1# Bluetooth LE stack configuration options 2 3# Copyright (c) 2016-2020 Nordic Semiconductor ASA 4# Copyright (c) 2015-2016 Intel Corporation 5# SPDX-License-Identifier: Apache-2.0 6 7config BT_LONG_WQ 8 bool "Dedicated workqueue for long-running tasks." 9 default y if BT_GATT_CACHING 10 help 11 Adds an API for a workqueue dedicated to long-running tasks. 12 13if BT_LONG_WQ 14config BT_LONG_WQ_STACK_SIZE 15 # Hidden: Long workqueue stack size. Should be derived from system 16 # requirements. 17 int 18 default 1400 if BT_SEND_ECC_EMULATION 19 default 1300 if BT_GATT_CACHING 20 default 1024 21 22config BT_LONG_WQ_PRIO 23 int "Long workqueue priority. Should be pre-emptible." 24 default 10 25 range 0 NUM_PREEMPT_PRIORITIES 26 27config BT_LONG_WQ_INIT_PRIO 28 int "Long workqueue init priority" 29 default 50 30 help 31 Init priority level to setup the long workqueue. 32 33endif # BT_LONG_WQ 34 35config BT_HCI_HOST 36 # Hidden option to make the conditions more intuitive 37 bool 38 default y 39 depends on !BT_HCI_RAW 40 select POLL 41 42 43config BT_HCI_TX_STACK_SIZE 44 # NOTE: This value is derived from other symbols and should only be 45 # changed if required by architecture 46 int 47 prompt "HCI Tx thread stack size" if BT_HCI_TX_STACK_SIZE_WITH_PROMPT 48 default 512 if BT_H4 49 default 512 if BT_H5 50 default 416 if BT_SPI 51 default 1280 if BT_LL_SW_SPLIT && (NO_OPTIMIZATIONS || BT_ISO_BROADCAST) 52 default 1024 if BT_LL_SW_SPLIT && BT_CENTRAL 53 default 768 if BT_LL_SW_SPLIT 54 default 512 if BT_USERCHAN 55 default 640 if BT_STM32_IPM 56 # Even if no driver is selected the following default is still 57 # needed e.g. for unit tests. This default will also server as 58 # the worst-case stack size if an out-of-tree controller is used. 59 default 1024 60 help 61 Stack size needed for executing bt_send with specified driver. 62 NOTE: This is an advanced setting and should not be changed unless 63 absolutely necessary. To change this you must first select 64 BT_HCI_TX_STACK_SIZE_WITH_PROMPT. 65 66config BT_HCI_TX_STACK_SIZE_WITH_PROMPT 67 bool "Override HCI Tx thread stack size" 68 69config BT_HCI_TX_PRIO 70 # Hidden option for Co-Operative Tx thread priority 71 int 72 default 7 73 74choice BT_RECV_CONTEXT 75 prompt "BT RX Thread Selection" 76 default BT_RECV_WORKQ_SYS if SOC_SERIES_NRF51X 77 default BT_RECV_WORKQ_BT 78 help 79 Selects in which context incoming low priority HCI packets are processed. 80 The host defines some events as high priority to avoid race conditions and deadlocks. 81 High priority events are always processed in the context of the caller of bt_recv() 82 or bt_recv_prio(). The choice will influence RAM usage and how fast incoming HCI 83 packets are processed. 84 85config BT_RECV_WORKQ_SYS 86 bool "Process low priority HCI packets in the system work queue" 87 help 88 When this option is selected, the host will process incoming low priority HCI packets 89 in the system work queue. The HCI driver shall not call bt_recv_prio(). 90 High priority HCI packets will processed in the context of the caller of bt_recv(). 91 The application needs to ensure the system workqueue stack size (SYSTEM_WORKQUEUE_STACK_SIZE) 92 is large enough, refer to BT_RX_STACK_SIZE for the recommended minimum. 93 Note: When this option is used, other users of the system work queue will influence the 94 latency of incoming Bluetooth events. 95 96config BT_RECV_WORKQ_BT 97 bool "Process low priority HCI packets in the bluetooth-specific work queue" 98 help 99 When this option is selected, the host will process incoming low priority HCI packets 100 in the bluetooth-specific work queue. The HCI driver shall not call bt_recv_prio(). 101 High priority HCI packets will processed in the context of the caller of bt_recv(). 102 The application needs to ensure the bluetooth-specific work queue size is large enough, 103 refer to BT_RX_STACK_SIZE for the recommended minimum. 104endchoice 105 106config BT_RX_STACK_SIZE 107 int "Size of the receiving thread stack" 108 default 768 if BT_HCI_RAW 109 default 3092 if BT_MESH_GATT_CLIENT 110 default 2600 if BT_MESH 111 default 2048 if BT_AUDIO 112 default 2200 if BT_SETTINGS 113 default 1200 114 help 115 Size of the receiving thread stack. This is the context from 116 which all event callbacks to the application occur. The 117 default value is sufficient for basic operation, but if the 118 application needs to do advanced things in its callbacks that 119 require extra stack space, this value can be increased to 120 accommodate for that. 121 122config BT_RX_PRIO 123 # Hidden option for Co-Operative Rx thread priority 124 int 125 default 8 126 127config BT_DRIVER_RX_HIGH_PRIO 128 # Hidden option for Co-Operative HCI driver RX thread priority 129 int 130 default 6 131 132config BT_CONN_TX_NOTIFY_WQ 133 bool "Use a separate workqueue for connection TX notify processing [EXPERIMENTAL]" 134 depends on BT_CONN_TX 135 select EXPERIMENTAL 136 help 137 Use a separate workqueue instead of system workqueue for 138 bt_conn_tx_notify processing. The option can be used to make Bluetooth 139 stack more independent from the system workqueue. 