Skip to content

Manifest update: configurable Encryption permission for the SMP service #17436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 8, 2024
Merged

Manifest update: configurable Encryption permission for the SMP service #17436

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
216c58f
manifest: update zephyr to pull in Kconfig changes in SMP Bluetooth
kapi-no Sep 23, 2024
ffb0816
manifest: update chip to align it with Kconfig changes in SMP Bluetooth
kapi-no Sep 23, 2024
af3b1a8
manifest: update sidewalk to align it with Kconfig changes in SMP BT
kapi-no Sep 23, 2024
e5ca83d
treewide: align projects with Kconfig changes in SMP Bluetooth
kapi-no Sep 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion applications/nrf5340_audio/prj_fota.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ CONFIG_BT_HCI_CORE_LOG_LEVEL_WRN=y

# DFU
CONFIG_AUDIO_BT_MGMT_DFU=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_BT_L2CAP_TX_MTU=498
CONFIG_BT_BUF_ACL_TX_SIZE=251

Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ CONFIG_LED_PWM=y

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_IMG_MANAGER=y
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ CONFIG_LED_PWM=y

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_BT_L2CAP_TX_MTU=260
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ CONFIG_SPI_NRFX_RAM_BUFFER_SIZE=8

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_IMG_MANAGER=y
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ CONFIG_ZCBOR=y
CONFIG_CRC=y
CONFIG_MCUMGR=y
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_MCUMGR_GRP_IMG=y
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ CONFIG_SPI_NRFX_RAM_BUFFER_SIZE=8

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_IMG_MANAGER=y
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_IMG_MANAGER=y
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ CONFIG_LOG_PROCESS_THREAD_STACK_SIZE=1024
# Enable MCUmgr Bluetooth transport
CONFIG_DESKTOP_DFU_MCUMGR_ENABLE=y
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y

# Allow for large Bluetooth data packets.
CONFIG_BT_L2CAP_TX_MTU=498
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ CONFIG_UART_CONSOLE=n
# Enable MCUmgr Bluetooth transport
CONFIG_DESKTOP_DFU_MCUMGR_ENABLE=y
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y

# Allow for large Bluetooth data packets.
CONFIG_BT_L2CAP_TX_MTU=498
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ CONFIG_LED_PWM=y

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_IMG_MANAGER=y
Expand Down
2 changes: 1 addition & 1 deletion applications/nrf_desktop/configuration/nrf54l15pdk_nrf54l15_cpuapp/prj_fast_pair.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ CONFIG_LED_PWM=y

# Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer.
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y

CONFIG_IMG_MANAGER=y
Expand Down
2 changes: 1 addition & 1 deletion samples/bluetooth/mesh/common/smp_bt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ int smp_service_adv_init(void)

int smp_dfu_init(void)
{
if (IS_ENABLED(CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN) &&
if (IS_ENABLED(CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN) &&
IS_ENABLED(CONFIG_BT_MESH_LE_PAIR_RESP)) {
int err;

Expand Down
2 changes: 1 addition & 1 deletion samples/bluetooth/mesh/dfu/distributor/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ target_sources(app PRIVATE ${app_sources}
)

# Enable authentication with passkey
if (CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN AND CONFIG_BT_MESH_LE_PAIR_RESP)
if (CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN AND CONFIG_BT_MESH_LE_PAIR_RESP)
target_sources(app PRIVATE
${ZEPHYR_NRF_MODULE_DIR}/samples/bluetooth/mesh/common/smp_bt_auth.c)
endif()
6 changes: 3 additions & 3 deletions samples/bluetooth/mesh/dfu/distributor/README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ Building and running
.. include:: /includes/build_and_run.txt

.. note::
To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN` option.
To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN` option.
This will enforce a remote device to initiate a pairing request before accessing SMP characteristics.
See `SMP over Bluetooth authentication`_ for more information.

Expand Down Expand Up @@ -221,12 +221,12 @@ SMP over Bluetooth authentication
=================================

By default, the SMP characteristics don't require authentication when using SMP over Bluetooth to access the :ref:`management subsystem <zephyr:mcu_mgr>`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
By default, the SMP characteristics don't require authentication when using SMP over Bluetooth to access the :ref:`management subsystem <zephyr:mcu_mgr>`.
By default, the SMP characteristics do not require authentication when using SMP over Bluetooth to access the :ref:`management subsystem <zephyr:mcu_mgr>`.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unrelated to my change. @peknis, could you raise a PR aligning this part?

