In this exercise, we will add storing keys to the application. Then we will use the stored keys to limit the access to only devices previously paired with the peripheral (your board). This is called an Filter Accept List. The peripheral processes only the connection requests from devices in the Filter Accept List. Requests from other devices will be ignored. This makes our device exclusively available to bonded devices.
While walking through exercise 1, you may have noticed that if you disconnected your phone from the peripheral and then reconnected, you could re-encrypt the link without pairing again. But if we reset the device and tried to reconnect, we needed to pair again. This is because bonding is supported in SMP by default (through CONFIG_BT_BONDABLE).
However, key storing and restoring requires writing data to flash and restoring it from flash. So you will need to include the Bluetooth setting which handles flash, in your application, to be able to store and restore the bond information to flash, through CONFIG_BT_SETTINGS.
1.1 Add setting support in your application to store data in flash.
Enable CONFIG_BT_SETTINGS, and its dependency CONFIG_SETTINGS, to make sure the Bluetooth stack takes care of storing (and restoring) the pairing keys.
1.3 Call settings_load() after initializing Bluetooth so that previous bonds can be restored.
As per the documentation for CONFIG_BT_SETTINGS, we must call the API function settings_load() manually to be able to store the pairing keys and configuration persistently.
Add the following line in main.c
Copy
settings_load();
C
1.4 Build and flash the application to your board.
1.5. Verify that after you pair your phone with the device, you can reset the hardware and can connect to the same phone again without having to pair again. This means the information was stored during the first pairing, i.e the devices were bonded.
2. Delete the stored bond
Our application can now store bond information. But it should be able to remove the stored bond information when needed as well. We can do this by calling bt_unpair(), which has the following signature.
2.1 Add an extra button handling to remove bond information. In this case, we will use button 2.
Add the following line in main.c
Copy
#define BOND_DELETE_BUTTON DK_BTN2_MSK
C
2.2 Call bt_unpair() to erase all bonded devices
We want to erase all bonded devices whenever button 2 is pressed, by calling bt_unpair() with BT_ADDR_LE_ANY as the address. This will erase all bonded devices. If you want to erase one single device in the bond list, you would need to input the address of the device you want to delete.
Add the following code in the button_changed() function in main.c
2.3 Build and flash the application to your board.
2.4. Connect your smart phone to the device then disconnect and press button 2 to erase all bonded devices. If you try connecting again, you will notice that the phone can’t re-encryp the link. This usually results in the connection being dropped. You would need to remove the bond on the phone (in Bluetooth settings -> Forget this device) before you connect again to be able to make a new pairing.
3. Add a Filter Accept List to the application.
Now that we have the bond information stored in flash, we will use it to create a Filter Accept List that will only allow the devices on this list to connect to the peripheral.
3.1 Enable support for Filter Accept List and Privacy Features.
Let’s enable the Filter Accept List API (CONFIG_BT_FILTER_ACCEPT_LIST) and the Private Feature support, which makes it possible to generate and use Resolvable Private Addresses (CONFIG_BT_PRIVACY).
Add the following lines in the prj.conf file
Copy
CONFIG_BT_FILTER_ACCEPT_LIST=yCONFIG_BT_PRIVACY=y
Kconfig
3.2 Add new advertising parameters based on the Filter Accept List.
We want our advertising packet to depend on whether or not we are using the Filter Accept List. Let’s create two different ones using the BT_LE_ADV_PARAM helper macro that we used in Lesson 2.
3.2.1 Define the advertising parameter BT_LE_ADV_CONN_NO_ACCEPT_LIST for when the Filter Accept List is not used
For options, we want the advertising to be connectable by using BT_LE_ADV_OPT_CONNECTABLE. We also want to use BT_LE_ADV_OPT_ONE_TIME, so the device will not automatically advertise after disconnecting. So that we can do advertise with the new Filter Accept List after it’s bonded to the first device.
3.2.2 Define the advertising parameter BT_LE_ADV_CONN_ACCEPT_LIST for when the Filter Accept List is used
This will be similar to the previous one. However, we will use BT_LE_ADV_OPT_FILTER_CONN to filter out the connection requests from devices not in the list.
