From c27214d98656bb8c4e84cf1cb74cf532e33da672 Mon Sep 17 00:00:00 2001 From: Kamil Piszczek Date: Tue, 8 Oct 2024 14:21:12 +0200 Subject: [PATCH] applications: nrf_desktop: enable encryption for mcumgr smp service All nRF Desktop configurations with the DFU over MCUmgr support now require encryption for operations on the Bluetooth SMP service. Unpaired Bluetooth peers should now perform the Bluetooth pairing procedure before the DFU operation. Ref: NCSDK-29061 Signed-off-by: Kamil Piszczek --- applications/nrf_desktop/bootloader_dfu.rst | 4 ++++ .../configuration/nrf52840dk_nrf52840/prj_fast_pair.conf | 2 +- .../configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf | 2 +- .../configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf | 2 +- .../nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf | 2 +- .../nrf52840gmouse_nrf52840/prj_release_fast_pair.conf | 2 +- .../nrf52kbd_nrf52832/prj_release_fast_pair.conf | 2 +- .../configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf | 2 +- .../configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf | 2 +- .../nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf | 2 +- .../releases/release-notes-changelog.rst | 2 ++ 11 files changed, 15 insertions(+), 9 deletions(-) diff --git a/applications/nrf_desktop/bootloader_dfu.rst b/applications/nrf_desktop/bootloader_dfu.rst index f6495c6a76d3..f15f79b1e432 100644 --- a/applications/nrf_desktop/bootloader_dfu.rst +++ b/applications/nrf_desktop/bootloader_dfu.rst @@ -317,6 +317,10 @@ The update image can also be transferred in the background through one of the fo The `nRF Connect Device Manager`_ application transfers the image update files over the Simple Management Protocol (SMP). +.. note:: + If your DFU target is not paired through Bluetooth with your Android device, the DFU procedure automatically triggers the pairing procedure. + The nRF Desktop configurations with the DFU support over SMP require encryption for operations on the Bluetooth GATT SMP service (see the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT` Kconfig option). + To perform DFU using the `nRF Connect Device Manager`_ mobile app, complete the following steps: .. tabs:: diff --git a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf index 5e7ddf15bfff..29a89b0c987f 100644 --- a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf @@ -113,7 +113,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf index b6e4d4d2f407..fd6081c5e720 100644 --- a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf +++ b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf @@ -99,7 +99,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_BT_L2CAP_TX_MTU=260 diff --git a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf index a75263a4fc1f..3a1bfb8bab41 100644 --- a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf @@ -155,7 +155,7 @@ CONFIG_SPI_NRFX_RAM_BUFFER_SIZE=8 # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf index e82be3872341..b25f3b562942 100644 --- a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf +++ b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf @@ -141,7 +141,7 @@ CONFIG_ZCBOR=y CONFIG_CRC=y CONFIG_MCUMGR=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_MCUMGR_GRP_IMG=y diff --git a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf index 43eb5444b973..70b3fd6bffbf 100644 --- a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf @@ -149,7 +149,7 @@ CONFIG_SPI_NRFX_RAM_BUFFER_SIZE=8 # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf index 4bc310b853b4..6c05724e3396 100644 --- a/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf @@ -112,7 +112,7 @@ CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf index d7d5f7414349..f5571ec57872 100644 --- a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf +++ b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf @@ -117,7 +117,7 @@ CONFIG_LOG_PROCESS_THREAD_STACK_SIZE=1024 # Enable MCUmgr Bluetooth transport CONFIG_DESKTOP_DFU_MCUMGR_ENABLE=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y # Allow for large Bluetooth data packets. CONFIG_BT_L2CAP_TX_MTU=498 diff --git a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf index c76ea6d62d0b..366a64afb0b4 100644 --- a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf +++ b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf @@ -95,7 +95,7 @@ CONFIG_UART_CONSOLE=n # Enable MCUmgr Bluetooth transport CONFIG_DESKTOP_DFU_MCUMGR_ENABLE=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y # Allow for large Bluetooth data packets. CONFIG_BT_L2CAP_TX_MTU=498 diff --git a/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf index 90362d6a0db1..4b6467321641 100644 --- a/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf @@ -102,7 +102,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst index acd93e0f3b12..777c17e185db 100644 --- a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst +++ b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst @@ -290,6 +290,8 @@ nRF Desktop Removed the ``CONFIG_DESKTOP_HWINFO_BLE_ADDRESS_FICR_POSTFIX`` Kconfig option as a postfix constant is no longer needed for the Zephyr native driver. The driver uses ``BLE.ADDR``, ``BLE.IR``, and ``BLE.ER`` fields of the Factory Information Configuration Registers (FICR) to provide 8 bytes of unique hardware ID. * The :ref:`nrf_desktop_dfu_mcumgr` to recognize the MCUmgr custom group ID (:kconfig:option:`CONFIG_MGMT_GROUP_ID_SUIT`) from the SUITFU subsystem (:kconfig:option:`CONFIG_MGMT_SUITFU`) as a DFU-related command group. + * All build configurations with the DFU over MCUmgr support to require encryption for operations on the Bluetooth GATT SMP service (see the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_ENCRYPT` Kconfig option). + The Bluetooth pairing procedure of the unpaired Bluetooth peers must now be performed before the DFU operation. nRF Machine Learning (Edge Impulse)