140 141if BT_CONN_TX_NOTIFY_WQ 142 143config BT_CONN_TX_NOTIFY_WQ_STACK_SIZE 144 int "Stack size of workqueue for connection TX notify processing" 145 default SYSTEM_WORKQUEUE_STACK_SIZE 146 147config BT_CONN_TX_NOTIFY_WQ_PRIO 148 int "Cooperative priority of workqueue for connection TX notify processing" 149 default 8 150 151config BT_CONN_TX_NOTIFY_WQ_INIT_PRIORITY 152 int "Init priority of workqueue for connection TX notify processing" 153 default 50 154 help 155 The connection TX notify processing workqueue is initialized during 156 system initialization (at POST_KERNEL level). The Kconfig option 157 controls the initialization priority within level. 158 159endif # BT_CONN_TX_NOTIFY_WQ 160 161menu "Bluetooth Host" 162 163if BT_HCI_HOST 164 165rsource "../mesh/Kconfig" 166rsource "../audio/Kconfig" 167 168config BT_HOST_CRYPTO 169 bool "Use crypto functionality implemented in the Bluetooth host" 170 default y if !BT_CTLR_CRYPTO 171 select MBEDTLS if !BUILD_WITH_TFM 172 select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM 173 select PSA_WANT_KEY_TYPE_AES 174 select PSA_WANT_ALG_ECB_NO_PADDING 175 help 176 The option adds the AES encryption support using PSA Crypto API 177 library if this is not provided by the controller implementation. 178 179config BT_HOST_CRYPTO_PRNG 180 bool "Use PSA crypto API library for random number generation" 181 default y 182 select PSA_WANT_ALG_SHA_256 183 select PSA_WANT_KEY_TYPE_HMAC 184 select PSA_WANT_ALG_HMAC 185 depends on BT_HOST_CRYPTO 186 help 187 When selected, will use PSA Crypto API library for random number generation. 188 This will consume additional ram, but may speed up the generation of random 189 numbers. 190 191 Otherwise, random numbers will be generated through multiple HCI calls, 192 which will not consume additional resources, but may take a long time, 193 depending on the length of the random data. 194 This method is generally recommended within 16 bytes. 195 196config BT_SETTINGS 197 bool "Store Bluetooth state and configuration persistently" 198 depends on SETTINGS 199 select MPU_ALLOW_FLASH_WRITE if ARM_MPU 200 help 201 When selected, the Bluetooth stack will take care of storing 202 (and restoring) the Bluetooth state (e.g. pairing keys) and 203 configuration persistently in flash. 204 205 When this option has been enabled, it's important that the 206 application makes a call to settings_load() after having done 207 all necessary initialization (e.g. calling bt_enable). The 208 reason settings_load() is handled externally to the stack, is 209 that there may be other subsystems using the settings API, in 210 which case it's more efficient to load all settings in one go, 211 instead of each subsystem doing it independently. 212 213 Warning: The Bluetooth host expects a settings backend that loads 214 settings items in handle order. 215 216if BT_SETTINGS 217config BT_SETTINGS_CCC_LAZY_LOADING 218 bool "Load CCC values from settings when peer connects" 219 depends on BT_CONN 220 default y 221 help 222 Load Client Configuration Characteristic setting right after a bonded 223 device connects. 224 Disabling this option will increase memory usage as CCC values for all 225 bonded devices will be loaded when calling settings_load. 226 227config BT_SETTINGS_DELAYED_STORE 228 # Enables delayed non-volatile storage mechanism 229 bool 230 help 231 Triggers the storage of the CF and CCC right after a write. 232 This is done in the workqueue context, in order to not block the BT RX 233 thread for too long. 234 235config BT_SETTINGS_DELAYED_STORE_MS 236 int 237 default 1000 238 help 239 (Advanced) Governs the timeout after which the settings write will 240 take effect. 241 242config BT_SETTINGS_CCC_STORE_ON_WRITE 243 bool "Store CCC value immediately after it has been written" 244 depends on BT_CONN 245 select BT_SETTINGS_DELAYED_STORE 246 default y 247 help 248 Store Client Configuration Characteristic value right after it has 249 been updated. If the option is disabled, the CCC is only stored on 250 disconnection. 251 252config BT_SETTINGS_CF_STORE_ON_WRITE 253 bool "Store CF value immediately after it has been written" 254 depends on BT_CONN && BT_GATT_CACHING 255 select BT_SETTINGS_DELAYED_STORE 256 default y 257 help 258 Store Client Supported Features value right after it has been updated. 259 If the option is disabled, the CF is only stored on disconnection. 260 261config BT_SETTINGS_USE_PRINTK 262 bool "Use snprintk to encode Bluetooth settings key strings" 263 depends on SETTINGS && PRINTK 264 default y 265 help 266 When selected, Bluetooth settings will use snprintk to encode 267 key strings. 268 When not selected, Bluetooth settings will use a faster builtin 269 function to encode the key string. The drawback is that if 270 printk is enabled then the program memory footprint will be larger. 