It takes a lot of effort to make CI green for such complex upgrades and there is a lot of stuff in the pipeline for the next release. I would like to avoid unnecessary CI runs as part of this PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can take this later as this is not a crucial thing.

To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN` option.
To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN` option.
This will enforce a remote device to initiate a pairing request before accessing SMP characteristics.
See `Zephyr Bluetooth LE Security`_ for more details about securing the Bluetooth LE connection.

The sample supports the :ref:`bt_mesh_le_pair_resp_readme` model that allows sending a passkey over a mesh network when the Distributor has no means of displaying the passkey.
When the model and the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN` option are enabled while a remote device tries to read the SMP characteristics, the pairing request will be initiated and the sample will require the remote device to enter the passkey generated by the model.
When the model and the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN` option are enabled while a remote device tries to read the SMP characteristics, the pairing request will be initiated and the sample will require the remote device to enter the passkey generated by the model.

To enable the LE pairing authentication with the LE Pairing Responder model support, set :makevar:`EXTRA_CONF_FILE` to :file:`overlay-smp-bt-auth.conf` file when building the sample.

Expand Down
2 changes: 1 addition & 1 deletion samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=y
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN=y
CONFIG_BT_SMP=y
CONFIG_BT_FIXED_PASSKEY=y
CONFIG_BT_MESH_LE_PAIR_RESP=y
Expand Down
2 changes: 1 addition & 1 deletion samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

CONFIG_MCUMGR=y
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y

CONFIG_MCUMGR_GRP_IMG=y
Expand Down
2 changes: 1 addition & 1 deletion samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp_ns.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

CONFIG_MCUMGR=y
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y

CONFIG_MCUMGR_GRP_IMG=y
Expand Down
5 changes: 3 additions & 2 deletions samples/common/mcumgr_bt_ota_dfu/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,9 @@ config NCS_SAMPLE_MCUMGR_BT_OTA_DFU_MCUBOOT_DIRECT_XIP_SUPPORT
default y if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT
imply MCUMGR_GRP_IMG_REJECT_DIRECT_XIP_MISMATCHED_SLOT

config MCUMGR_TRANSPORT_BT_AUTHEN
default n
choice MCUMGR_TRANSPORT_BT_PERM
default MCUMGR_TRANSPORT_BT_PERM_RW
endchoice

config IMG_ERASE_PROGRESSIVELY
default y
Expand Down
2 changes: 1 addition & 1 deletion samples/nrf5340/extxip_smp_svr/prj.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ CONFIG_BT_CTLR_DATA_LENGTH_MAX=251

# Enable the Bluetooth mcumgr transport (unauthenticated).
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y

# Enable the Shell mcumgr transport.
Expand Down
2 changes: 1 addition & 1 deletion samples/suit/recovery/prj.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ CONFIG_BT_BUF_ACL_TX_SIZE=502

# Enable the Bluetooth mcumgr transport (unauthenticated).
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y

# Disable SMP over UART
Expand Down
2 changes: 1 addition & 1 deletion samples/suit/smp_transfer/sysbuild/smp_transfer_bt.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ CONFIG_BT_BUF_ACL_TX_SIZE=502

# Enable the Bluetooth mcumgr transport (unauthenticated).
CONFIG_MCUMGR_TRANSPORT_BT=y
CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y
CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y

# Enable logs over UART
Expand Down
6 changes: 3 additions & 3 deletions west.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ manifest:
# https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
- name: zephyr
repo-path: sdk-zephyr
revision: ae75e9ebc34cafdcd5b68946026f15d030c5c798
revision: ea7e265dadf63ab2def0813378f20f2da793877e
import:
# In addition to the zephyr repository itself, NCS also
# imports the contents of zephyr/west.yml at the above
Expand Down Expand Up @@ -161,7 +161,7 @@ manifest:
- name: matter
repo-path: sdk-connectedhomeip
path: modules/lib/matter
revision: 632ea12cd8fd5a0c867855c863dd1e68d2f07d48
revision: 5a55d6099f6fdbdebdac9c0d7ea41fcfb751e7f2
west-commands: scripts/west/west-commands.yml
submodules:
- name: nlio
Expand Down Expand Up @@ -210,7 +210,7 @@ manifest:
compare-by-default: false
- name: sidewalk
repo-path: sdk-sidewalk
revision: 437ef188aa9256e4cf227589ac34217e99ba5bb4
revision: 4d57fc962da6cf35b97c2fcea05ccac70ab5819a
groups:
- sidewalk
- name: find-my
Expand Down
Loading