOND_PAIRING_MODE_INITIATE

- In this case no change is necessary to predefined symbol MAX_NUM_BLE_CONNS as this is the default simple peripheral project

Steps:

1. Use LightBlue to connect to simple peripheral

2. Enter Passkey to successfully bond

3. All subsequent disconnects/reconnects do not require a passkey

Test case 2

Setup:

CC2640R2F - Multi Role

CC2640R2F - Simple Central

Modifications:

- Change pair mode to be GAPBOND_PAIRING_MODE_INITIATE

- Modified passkey on Simple Central to be default passkey

- Keep predefined symbol MAX_NUM_BLE_CONNS=2

Steps:

1. Use simple central to connect to multi role

2. Successfully bond

3. All subsequent disconnects/reconnects do not require a passkey

Test Case 3

Setup:

CC2640R2F - Multi Role

CC2640R2F - Simple Peripheral

Android - Running LightBlue as Central Device

Modifications:

- Change pair mode to be GAPBOND_PAIRING_MODE_INITIATE

- Keep predefined symbol MAX_NUM_BLE_CONNS=2

Steps:

1. Use simple central to connect to multi role (successfully bonding)

2. Use LightBlue to connect to multi role (enter passkey to successfully bond)

3. On LightBlue, successfully disconnect/reconnect to multi role for the 1st time (without having to enter a passkey again)

4. On LightBlue, disconnect/reconnect to multi-role for the 2nd time (central device is required to enter passkey again)

5. All subsequent disconnects/reconnects using LightBlue do not require a passkey

Test Case 4

Setup:

CC2640R2F - Multi Role

CC2640R2F - Simple Peripheral

Android - Running LightBlue as Central Device

Modifications:

- Change pair mode to be GAPBOND_PAIRING_MODE_INITIATE

- Keep predefined symbol MAX_NUM_BLE_CONNS=2

Steps:

1. Use LightBlue to connect to multi role (enter passkey to successfully bond)

2. Use simple central to connect to multi role (successfully bonding)

3. All subsequent disconnects/reconnects using LightBlue do not require a passkey

Note: Test case 3 and 4 have the same setup. The only difference is the order in which devices are connected.

Current action items I am taking is actively going over the sniffer logs for these additional tests I have performed and also looking into the SNV to see if any information isn't being stored or overwritten. I have also documented and provided all these additional test cases to the software team to shed more light on when this behavior occurs. I will update you as soon as I get a response back from the software team .

Best Regards,

Jenny

Hi Federico,

I wanted to give you an incremental update on the debugging efforts. I went ahead and took sniffer logs of all the test cases listed in my previous response and parsing through them to see if any additional information can be found. In addition to the logs, I did some flash dumps on SNV where the bonding information is stored. The flash was saved between each step (before connecting, after connecting, before disconnecting, after reconnecting, etc). After comparing the flash between each step it looks like the bond is always successfully saved during the first connect and never overwritten in SNV so it is conclusive to say that the multi role is not deleting or overwriting the bond in SNV.

I have provided both the additional sniffer logs and the files of saved flash to the software team and will provide you with additional information as soon as I get an update.

Best Regards,

Jenny

Hi Jenny,

thank you so much for your effort regarding this problem and the updates. I'm still testing the application with predefined symbol MAX_NUM_BLE_CONNS=1 and together with our Android/IOS APP supplier, we didn't see any bonding lost since we started one week ago.

Tthanks and Regards, Federico  

Hi Federico,

Thank you for the update! That is good to hear I have passed on this information to software, but also expressed that the end goal is to have a maximum of 2 BLE connections.

I did notice another process where I was able to keep MAX_NUM_BLE_CONNS=2 and prevent the double request for passkey when I was testing different sequences of connecting devices. It is detailed in test case 4 in the previous post. This could possibly help you continue to develop with MAX_NUM_BLE_CONNS=2 while waiting for the patch from the software team.