271 272config BT_SETTINGS_CCC_STORE_MAX 273 int "Max number of Client Characteristic Configuration (CCC)" 274 default 48 275 range 1 96 276 help 277 Defines the max number of Client Characteristic Configuration (CCC) 278 that the stack can handle 279 280endif # BT_SETTINGS 281 282config BT_FILTER_ACCEPT_LIST 283 bool "Filter accept list support" 284 help 285 This option enables the filter accept list API. This takes advantage of the 286 filtering feature of a BLE controller. 287 The filter accept list is a global list and the same list is used 288 by both scanner and advertiser. The filter accept list cannot be modified while 289 it is in use. 290 291 An Advertiser can filter which peers can connect or request scan 292 response data. 293 A scanner can filter advertisers for which it will generate 294 advertising reports. 295 Connections can be established automatically for accepted peers. 296 297config BT_LIM_ADV_TIMEOUT 298 int "Timeout for limited advertising in 1s units" 299 default 30 300 range 1 180 301 depends on BT_BROADCASTER 302 help 303 After this timeout is reached, advertisement with BT_LE_AD_LIMITED flag 304 set shall be terminated. As per BT Core Spec 5.2, Vol 3, Part C, 305 Appendix A (NORMATIVE): TIMERS AND CONSTANTS it's required to be no more 306 than 180s. 307 308config BT_CONN_TX_USER_DATA_SIZE 309 int 310 default 32 if 64BIT 311 default 16 312 help 313 Necessary user_data size for stack usage. Mostly used for passing 314 callbacks around. See `struct closure` in conn_internal.h. 315 316config BT_CONN_FRAG_COUNT 317 int 318 default BT_MAX_CONN if BT_CONN 319 default BT_ISO_MAX_CHAN if BT_ISO 320 help 321 Internal kconfig that sets the maximum amount of simultaneous data 322 packets in flight. It should be equal to the number of connections. 323 324if BT_CONN 325 326config BT_CONN_TX_MAX 327 int "Maximum number of pending TX buffers with a callback" 328 default BT_BUF_ACL_TX_COUNT 329 range BT_BUF_ACL_TX_COUNT $(UINT8_MAX) 330 help 331 Maximum number of pending TX buffers that have an associated 332 callback. Normally this can be left to the default value, which 333 is equal to the number of TX buffers in the controller. 334 335config BT_CONN_PARAM_ANY 336 bool "Accept any values for connection parameters" 337 help 338 Some controllers support additional connection parameter ranges 339 beyond what is described in the specification. Enabling this option 340 allows the application to set any value to all connection parameters. 341 The Host will perform no limits nor consistency checks on any of the 342 connection parameters (conn interval min and max, latency and timeout). 343 However, the Host will still use numerical comparisons between the 344 min and max connection intervals in order to verify whether the 345 desired parameters have been established in the connection. 346 347config BT_CONN_CHECK_NULL_BEFORE_CREATE 348 bool "Check if *conn is NULL when creating a connection" 349 help 350 Enable this option to ensure that bt_conn_le_create and 351 bt_conn_le_create_synced return an error if *conn is not initialized 352 to NULL. This option is recommended to use to catch programming 353 errors where the application reuses the connection pointer of an 354 active connection object without dereferencing it. Without 355 dereferencing, the connection object stays alive which can lead to an 356 unpredictable behavior. 357 358config BT_USER_PHY_UPDATE 359 bool "User control of PHY Update Procedure" 360 depends on BT_PHY_UPDATE 361 help 362 Enable application access to initiate the PHY Update Procedure. 363 The application can also register a callback to be notified about PHY 364 changes on the connection. The current PHY info is available in the 365 connection info. 366 367config BT_AUTO_PHY_UPDATE 368 bool "Auto-initiate PHY Update Procedure" 369 depends on BT_PHY_UPDATE 370 default y if !BT_USER_PHY_UPDATE 371 help 372 Initiate PHY Update Procedure on connection establishment. 373 374 Disable this if you want the PHY Update Procedure feature supported 375 but want to rely on the remote device to initiate the procedure at its 376 discretion or want to initiate manually. 377 378config BT_USER_DATA_LEN_UPDATE 379 bool "User control of Data Length Update Procedure" 380 depends on BT_DATA_LEN_UPDATE 381 help 382 Enable application access to initiate the Data Length Update 383 Procedure. The application can also a register callback to be notified 384 about Data Length changes on the connection. The current Data Length 385 info is available in the connection info. 386 387config BT_AUTO_DATA_LEN_UPDATE 388 bool "Auto-initiate Data Length Update procedure" 389 depends on BT_DATA_LEN_UPDATE 390 default y if !BT_USER_DATA_LEN_UPDATE 391 help 392 Initiate Data Length Update Procedure on connection establishment. 393 394 Disable this if you want the Data Length Update Procedure feature 395 supported but want to rely on the remote device to initiate the 396 procedure at its discretion or want to initiate manually. 