This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2652P: DEV_SEC_AUTH_TC_REJOIN_STATUS flag is not valid on SDK 6.40

Part Number: CC2652P

When a device directly rejoin into trust-center with Unsecured-Rejoin mode, the Trust Center will not recognize the device as "DEV_SEC_AUTH_TC_REJOIN_STATUS" mode.

  • Hi Aries,

    Can you provide a sniffer log of the failed rejoin process?  Is this behavior different than v6.30, or what is the latest SDK for which the behavior is as expected?  Have you further debugged ZDSecMgrDeviceJoin to determine the root cause of the device failing to join?  If you have this functionality working on a previous SDK then I'd be curious to know the differences inside zd_sec_mgr.c which concern DEV_SEC_AUTH_TC_REJOIN_STATUS.

    Regards,
    Ryan

  • I have make a mistake, this issue is appearing in SDK 6.30.   The coordinator has processed "zstackmsg_CmdIDs_BDB_TC_LINK_KEY_EXCHANGE_NOTIFICATION_IND" message when it receives a unsecured-rejoin command. I have fixed this issue On SDK 6.30,  and my software has not updated to SDK 6.40.

  • Fix this issue like this

    uint8_t ZDSecMgrNewDeviceEvent( uint16_t ShortAddr )
    {
      uint8_t                 found;
      ZDSecMgrDevice_t      device;
      AddrMgrEntry_t        addrEntry;
      associated_devices_t* assoc;
      ZStatus_t             status;
    
      // initialize return results
      found = FALSE;
    
      assoc = AssocGetWithShort( ShortAddr );
    
      if ( assoc != NULL )
      {
        // device found
        found = TRUE;
    
        // check for preconfigured security
        if ( zgPreConfigKeys == TRUE )
        {
          // set association status to authenticated
          ZDSecMgrAssocDeviceAuth( assoc );
        }
    
        // set up device info
        addrEntry.user  = ADDRMGR_USER_DEFAULT;
        addrEntry.index = assoc->addrIdx;
        AddrMgrEntryGet( &addrEntry );
    
        device.nwkAddr    = assoc->shortAddr;
        device.extAddr    = addrEntry.extAddr;
        device.parentAddr = NLME_GetShortAddr();
    
        // the new device performed Secured Rejoin
        if ( ( assoc->devStatus & DEV_SECURED_JOIN ) &&
             ( assoc->devStatus & DEV_REJOIN_STATUS ) )
        {
          device.secure     = TRUE;
        }
        else
        {
          device.secure     = FALSE;
          if( assoc->devStatus & DEV_REJOIN_STATUS )
          {
            assoc->devStatus |= DEV_SEC_AUTH_TC_REJOIN_STATUS;
          }
        }
        device.devStatus  = assoc->devStatus;
    
        // process new device
        status = ZDSecMgrDeviceNew( &device );
    
        if ( status == ZSuccess )
        {
          assoc->devStatus &= ~DEV_SEC_INIT_STATUS;
        }
        else
        {
          // Clear SECURITY bit from Address Manager
          ZDSecMgrAddrClear( addrEntry.extAddr );
    
          // Remove the Association completely
          AssocRemove( addrEntry.extAddr );
        }
      }
    
      return found;
    }

  • Thanks for providing your solution.  Just to be clear, without this change the TC rejoin functionality still works but has the incorrect device status bits set during commissioning?

    Thanks for clarifying,
    Ryan