Best Regards,

Jenny

Hi Federico,

I wanted to provide another incremental update on this issue. Software is working on debugging and resolving this issue. They have been able to reproduce the issue, but only with Android phones. This issue was not observed on an iPhone (I wasn't able to reproduce due to lack of hardware) and Simple Central (I was able to test this and also did not see the behavior). They currently have a few leads at the moment that they are looking into and will continue to update as progress is made.

Best Regards,

Jenny

Hi Jenny,

thanks for the update. If you think I can help you with some test, please let's me know !

Regards, Federico 

Hi Federico,

I have let the software team know that you and I can also help with additional debugging if needed. Thank you, Federico! I will keep you updated.

Best Regards,

Jenny

Hi Federico,

I wanted to provide an incremental update on the efforts made so far. We have not located the root cause of this issue yet, however, I was told that the software team sounded optimistic in finding the solution toward the end of last week. We will have a sync-up meeting tomorrow morning where I will ask in greater detail what tests have been run and if there are any strong leads. I will inform you in greater detail tomorrow once I receive some more information.

Best Regards,

Jenny

Hi Federico,

Great news! The software team pinpointed the issue and created a solution for it.

The cause of this non persisting LTK is due to the fact that after one connection has been made, the multi-role device resumes advertising and fails to update the resolving list. If the predefined symbol PRIVACY_1_2_CFG is set, when the user reconnects the app to multi-role, multi-role fails to discover the user ID address and therefore also fails to extract the LTK.

The solution for this issue is to resume advertising after the connection is formed to allow for proper updating of the resolving list.

I am currently discussing with the team on the best method to provide you with this fix for the current SDK you are working on and will get back to you as soon as possible today. Thank you for your patience!

Best Regards,

Jenny

Hi  Jenny,

this is a very good news!!

Waiting for your suggestions, and again thanks for your support!

Regards Federico 

Hi Federico,

I believe the best course of action is to provide the line changes through this post because fix is implemented in the application. Since it's in the application, providing the files might be more complicated if you have already made additional application modifications. Please let me know if any of the descriptions below are unclear and we can figure out a better method of getting the fix to you.

The two files you will have to modify are Application/multi_role.c and PROFILES/multi.c.

1. Modifications for multi.c

• Locate the function gapRole_processGAPMsg(gapEventHdr_t *pMsg)
• Locate the case GAP_LINK_ESTABLISHED_EVENT
• Comment out line 1001: uint8_t advertEnable;
• Add the following line(s) after line 1013 (gapRole_AdvEnabled = FALSE):

#if !defined(GAP_BOND_MGR)
          // Reenable advertising
          uint8_t advertEnable = TRUE;
          GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t),
                               &advertEnable, NULL);
#endif

• For reference, I will paste the whole case statement to illustrate the changes described in the steps above.

  case GAP_LINK_ESTABLISHED_EVENT:
    {
      gapEstLinkReqEvent_t *pPkt = (gapEstLinkReqEvent_t *)pMsg;
//      uint8_t advertEnable;

      // If formed sucessfully
      if (pPkt->hdr.status == SUCCESS)
      {
        // Notify the Bond Manager to the connection
        VOID GAPBondMgr_LinkEst(pPkt->devAddrType, pPkt->devAddr,
                                pPkt->connectionHandle, pPkt->connRole);

        // Advertising will stop after connection formed as slave
        if ((pPkt->connRole) == GAP_PROFILE_PERIPHERAL)
        {
          gapRole_AdvEnabled = FALSE;

#if !defined(GAP_BOND_MGR)
          // Reenable advertising
          uint8_t advertEnable = TRUE;
          GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t),
                               &advertEnable, NULL);
#endif
        }
      }
      // If not formed sucessfully
      else if (pPkt->hdr.status == bleGAPConnNotAcceptable)
      {
        // Set enabler to FALSE; device will become discoverable again when
        // this value gets set to TRUE
        gapRole_AdvEnabled = FALSE;
      }

      notify = TRUE;
    }
    break;