397 398config BT_REMOTE_INFO 399 bool "Application access to remote information" 400 help 401 Enable application access to the remote information available in the 402 stack. The remote information is retrieved once a connection has been 403 established and the application will be notified when this information 404 is available through the remote_info_available connection callback. 405 406config BT_SMP 407 bool "Security Manager Protocol support" 408 select BT_CRYPTO 409 select BT_RPA 410 select BT_ECC 411 help 412 This option enables support for the Security Manager Protocol 413 (SMP), making it possible to pair devices over LE. 414 415if BT_SMP 416 417config BT_SECURITY_ERR_TO_STR 418 bool "Print security error codes as strings [EXPERIMENTAL]" 419 select EXPERIMENTAL 420 help 421 This configuration enables printing of security error 422 codes represented as strings. 423 See bt_security_err_to_str() for more details. 424 425config BT_SMP_ERR_TO_STR 426 bool "Print SMP error codes as strings [EXPERIMENTAL]" 427 select EXPERIMENTAL 428 help 429 This configuration enables printing of SMP error 430 codes represented as strings. 431 See bt_smp_err_to_str() for more details. 432 433config BT_PASSKEY_KEYPRESS 434 bool "Passkey Keypress Notification support [EXPERIMENTAL]" 435 select EXPERIMENTAL 436 help 437 Enable support for receiving and sending Keypress Notifications during 438 Passkey Entry during pairing. 439 440config BT_PRIVACY 441 bool "Device privacy" 442 help 443 Enable privacy for the local device. This makes the device use Resolvable 444 Private Addresses (RPAs) by default. 445 446 Note: 447 Establishing connections as a directed advertiser, or to a directed 448 advertiser is only possible if the controller also supports privacy. 449 450config BT_PRIVACY_RANDOMIZE_IR 451 bool "Randomize identity root for fallback identities" 452 depends on BT_PRIVACY 453 select BT_SETTINGS 454 help 455 Enabling this option will cause the Host to ignore controller-provided 456 identity roots (IR). The Host will instead use bt_rand to generate 457 identity resolving keys (IRK) and store them in the settings subsystem. 458 459 Setting this config may come with a performance penalty to boot time, 460 as the hardware RNG may need time to generate entropy and will block 461 Bluetooth initialization. 462 463 This option increases privacy, as explained in the following text. 464 465 The IR determines the IRK of the identity. The IRK is used to both 466 generate and resolve (recognize) the private addresses of an identity. 467 The IRK is a shared secret, distributed to peers bonded to that 468 identity. 469 470 An attacker that has stolen or once bonded and retained the IRK can 471 forever resolve addresses from that IRK, even if that bond has been 472 deleted locally. 473 474 Deleting an identity should ideally delete the IRK as well and thereby 475 restore anonymity from previously bonded peers. But unless this config 476 is set, this does not always happen. 477 478 In particular, a factory reset function that wipes the data in the 479 settings subsystem may not affect the controller-provided IRs. If 480 those IRs are reused, this device can be tracked across factory resets. 481 482 For optimal privacy, a new IRK (i.e., identity) should be used per 483 bond. However, this naturally limits advertisements from that identity 484 to be recognizable by only that one bonded device. 485 486 A description of the exact effect of this setting follows. 487 488 If the application has not setup an identity before calling 489 settings_load()/settings_load_subtree("bt") after bt_enable(), the 490 Host will automatically try to load saved identities from the settings 491 subsystem, and if there are none, set up the default identity 492 (BT_ID_DEFAULT). 493 494 If the controller has a public address (HCI_Read_BD_ADDR), that becomes 495 the address of the default identity. The Host will by default try to 496 obtain the IR for that identity from the controller (by Zephyr HCI 497 Read_Key_Hierarchy_Roots). Setting this config randomizes the IR 498 instead. 499 500 If the controller does not have a public address, the Host will try 501 to source the default identity from the static address information 502 from controller (Zephyr HCI Read_Static_Addresses). This results in an 503 identity for each entry in Read_Static_Addresses. Setting this config 504 randomizes the IRs during this process. 505 506config BT_RPA_TIMEOUT 507 int "Resolvable Private Address timeout" 508 depends on BT_PRIVACY 509 default 900 510 range 1 $(UINT16_MAX) 511 help 512 This option defines how often resolvable private address is rotated. 513 Value is provided in seconds and defaults to 900 seconds (15 minutes). 