3.3 Define the function setup_accept_list() to loop through the bond list and add the addresses to the Filter Accept List
3.3.1 Define the callback setup_accept_list_cb to add an address to the Filter Accept List.
Define the callback function that will be called for every iteration of the bond list to add the peer address to the Filter Accept List, using bt_le_filter_accept_list_add(), which has the following signature
Add the following code snippet in main.c
Copy
staticvoidsetup_accept_list_cb(conststruct bt_bond_info *info, void *user_data){int *bond_cnt = user_data;if ((*bond_cnt) < 0) {return; }int err = bt_le_filter_accept_list_add(&info->addr);LOG_INF("Added following peer to whitelist: %x%x\n",info->addr.a.val[0],info->addr.a.val[1]);if (err) {LOG_INF("Cannot add peer to Filter Accept List (err: %d)\n", err); (*bond_cnt) = -EIO; } else { (*bond_cnt)++; }}
C
3.3.2 Define a function to iterate through all existing bonds, using bt_foreach_bond() and then call setup_accept_list_cb()
We can use the function bt_foreach_bond() to iterate through all existing bonds.
For each bond, we will call setup_accept_list_cb() to add the peer address into the Filter Accept List.
3.4.1 Define the function advertise_with_acceptlist() to begin advertising with the Filter Accept List.
The next step is to make a work queue function that will call setup_accept_list() to build the Filter Accept List, and then to start advertising with the Filter Accept List (if it is non-empty), otherwise, advertise with no Filter Accept List.
In this function, we will advertise with BT_LE_ADV_CONN_NO_ACCEPT_LIST if the list is empty. This will do open advertising, but the advertising will not automatically restart when disconnected as explained earlier at step 3.2.
This way we will be able to change advertising setting to use Filter Accept List when disconnected. Notice how it’s defined as a work queue thread instead of a normal function. The reason for it is explained at Step 3.5.
3.5 Submit the same work queue in the on_disconnected() callback
Submit the work queue for advertise_acceptlist() in the callback for a disconnected event. So if there is any new bond we will have it updated to the Filter Accept List upon disconnection.
Copy
k_work_submit(&advertise_acceptlist_work);
C
We submit a work item here because if we call bt_le_adv_start() directly in callback we will receive an -ENOMEM error (-12). This is because in the disconnected() callback, the connection object is still reserved for the connection that was just terminated. If we start advertising here, we will need to increase the maximum number of connections (CONFIG_BT_MAX_CONN) by one., in our case, it would need to be two. In order to save on RAM, we submit a work item using k_work_submit that will delay starting advertising until after the callback has returned.
3.6 Verify if the Filter Accept List works as intended.
To perform this step, you will need an extra phone or a central device to verify if the Filter Accept List works or not. We will start by erasing the bond information on both the Nordic hardware and your phone that has previously been connected to the device. Next, connect and bond the device with your phone, as we have done previously, and make sure you can control the LED from your phone. Then disconnect.
Now use another central device to connect to the Nordic device. If the Filter Accept List works as it should, you will not be able to connect with this new central device. Now use the original phone that you have bonded to the Nordic device and you should be able to connect.
This shows that the Filter Accept List now works as expected. The device only accepts connections from the previously bonded phone.
4. Add “Pairing mode” to allow new devices to be added to the Filter Accept List
The code we have built so far, only allows a single device to be added to the Filter Accept List.
To allow new devices to connect and bond, we need to add an option to do “open advertising”, often called “Pairing mode”. We will use a button press to enable “Pairing mode”.
4.1 Increase the number of maximum paired devices
Increase the number of paired devices allowed at one time, using CONFIG_BT_MAX_PAIRED, which has a default value of 1.
Let’s increase this to 5, by adding the following line in the prj.conf file
Copy
CONFIG_BT_MAX_PAIRED=5
Kconfig
4.2.1 Add the button handling code to enable pairing mode.
Define a new button for “pairing mode”. We will use button 3.
Copy
#define PAIRING_BUTTON DK_BTN3_MSK
C
4.2.2 Add the following code to button_changed() callback.
When button 3 is pressed, we want to stop advertising, clear the Filter Accept List and start to advertise with the advertising parameters we made for the case with no Filter Accept List.
Note that if you want to advertise with an Filter Accept List again you have two options: either reset the device or make a new bond then disconnect.