2. Modifications for multi_role.c

• Locate the function multi_role_processPairState(gapPairStateEvent_t* pairingEvent)
• Add the following line to the beginning of the function: linkDBInfo_t pInfo;
• Add the following line(s) to the end of the function:

  linkDB_GetInfo(pairingEvent->connectionHandle, &pInfo);
  if ((pairingEvent->state != GAPBOND_PAIRING_STATE_STARTED) && (pInfo.connRole == GAP_PROFILE_PERIPHERAL))
  {
      // Reenable advertising
      uint8_t advertEnable = TRUE;
      GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t),&advertEnable, NULL);
  }

• For reference, I will paste the whole function to illustrate the changes described in the steps above.

static void multi_role_processPairState(gapPairStateEvent_t* pairingEvent)
{
  linkDBInfo_t pInfo;

  // If we've started pairing
  if (pairingEvent->state == GAPBOND_PAIRING_STATE_STARTED)
  {
    Display_print1(dispHandle, MR_ROW_SECURITY, 0,"connHandle %d pairing", pairingEvent->connectionHandle);
  }
  // If pairing is finished
  else if (pairingEvent->state == GAPBOND_PAIRING_STATE_COMPLETE)
  {
    if (pairingEvent->status == SUCCESS)
    {
      Display_print1(dispHandle, MR_ROW_SECURITY, 0,"connHandle %d paired", pairingEvent->connectionHandle);
    }
    else
    {
      Display_print2(dispHandle, MR_ROW_SECURITY, 0, "pairing failed: %d", pairingEvent->connectionHandle, pairingEvent->status);
    }
  }
  // If a bond has happened
  else if (pairingEvent->state == GAPBOND_PAIRING_STATE_BONDED)
  {
    if (pairingEvent->status == SUCCESS)
    {
      Display_print1(dispHandle, MR_ROW_SECURITY, 0, "Cxn %d bonding success", pairingEvent->connectionHandle);
    }
  }
  // If a bond has been saved
  else if (pairingEvent->state == GAPBOND_PAIRING_STATE_BOND_SAVED)
  {
    if (pairingEvent->status == SUCCESS)
    {
      Display_print1(dispHandle, MR_ROW_SECURITY, 0, "Cxn %d bond save success", pairingEvent->connectionHandle);
    }
    else
    {
      Display_print2(dispHandle, MR_ROW_SECURITY, 0, "Cxn %d bond save failed: %d", pairingEvent->connectionHandle, pairingEvent->status);
    }
  }

  linkDB_GetInfo(pairingEvent->connectionHandle, &pInfo);
  if ((pairingEvent->state != GAPBOND_PAIRING_STATE_STARTED) && (pInfo.connRole == GAP_PROFILE_PERIPHERAL))
  {
      // Reenable advertising
      uint8_t advertEnable = TRUE;
      GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t),&advertEnable, NULL);
  }
}

Note: I believe you had added the predefined symbol GAP_BOND_MGR from the original post. Remove this predefined symbol.

I have tested these changes on an OOB multi_role project from SDK version 1_35_00_33 and verified that these changes fix the issue. Please let me know if any clarification is needed on the steps!

Best Regards,

Jenny

Hi Jenny,

I made the modifications as you've described above, but unfortunately from the SPhone side I can't see anymore the message "Password request", so I'm not able to bond any device.

I've tryed with 3 different SPhone and the result is the same.

Just to add another test(may be it can be helpful?), I've re-enabled the define GAP_BOND_MGR and in multi.c I've modify your Fix from

    #if !defined(GAP_BOND_MGR)
         // Reenable advertising
         uint8_t advertEnable = TRUE;
         GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t), &advertEnable, NULL);
    #endif

to

  //  #if !defined(GAP_BOND_MGR)
         // Reenable advertising
         uint8_t advertEnable = TRUE;
         GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t), &advertEnable, NULL);
 //   #endif

just for a try: in that case I can see from the SPhone the message "Password request", however the Bonding still be fail at the first try in some device.