514 515config BT_RPA_TIMEOUT_DYNAMIC 516 bool "Support setting the Resolvable Private Address timeout at runtime" 517 depends on BT_PRIVACY 518 help 519 This option allows the user to override the default value of 520 the Resolvable Private Address timeout using dedicated APIs. 521 522config BT_RPA_SHARING 523 bool "Share the Resolvable Private Address between advertising sets" 524 depends on BT_PRIVACY && BT_EXT_ADV 525 help 526 This option configures the advertising sets linked with the same 527 Bluetooth identity to use the same Resolvable Private Address in 528 a given rotation period. After the RPA timeout, the new RPA is 529 generated and shared between the advertising sets in the subsequent 530 rotation period. When this option is disabled, the generated RPAs 531 of the advertising sets differ from each other in a given rotation 532 period. 533 534config BT_SIGNING 535 bool "Data signing support" 536 help 537 This option enables data signing which is used for transferring 538 authenticated data in an unencrypted connection. 539 540config BT_SMP_APP_PAIRING_ACCEPT 541 bool "Accept or reject pairing initiative" 542 help 543 When receiving pairing request or pairing response query the 544 application whether to accept to proceed with pairing or not. This is 545 for pairing over SMP and does not affect SSP, which will continue 546 pairing without querying the application. 547 The application can return an error code, which is translated into 548 a SMP return value if the pairing is not allowed. 549 550config BT_SMP_SC_PAIR_ONLY 551 bool "Disable legacy pairing" 552 default y 553 help 554 This option disables LE legacy pairing and forces LE secure connection 555 pairing. All Security Mode 1 levels can be used with legacy pairing 556 disabled, but pairing with devices that do not support secure 557 connections pairing will not be supported. 558 To force a higher security level use "Secure Connections Only Mode" 559 560config BT_SMP_SC_ONLY 561 bool "Secure Connections Only Mode" 562 select BT_SMP_SC_PAIR_ONLY 563 help 564 This option enables support for Secure Connection Only Mode. In this 565 mode device shall only use Security Mode 1 Level 4 with exception 566 for services that only require Security Mode 1 Level 1 (no security). 567 Security Mode 1 Level 4 stands for authenticated LE Secure Connections 568 pairing with encryption. Enabling this option disables legacy pairing. 569 570config BT_SMP_OOB_LEGACY_PAIR_ONLY 571 bool "Force Out Of Band Legacy pairing" 572 depends on !(BT_SMP_SC_PAIR_ONLY || BT_SMP_SC_ONLY) 573 help 574 This option disables Legacy and LE SC pairing and forces legacy OOB. 575 576config BT_SMP_DISABLE_LEGACY_JW_PASSKEY 577 bool "Forbid usage of insecure legacy pairing methods" 578 depends on !(BT_SMP_SC_PAIR_ONLY || BT_SMP_SC_ONLY || \ 579 BT_SMP_OOB_LEGACY_PAIR_ONLY) 580 help 581 This option disables Just Works and Passkey legacy pairing methods to 582 increase security. 583 584config BT_SMP_ALLOW_UNAUTH_OVERWRITE 585 bool "Allow unauthenticated pairing for paired device" 586 help 587 This option allows all unauthenticated pairing attempts made by the 588 peer where an unauthenticated bond already exists. 589 This would enable cases where an attacker could copy the peer device 590 address to connect and start an unauthenticated pairing procedure 591 to replace the existing bond. When this option is disabled in order 592 to create a new bond the old bond has to be explicitly deleted with 593 bt_unpair. 594 595config BT_ID_UNPAIR_MATCHING_BONDS 596 bool "Delete bond with same peer with other local identity when bonding" 597 help 598 When a bond is about to complete, find any other bond with the same 599 peer address (or IRK) and `bt_unpair` that bond before the event 600 `pairing_complete`. 601 602 Important: If this option is not enabled, the current implementation 603 will automatically fail the bonding. See "RL limitation" below. 604 605 Important: If this option is not enabled, as Peripheral, it may be too 606 late to abort the bonding. The pairing is failed locally, but it may 607 still be reported as successful on the Central. When this situation 608 occurs, the Zephyr Peripheral will immediately disconnect. See "SMP 609 limitation" below. 610 611 [RL limitation]: 612 The Host implementers have considered it unlikely that applications 613 would ever want to have multiple bonds with the same peer. The 614 implementers prioritize the simplicity of the implementation over this 615 capability. 616 617 The Resolve List on a Controller is not able to accommodate multiple 618 local addresses/IRKs for a single remote address. This would prevent 619 the Host from setting up a one-to-one correspondence between the Host 620 bond database and the Controller Resolve List. The implementation 621 relies on that capability when using the Resolve List. For performance 622 reasons, there is the wish to not fallback to Host Address Resolution 623 in this case. 624 625 [SMP Limitation]: 626 The Paring Failed command of the Security Manager Protocol cannot be 627 sent outside of a Pairing Process. A Pairing Process ends when the 628 last Transport Specific Key to be distributed is acknowledged at 629 link-layer. The Host does not have control over this acknowledgment, 630 and the order of distribution is fixed by the specification. 