Note
The button should only be pressed when the device is advertising and not connected to a peer. It is possible to set a flag, so that if the device is in a connection it will return to open advertising once it is disconnected. But this is not covered in the scope of this exercise.
4.3 Verify the pairing mode
You will need an extra phone or a central device to perform this step. Start by erasing the bond information on the Nordic hardware and your phone that was previously connected to the device. Next, connect and bond the device with your phone, as we have done previously, and ensure you can control the LED from your phone. Then disconnect.
Now use another central device to try and connect to the Nordic device. Just like we saw previously, you should not be able to connect.
Now press button 3 to enable “Pairing mode”. When in “Pairing mode”, try to use the second phone to connect again. This time it should be able to connect, and you can perform pairing with this phone. After this, your Filter Accept List will contain 2 devices.
Nordic Developer Academy Privacy Policy
1. Introduction
In this Privacy Policy you will find information on Nordic Semiconductor ASA (“Nordic Semiconductor”) processes your personal data when you use the Nordic Developer Academy.
References to “we” and “us” in this document refers to Nordic Semiconductor.
2. Our processing of personal data when you use the Nordic Developer Academy
2.1 Nordic Developer Academy
Nordic Semiconductor processes personal data in order to provide you with the features and functionality of the Nordic Developer Academy. Creating a user account is optional, but required if you want to track you progress and view your completed courses and obtained certificates. If you choose to create a user account, we will process the following categories of personal data:
Email
Name
Password (encrypted)
Course progression (e.g. which course you have completely or partly completed)
Certificate information, which consists of name of completed course and the validity of the certificate
Course results
During your use of the Nordic Developer Academy, you may also be asked if you want to provide feedback. If you choose to respond to any such surveys, we will also process the personal data in your responses in that survey.
The legal basis for this processing is GDPR article 6 (1) b. The processing is necessary for Nordic Semiconductor to provide the Nordic Developer Academy under the Terms of Service.
2.2 Analytics
If you consent to analytics, Nordic Semiconductor will use Google Analytics to obtain statistics about how the Nordic Developer Academy is used. This includes collecting information on for example what pages are viewed, the duration of the visit, the way in which the pages are maneuvered, what links are clicked, technical information about your equipment. The information is used to learn how Nordic Developer Academy is used and how the user experience can be further developed.
2.2 Newsletter
You can consent to receive newsletters from Nordic from within the Nordic Developer Academy. How your personal data is processed when you sign up for our newsletters is described in the Nordic Semiconductor Privacy Policy.
3. Retention period
We will store your personal data for as long you use the Nordic Developer Academy. If our systems register that you have not used your account for 36 months, your account will be deleted.
4. Additional information
Additional information on how we process personal data can be found in the Nordic Semiconductor Privacy Policy and Cookie Policy.
Nordic Developer Academy Terms of Service
1. Introduction
These terms and conditions (“Terms of Use”) apply to the use of the Nordic Developer Academy, provided by Nordic Semiconductor ASA, org. nr. 966 011 726, a public limited liability company registered in Norway (“Nordic Semiconductor”).
Nordic Developer Academy allows the user to take technical courses related to Nordic Semiconductor products, software and services, and obtain a certificate certifying completion of these courses. By completing the registration process for the Nordic Developer Academy, you are agreeing to be bound by these Terms of Use.
These Terms of Use are applicable as long as you have a user account giving you access to Nordic Developer Academy.
2. Access to and use of Nordic Developer Academy
Upon acceptance of these Terms of Use you are granted a non-exclusive right of access to, and use of Nordic Developer Academy, as it is provided to you at any time. Nordic Semiconductor provides Nordic Developer Academy to you free of charge, subject to the provisions of these Terms of Use and the Nordic Developer Academy Privacy Policy.
To access select features of Nordic Developer Academy, you need to create a user account. You are solely responsible for the security associated with your user account, including always keeping your login details safe.
You will able to receive an electronic certificate from Nordic Developer Academy upon completion of courses. By issuing you such a certificate, Nordic Semiconductor certifies that you have completed the applicable course, but does not provide any further warrants or endorsements for any particular skills or professional qualifications.
Nordic Semiconductor will continuously develop Nordic Developer Academy with new features and functionality, but reserves the right to remove or alter any existing functions without notice.