In this situation, If I re-change MAX_NUM_BLE_CONNS=2 to MAX_NUM_BLE_CONNS=1 the bonding process work well with all the SPhone again

I don't know if my test its make sense, but i made it just to highlight that if I'm not use the define GAP BOND MANAGER, I can't see from the SPhone the "Password request" message

Thanks and Regards, Federico

Hi Federico,

I re-verified that these changes work on an OOB multi-role project with the few modifications listed. I don't have GAP_BOND_MGR defined and am able to get a password request on my Android device. The image below has the predefined symbols I am using for the project.

In addition, my bond parameters are:

- pairMode = GAPBOND_PAIRINGMODE_INITIATE

- mitm = TRUE

- ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY

- bonding = TRUE

To narrow down what could be causing the fix to not work, can you modify a clean OOB multi_role project with the fix in the previous post and the bond parameters I have described here? Thanks!

Best Regards,

Jenny

Hi Federico,

After reviewing the files Carlo sent, I believe the root cause of this fix not working is originating from two defines within the build_config.opt.

1. I believe the behavior of the CCS vs IAR project build config is slightly different. When I tested it in CCS, even though I didn't explicitly see GAP_BOND_MGR present in the predefined symbol window (as shown in the screenshot above) it was still defined which is desired. You are correct, this define needs to be in your build_config.opt. I apologize for the miscommunication on my part for the define GAP_BOND_MGR.

2. -DV42_FEATURES=SECURE_CONNS_CFG should be commented out. Noted that with this defined, the passkey request was still displaying unwanted behavior.

After making these changes, I have verified the IAR project you have provided is working as expected with the fix. I sent Carlo a copy through the TI drive, however, I will also post the build_config.opt here for future user's that run into the same issue:

/******************************************************************************

 @file  build_config.opt

 @brief This file contains the Bluetooth Low Energy (BLE) build config options.

 Group: CMCU, SCS
 Target Device: CC2640R2

 ******************************************************************************
 
 Copyright (c) 2011-2017, Texas Instruments Incorporated
 All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:

 *  Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.

 *  Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.

 *  Neither the name of Texas Instruments Incorporated nor the names of
    its contributors may be used to endorse or promote products derived
    from this software without specific prior written permission.

 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 ******************************************************************************
 Release Name: simplelink_cc2640r2_sdk_1_30_00_25
 Release Date: 2017-03-02 20:08:31
 *****************************************************************************/

/*
    The following is a list of all possible build defines and corresponding options
    that can be set for each define:

    GATT_DB_OFF_CHIP        - Indicates that the GATT database is maintained off the chip on the
                              Application Processor (AP).

    GAP_BOND_MGR            - Used to include the Bond Manager

    HOST_CONFIG             (BLE Host Build Configurations) Possible Options:
        PERIPHERAL_CFG      - Used to include the GAP Peripheral Role support
        CENTRAL_CFG         - Used to include the GAP Central Role support
        BROADCASTER_CFG     - Used to include the GAP Broadcaster Role support
        OBSERVER_CFG        - Used to include the GAP Observer Role support

    BLE_V41_FEATURES        Configure the stack to use features from the BLE 4.1 Specification
        L2CAP_COC_CFG       - Enable L2CAP Connection Oriented Channels
        V41_CTRL_CFG        - Enable Ping, Slave Feature Exchange, Connection Parameter Request, and
                              Master Slave connection roles within the Controller (always enabled)

    BLE_V42_FEATURES        Configure the stack to use features from the BLE 4.2 Specification
        EXT_DATA_LEN_CFG    - Enable the Extended Data Length Feature in the Controller (always enabled)
        SECURE_CONNS_CFG    - Enable Secure Connections Pairing Procedure
        PRIVACY_1_2_CFG     - Enable Enhanced Privacy (always enabled)

    HCI_TL_FULL             - All supported HCI commands are available via the Tranport Layer's NPI.
                            - Intended for NP solution.
    HCI_TL_PTM              - Only those HCI commands needed for Production Test Mode are available
                              via the Transport Layer's NPI
                            - Intended for SOC solutions where, during production, accesss is temporarily
                              needed (e.g. for PHY testing using Direct Test Mode, etc.).
    HCI_TL_NONE             - No supported HCI commands are available via the Transport Layer's NPI.
                            - Intended for SOC solutions.