631 632config BT_ID_ALLOW_UNAUTH_OVERWRITE 633 bool "Allow unauthenticated pairing with same peer with other local identity" 634 depends on !BT_SMP_ALLOW_UNAUTH_OVERWRITE 635 help 636 This option allows unauthenticated pairing attempts made by the 637 peer where an unauthenticated bond already exists on other local 638 identity. This configuration still blocks unauthenticated pairing 639 attempts on the same local identity. To allow the pairing procedure 640 unconditionally, please see the BT_SMP_ALLOW_UNAUTH_OVERWRITE 641 configuration. 642 643config BT_SMP_USB_HCI_CTLR_WORKAROUND 644 bool "Workaround for USB HCI controller out-of-order events" 645 depends on BT_TESTING 646 help 647 This option enables support for USB HCI controllers that sometimes 648 send out-of-order HCI events and ACL Data due to using different USB 649 endpoints. 650 Enabling this option will make the central role not require the 651 encryption-change event to be received before accepting key-distribution 652 data. 653 It opens up for a potential vulnerability as the central cannot detect 654 if the keys are distributed over an encrypted link. 655 656config BT_FIXED_PASSKEY 657 bool "Use a fixed passkey for pairing" 658 help 659 With this option enabled, the application will be able to call the 660 bt_passkey_set() API to set a fixed passkey. If set, the 661 pairing_confirm() callback will be called for all incoming pairings. 662 663config BT_USE_DEBUG_KEYS 664 bool "Security Manager Debug Mode" 665 help 666 This option places Security Manager in a Debug Mode. In this mode 667 predefined Diffie-Hellman private/public key pair is used as described 668 in Core Specification Vol. 3, Part H, 2.3.5.6.1. 669 670 WARNING: This option enables anyone to decrypt on-air traffic. 671 Use of this feature in production is strongly discouraged. 672 673config BT_BONDABLE 674 bool "Bondable Mode" 675 default y 676 help 677 This option is the default value of the bonding flag for any ACL connection. 678 If the option is true, the default bonding flag is true. Or, the default 679 bonding flag is false. 680 After a connection is established, the bonding flag of the connection 681 can also be changed by calling `bt_conn_set_bondable()` if the configuration 682 `the bonding flag per-connection` (BT_BONDABLE_PER_CONNECTION) is 683 enabled. Please see the BT_BONDABLE_PER_CONNECTION configuration. 684 685config BT_BONDING_REQUIRED 686 bool "Always require bonding" 687 depends on BT_BONDABLE 688 help 689 When this option is enabled remote devices are required to always 690 set the bondable flag in their pairing request. Any other kind of 691 requests will be rejected. 692 693config BT_BONDABLE_PER_CONNECTION 694 bool "Set/clear the bonding flag per-connection" 695 help 696 Enable support for the bt_conn_set_bondable API function that is 697 used to set/clear the bonding flag on a per-connection basis. 698 699config BT_STORE_DEBUG_KEYS 700 bool "Store Debug Mode bonds" 701 help 702 This option enables support for storing bonds where either of devices 703 is using the predefined Diffie-Hellman private/public key pair as 704 described in the Core Specification Vol 3, Part H, 2.3.5.6.1. 705 706 WARNING: This option potentially enables anyone to decrypt on-air 707 traffic. 708 Use of this feature in production is strongly discouraged. 709 710config BT_SMP_ENFORCE_MITM 711 bool "Enforce MITM protection" 712 default y 713 help 714 With this option enabled, the Security Manager will set MITM option in 715 the Authentication Requirements Flags whenever local IO Capabilities 716 allow the generated key to be authenticated. 717 718config BT_OOB_DATA_FIXED 719 bool "Use a fixed random number for LESC OOB pairing" 720 depends on BT_TESTING 721 help 722 With this option enabled, the application will be able to perform LESC 723 pairing with OOB data that consists of fixed random number and confirm 724 value. 725 726 WARNING: This option stores a hardcoded Out-of-Band value in the image. 727 Use of this feature in production is strongly discouraged. 728 729config BT_KEYS_OVERWRITE_OLDEST 730 bool "Overwrite the oldest key if key storage is full" 731 help 732 If a pairing attempt occurs and the key storage is full then the 733 oldest key from the set of not currently in use keys will be selected 734 and overwritten by the pairing device. 735 736config BT_KEYS_SAVE_AGING_COUNTER_ON_PAIRING 737 bool "Store aging counter every time a successful paring occurs" 738 depends on BT_SETTINGS && BT_KEYS_OVERWRITE_OLDEST 739 help 740 With this option enabled, aging counter will be stored in settings every 741 time a successful pairing occurs. This increases flash wear out but offers 742 a more correct finding of the oldest unused pairing info. 743 744config BT_SMP_MIN_ENC_KEY_SIZE 745 int 746 prompt "Minimum encryption key size accepted in octets" if !BT_SMP_SC_ONLY 747 range 7 16 748 default 16 749 help 750 This option sets the minimum encryption key size accepted during pairing. 