3. Acceptable use
You undertake that you will use Nordic Developer Academy in accordance with applicable law and regulations, and in accordance with these Terms of Use. You must not modify, adapt, or hack Nordic Developer Academy or modify another website so as to falsely imply that it is associated with Nordic Developer Academy, Nordic Semiconductor, or any other Nordic Semiconductor product, software or service.
You agree not to reproduce, duplicate, copy, sell, resell or in any other way exploit any portion of Nordic Developer Academy, use of Nordic Developer Academy, or access to Nordic Developer Academy without the express written permission by Nordic Semiconductor. You must not upload, post, host, or transmit unsolicited email, SMS, or \”spam\” messages.
You are responsible for ensuring that the information you post and the content you share does not;
contain false, misleading or otherwise erroneous information
infringe someone else’s copyrights or other intellectual property rights
contain sensitive personal data or
contain information that might be received as offensive or insulting.
Such information may be removed without prior notice.
Nordic Semiconductor reserves the right to at any time determine whether a use of Nordic Developer Academy is in violation of its requirements for acceptable use.
Violation of the at any time applicable requirements for acceptable use may result in termination of your account. We will take reasonable steps to notify you and state the reason for termination in such cases.
4. Routines for planned maintenance
Certain types of maintenance may imply a stop or reduction in availability of Nordic Developer Academy. Nordic Semiconductor does not warrant any level of service availability but will provide its best effort to limit the impact of any planned maintenance on the availability of Nordic Developer Academy.
5. Intellectual property rights
Nordic Semiconductor retains all rights to all elements of Nordic Developer Academy. This includes, but is not limited to, the concept, design, trademarks, know-how, trade secrets, copyrights and all other intellectual property rights.
Nordic Semiconductor receives all rights to all content uploaded or created in Nordic Developer Academy. You do not receive any license or usage rights to Nordic Developer Academy beyond what is explicitly stated in this Agreement.
6. Liability and damages
Nothing within these Terms of Use is intended to limit your statutory data privacy rights as a data subject, as described in the Nordic Developer Academy Privacy Policy. You acknowledge that errors might occur from time to time and waive any right to claim for compensation as a result of errors in Nordic Developer Academy. When an error occurs, you shall notify Nordic Semiconductor of the error and provide a description of the error situation.
You agree to indemnify Nordic Semiconductor for any loss, including indirect loss, arising out of or in connection with your use of Nordic Developer Academy or violations of these Terms of Use. Nordic Semiconductor shall not be held liable for, and does not warrant that (i) Nordic Developer Academy will meet your specific requirements, (ii) Nordic Developer Academy will be uninterrupted, timely, secure, or error-free, (iii) the results that may be obtained from the use of Nordic Developer Academy will be accurate or reliable, (iv) the quality of any products, services, information, or other material purchased or obtained by you through Nordic Developer Academy will meet your expectations, or that (v) any errors in Nordic Developer Academy will be corrected.
You accept that this is a service provided to you without any payment and hence you accept that Nordic Semiconductor will not be held responsible, or liable, for any breaches of these Terms of Use or any loss connected to your use of Nordic Developer Academy. Unless otherwise follows from mandatory law, Nordic Semiconductor will not accept any such responsibility or liability.
7. Change of terms
Nordic Semiconductor may update and change the Terms of Use from time to time. Nordic Semiconductor will seek to notify you about significant changes before such changes come into force and give you a possibility to evaluate the effects of proposed changes. Continued use of Nordic Developer Academy after any such changes shall constitute your acceptance of such changes. You can review the current version of the Terms of Use at any time at https://academy.nordicsemi.com/terms-of-service/
8. Transfer of rights
Nordic Semiconductor is entitled to transfer its rights and obligation pursuant to these Terms of Use to a third party as part of a merger or acquisition process, or as a result of other organizational changes.
9. Third Party Services
To the extent Nordic Developer Academy facilitates access to services provided by a third party, you agree to comply with the terms governing such third party services. Nordic Semiconductor shall not be held liable for any errors, omissions, inaccuracies, etc. related to such third party services.
10. Dispute resolution
The Terms of Use and any other legally binding agreement between yourself and Nordic Semiconductor shall be subject to Norwegian law and Norwegian courts’ exclusive jurisdiction.