From 6040bba236c7daf83064ade08d7113ee1a6673c2 Mon Sep 17 00:00:00 2001 From: Rahul Tank Date: Thu, 22 Sep 2022 16:15:20 +0530 Subject: [PATCH] Wifi Prov: Disabled the default support for BLE Encrpytion on characteristics read /write By default, disabled the BLE Encrpyption requirement for provisioning characteristic. With this flag enabled, when remote attempts to read and if the ACL link is not encrypted, ESP device will return Insufficient Authentication. It is remote device responsibility to go for link encryption which may result in pairing. Some devices do not proceed for any pairing and just show failure pop-up. Also, user needs to remove bonding on remote phone manually and then try again. This is causing bad user experience. End user can enable it as per their use case. --- components/wifi_provisioning/Kconfig | 2 -- examples/provisioning/wifi_prov_mgr/README.md | 11 +++++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/components/wifi_provisioning/Kconfig b/components/wifi_provisioning/Kconfig index bdc9e39c28..c854b43af9 100644 --- a/components/wifi_provisioning/Kconfig +++ b/components/wifi_provisioning/Kconfig @@ -19,7 +19,6 @@ menu "Wi-Fi Provisioning Manager" bool prompt "Enable BLE bonding" depends on BT_ENABLED - default y help This option is applicable only when provisioning transport is BLE. @@ -35,7 +34,6 @@ menu "Wi-Fi Provisioning Manager" bool prompt "Force Link Encryption during characteristic Read / Write" depends on BT_NIMBLE_ENABLED - default y help Used to enforce link encryption when attempting to read / write characteristic diff --git a/examples/provisioning/wifi_prov_mgr/README.md b/examples/provisioning/wifi_prov_mgr/README.md index 16d1a5a896..3dc087c273 100644 --- a/examples/provisioning/wifi_prov_mgr/README.md +++ b/examples/provisioning/wifi_prov_mgr/README.md @@ -261,6 +261,17 @@ Now erase NVS partition by running the following commands : $IDF_PATH/components/esptool_py/esptool/esptool.py erase_region 0x9000 0x6000 ``` +### Bluetooth Pairing Request during provisioning + +ESP-IDF now has functionality to enforce link encryption requirement while performing GATT write on characteristics of provisioning service. This will however result in a pairing pop-up dialog, if link is not encrypted. This feature is disabled by default. In order to enable this feature, please set `CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION=y` in the sdkconfig or select the configuration using "idf.py menuconfig" . + +``` +Component Config --> Wi-Fi Provisioning Manager --> Force Link Encryption during Characteristic Read/Write + +``` +Recompiling the application with above changes should suffice to enable this functionality. + + ### Unsupported platform If the platform requirement, for running `esp_prov` is not satisfied, then the script execution will fallback to console mode, in which case the full process (involving user inputs) will look like this :