751 752endif # BT_SMP 753 754rsource "Kconfig.l2cap" 755rsource "Kconfig.gatt" 756rsource "../services/Kconfig" 757 758config BT_MAX_PAIRED 759 int "Maximum number of paired devices" 760 default 0 if !BT_SMP 761 default 1 762 range 0 128 763 help 764 Maximum number of paired Bluetooth devices. The minimum (and 765 default) number is 1. 766 767config BT_CREATE_CONN_TIMEOUT 768 int "Timeout for pending LE Create Connection command in seconds" 769 default 3 770 range 1 655 771 772config BT_CONN_PARAM_UPDATE_TIMEOUT 773 int "Peripheral connection parameter update timeout in milliseconds" 774 default 5000 775 range 0 $(UINT16_MAX) 776 help 777 The value is a timeout used by peripheral device to wait until it 778 starts the first connection parameters update procedure after a 779 connection has been established. 780 The connection parameters requested will be the parameters set by the 781 application, or the peripheral preferred connection parameters if 782 configured. 783 The default value is set to 5 seconds, to comply with the Bluetooth 784 Core specification: Core 4.2 Vol 3, Part C, 9.3.12.2: 785 "The Peripheral device should not perform a Connection Parameter 786 Update procedure within 5 seconds after establishing a connection." 787 788config BT_CONN_PARAM_RETRY_COUNT 789 int "Peripheral connection parameter update retry attempts" 790 default 3 791 range 0 $(UINT8_MAX) 792 help 793 This value corresponds to number of times to retry connection 794 parameter update to attain the preferred value set in GATT 795 characteristics in the Peripheral. 796 797config BT_CONN_PARAM_RETRY_TIMEOUT 798 int "Peripheral connection parameter update retry timeout in milliseconds" 799 default 5000 800 range 0 $(UINT16_MAX) 801 help 802 The value is a timeout used by peripheral device to wait until retry 803 to attempt requesting again the preferred connection parameters. 804 805endif # BT_CONN 806 807if BT_OBSERVER 808config BT_BACKGROUND_SCAN_INTERVAL 809 int "Scan interval used for background scanning in 0.625 ms units" 810 default 2048 811 range 4 16384 812config BT_BACKGROUND_SCAN_WINDOW 813 int "Scan window used for background scanning in 0.625 ms units" 814 default 18 815 range 4 16384 816 817config BT_EXT_SCAN_BUF_SIZE 818 int "Maximum advertisement report size" 819 depends on BT_EXT_ADV 820 range 1 1650 821 default 229 822 help 823 Maximum size of an advertisement report in octets. If the advertisement 824 provided by the controller is larger than this buffer size, 825 the remaining data will be discarded. 826 827endif # BT_OBSERVER 828 829config BT_SCAN_WITH_IDENTITY 830 bool "Perform active scanning using local identity address" 831 depends on !BT_PRIVACY && (BT_CENTRAL || BT_OBSERVER) 832 help 833 Enable this if you want to perform active scanning using the local 834 identity address as the scanner address. By default the stack will 835 always use a non-resolvable private address (NRPA) in order to avoid 836 disclosing local identity information. By not scanning with the 837 identity address the scanner will receive directed advertise reports 838 for the local identity. If this use case is required, then enable 839 this option. 840 841config BT_SCAN_AND_INITIATE_IN_PARALLEL 842 bool "Allow concurrent scanning and initiating" 843 depends on (BT_CENTRAL && BT_OBSERVER) 844 select BT_EXT_ADV if BT_BROADCASTER 845 select BT_SCAN_WITH_IDENTITY if !BT_PRIVACY 846 help 847 Allow concurrent scanning and initiating. 848 This will allow the application to initiate a connection 849 to a peer device without stopping the scanner. 850 If privacy is disabled, the scanner will use its identity 851 address. 852 This feature is only available when extended advertising 853 HCI commands are used to prevent degraded performance 854 when the advertiser is used. 855 Scanning with a timeout is not supported when this 856 feature is enabled. 857 858config BT_DEVICE_NAME_DYNAMIC 859 bool "Allow to set Bluetooth device name on runtime" 860 help 861 Enabling this option allows for runtime configuration of Bluetooth 862 device name. 863 864config BT_DEVICE_NAME_MAX 865 int "Maximum size in bytes for device name" 866 depends on BT_DEVICE_NAME_DYNAMIC 867 default 28 868 range 2 248 869 help 870 Bluetooth device name storage size. Storage can be up to 248 bytes 871 long (excluding NULL termination). 872 873config BT_DEVICE_NAME 874 string "Bluetooth device name" 875 default "Zephyr" 876 help 877 Bluetooth device name. Name can be up to 248 bytes long (excluding 878 NULL termination). Can be empty string. 879 880config BT_DEVICE_APPEARANCE_DYNAMIC 881 bool "Runtime Bluetooth Appearance changing" 882 help 883 Enables use of bt_set_appearance. 884 If CONFIG_BT_SETTINGS is set, the appearance is persistently stored. 885 886config BT_DEVICE_APPEARANCE 887 int "Bluetooth device appearance" 888 range 0 $(UINT16_MAX) 889 default 0 890 help 891 Bluetooth device appearance. For the list of possible values please 892 consult the following link: 893 https://www.bluetooth.com/specifications/assigned-numbers 894 895config BT_ID_MAX 896 int "Maximum number of local identities" 897 range 1 1 if BT_SCAN_AND_INITIATE_IN_PARALLEL 898 range 1 250 899 default 1 900 help 901 Maximum number of supported local identity addresses. For most 902 products this is safe to leave as the default value (1). 