    Below is general information for using and/or changing this configuration option file:

    Combo Roles:        Combo roles can be set by defining multiple roles for HOST_CONFIG. The possible
                        combo roles and HOST_CONFIG defines are:
                        Peripheral + Observer  :    PERIPHERAL_CFG+OBSERVER_CFG
                        Central + Broadcaster  :    CENTRAL_CFG+BROADCASTER_CFG
                        Peripheral + Central   :    PERIPHERAL_CFG+CENTRAL_CFG

    lib_search tool:    There is a pre build action for every stack project that runs a tool
                        lib_search.exe. This tool aims to automatically import the correct library
                        files into your project based on the defines in this file.

                        The locations of all library files and their correspond options are
                        <install dir>/ble_core/ble_[host,ctrl]_lib/<device> for stack libs
                        and at <install dir>/ble_core/hci_tl_lib/<device> for
                        HCI Transport Layer libs

                        If an library is found that was built with matching options, it will be
                        copied into the project local directory at <App ewp dir>/../../lib/ and
                        subsequently linked with the stack.

                        If you experience a build error with lib_search.exe, expand the build error
                        message by clicking Tools->Options->Messages->Show build messages:->All.
                        The error messages printed out by the lib_search tool should now appear in
                        your Build Message window.

*/

/* BLE Host Build Configurations */
/* -DHOST_CONFIG=PERIPHERAL_CFG */
/* -DHOST_CONFIG=CENTRAL_CFG */
/* -DHOST_CONFIG=BROADCASTER_CFG */
/* -DHOST_CONFIG=OBSERVER_CFG */
/* -DHOST_CONFIG=PERIPHERAL_CFG+OBSERVER_CFG */
/* -DHOST_CONFIG=CENTRAL_CFG+BROADCASTER_CFG */
-DHOST_CONFIG=PERIPHERAL_CFG+CENTRAL_CFG

/* GATT Database being off chip */
/* -DGATT_DB_OFF_CHIP */

/* Include GAP Bond Manager */
-DGAP_BOND_MGR

/* BLE v4.1 Features */
/* -DV41_FEATURES=L2CAP_COC_CFG */

/* BLE v4.2 Features */
/* Note: For advanced users who choose to explicitly build their BLE    */
/* Stack without ROM the following upper limit on RAM usage must be     */
/* observed when using the Secure Connections Feature:                  */
/* R1: 0x20004F2C                                                       */
/* R2: 0x20004F80                                                       */
/* When using linker command files provided by this SDK, the linker     */
/* symbol ENCRYPTION_ROM=1 or ENCRYPTION_ROM=2 may be defined to set    */
/* this upper limit for R1 and R2 devices, respectively.                */
/* -DV42_FEATURES=SECURE_CONNS_CFG */

/* Include Transport Layer (Full or PTM) */
-DHCI_TL_NONE
/* -DHCI_TL_PTM */
/* -DHCI_TL_FULL */

/* BLE Vendor Specific Features */
/* -DEXTRA_ADV_FEAT=SCAN_REQ_RPT_CFG */
/* -DEXTRA_SCAN_FEAT=SCAN_EVT_NOTICE_CFG */

Thank you for your patience!

Best Regards,

Jenny

Hi  Jenny,

thanks for your support. Right now I'm testing the project with the fix suggested.

Regarding the multi.c you've sent to Carlo, I found that the fix

#if !defined(GAP_BOND_MGR)               
      // Reenable advertising          
      uint8_t advertEnable = TRUE;              
      GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t), &advertEnable, NULL);
#endif      

isn't be grayed out (as you suggested few days ago): it's just because I'm using the define GAP_BOND_MGR so it's like to comment it out ? Basically, if a link is formed succesfully, the Advertising must not be enabled ? Am I right? 

Last question is: because in file.opt I need comment out -DV42_FEATURES=SECURE_CONNS_CFG , what about the security connection level? I'm going to decrease the security during the connection  compared to before?

Thanks and Regards,

Federico

Hi Federico,

Hope that testing is successful with this fix!

Yes you are correct, the fix should have this section greyed out and GAP_BOND_MGR should be defined. Since original issue was that after one connection was being made, it resumes advertising and fails to update the resolving list, having this fix in place it will resume advertising after the bonding/pairing process is completed.

Removing SECURE_CONNS_CFG I believe will disable the BLE 4.2 stack secure connections pairing procedure feature.

Best Regards,

Jenny

Hi  Jenny,

I'm doing many test with our product, using 2 connection define and your Fix.

I'm using two different SPhone (Samsung A20 & Huwawei Mate 20 Pro, both with SO Android 10). I've bonded both the SPhone with a couple of products, named 1 and 2.

After few days of connections/disconnesctions with no problems, during a connection test between Samsung and product 1, the bonded was lost.

So I immediately check if the bonding was lost also with product 2, but this second bonding was ok. So I've checked also the bonding between Mate 20 Pro with both product 1 and 2 and also in this case the bonding was ok

I made again a bonding with Samsung and product 1

A day later it happened the same thing, this time between Huwawei and product 1, and also in that case all the others bonding were ok.

In this context, how can I understand if the bonding was lost from the SPhone side or from the product side?
Is it reasonable to think that bonding was lost from the product side, as it happened with two different SPhone (both of which are quite new) ?

Thanks and Regards,  Federico

Hi Federico,

I'm unsure if this is related to the original encryption issue as the behavior seems different. The original issue and fix addressed not successfully storing the Long Term Key which is why bonding failed during the first connection/pair. It seems like with this current issue, you are able to go a few days with connecting and disconnecting properly but the bonding is lost.

After revisiting the ticket, I did see an additional change the software team made. I'm unsure if this is related to your issue, however, I would recommend making this change regardless as it is a cleaner fix than the original use of the GAP_BOND_MGR define:

In multi.c, instead of adding:

#if !defined(GAP_BOND_MGR)
          // Reenable advertising
          uint8_t advertEnable = TRUE;
          GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t),
                               &advertEnable, NULL);
#endif

Remove this portion and replace it with the following in the same spot in the code:

          uint8_t bonding;
          // If bonding is disabled
          GAPBondMgr_GetParameter(GAPBOND_BONDING_ENABLED, &bonding);
          if(bonding == FALSE)
          {
            // Reenable advertising
            uint8_t advertEnable = TRUE;
            GAPRole_SetParameter(GAPROLE_ADVERT_ENABLED, sizeof(uint8_t),
                                 &advertEnable, NULL);
          }

1. In the meantime, would you be able to provide sniffer logs of this as the behavior is different, it might be an entirely different situation. After reviewing the sniffer logs, it might bring more clarity on if the bonding was lost from the SPhone side or from the product side.

2. I wanted to clarify the test setup. Is it correct to assume that product 1 and 2 are both multi_roles? Additionally it seems like you mentioned that both times when bonding was lost it was SPhone (first time Samsung and second time Huawei) + product 1. Have you ever noticed any bonding lost when using the combination of SPhone (either Samsung or Huawei) + product 2? If not, would you be able to detail the behavioral differences between product 1 and 2 such as number of times reads/writes are performed, bonding parameters, etc. to narrow down if this could be from the product side or SPhone side?

Thanks Federico!

Best Regards,

Jenny