903 904config BT_DF 905 bool "Direction Finding support [EXPERIMENTAL]" 906 depends on !HAS_BT_CTLR || BT_CTLR_DF_SUPPORT 907 select EXPERIMENTAL 908 help 909 Enable support for Bluetooth 5.1 Direction Finding. 910 It will allow to: get information about antennae, configure 911 Constant Tone Extension, transmit CTE and sample incoming CTE. 912 913if BT_DF 914 915config BT_DF_CONNECTIONLESS_CTE_RX 916 bool "Support for receive of CTE in connectionless mode" 917 depends on !HAS_BT_CTLR || BT_CTLR_DF_CTE_RX_SUPPORT 918 help 919 Enable support for reception and sampling of Constant Tone Extension 920 in connectionless mode. 921 922config BT_DF_CONNECTIONLESS_CTE_TX 923 bool "Support for transmission of CTE in connectionless mode" 924 depends on !HAS_BT_CTLR || BT_CTLR_DF_CTE_TX_SUPPORT 925 help 926 Enable support for transmission of Constant Tone Extension in 927 connectionless mode. 928 929config BT_DF_CONNECTION_CTE_RX 930 bool "Support for receive of CTE in connection mode" 931 depends on !HAS_BT_CTLR || BT_CTLR_DF_CTE_RX_SUPPORT 932 help 933 Enable support for reception and sampling of Constant Tone Extension 934 in connection mode. 935 936config BT_DF_CONNECTION_CTE_TX 937 bool "Support for transmission of CTE in connection mode" 938 depends on !HAS_BT_CTLR || BT_CTLR_DF_CTE_TX_SUPPORT 939 help 940 Enable support for transmission of Constant Tone Extension in 941 connection mode. 942 943config BT_DF_CONNECTION_CTE_REQ 944 bool "Support for CTE request procedure in connection mode" 945 depends on BT_DF_CONNECTION_CTE_RX 946 help 947 Enable support for request of Constant Tone Extension in connection 948 mode. 949 950config BT_DF_CONNECTION_CTE_RSP 951 bool "Support for CTE request procedure in connection mode" 952 depends on BT_DF_CONNECTION_CTE_TX 953 help 954 Enable support for request of Constant Tone Extension in connection 955 mode. 956 957config BT_DF_CTE_RX_AOA 958 bool "Antenna switching during CTE reception (AoA) feature" 959 depends on BT_DF_CONNECTIONLESS_CTE_RX || BT_DF_CONNECTION_CTE_RX 960 default y 961 help 962 Enable support for antenna switching during CTE reception. 963 Also known as Angle of Arrival mode. 964 965config BT_DF_CTE_TX_AOD 966 bool "Antenna switching during CTE transmission (AoD) feature" 967 depends on BT_DF_CONNECTIONLESS_CTE_TX || BT_DF_CONNECTION_CTE_TX 968 default y 969 help 970 Enable support for antenna switching during CTE transmission. 971 Also known as Angle of Departure mode. 972 973config BT_DF_VS_CL_IQ_REPORT_16_BITS_IQ_SAMPLES 974 bool "Use 16 bits signed integer IQ samples in connectionless IQ reports" 975 depends on BT_DF_CONNECTIONLESS_CTE_RX && BT_HCI_VS 976 help 977 Direction Finging connectionless IQ reports provide a set of IQ samples collected during 978 sampling of CTE. Bluetooth 5.3 Core Specification defines IQ samples to be 8 bits signed 979 integer, see Vol 4, Part E section 7.7.65.21. This option enables a vendor specific Host 980 extension to handle connectionless IQ reports with samples that are in 16 bit signed 981 integer format. 982 983config BT_DF_VS_CONN_IQ_REPORT_16_BITS_IQ_SAMPLES 984 bool "Use 16 bits signed integer IQ samples in connection IQ reports" 985 depends on BT_DF_CONNECTION_CTE_RX && BT_HCI_VS 986 help 987 Direction Finging connection IQ reports provide a set of IQ samples collected during 988 sampling of CTE. Bluetooth 5.3 Core Specification defines IQ samples to be 8 bits signed 989 integer, see Vol 4, Part E sections 7.7.65.22. This option enables a vendor specific Host 990 extension to handle connection IQ report with samples that are in 16 bit signed integer 991 format. 992 993endif # BT_DF 994endif # BT_HCI_HOST 995 996config BT_ECC 997 bool "ECDH key generation support" 998 default y if BT_SMP && !BT_SMP_OOB_LEGACY_PAIR_ONLY 999 help 1000 This option adds support for ECDH HCI commands. 1001 1002config BT_SEND_ECC_EMULATION 1003 bool "Emulate ECDH in the Host using PSA Crypto API library" 1004 select MBEDTLS if !BUILD_WITH_TFM 1005 select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM 1006 select PSA_WANT_ALG_ECDH 1007 select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1008 select PSA_WANT_ECC_SECP_R1_256 1009 select MBEDTLS_PSA_P256M_DRIVER_ENABLED if MBEDTLS_PSA_CRYPTO_C 1010 select BT_LONG_WQ 1011 depends on BT_ECC && (BT_HCI_RAW || BT_HCI_HOST) 1012 default y if HAS_BT_CTLR && !BT_CTLR_ECDH 1013 help 1014 If this option is set PSA Crypto API library is used for emulating the 1015 ECDH HCI commands and events needed by e.g. LE Secure Connections. 1016 In builds including the BLE Host, if not set the controller crypto is 1017 used for ECDH and if the controller doesn't support the required HCI 1018 commands the LE Secure Connections support will be disabled. 1019 In builds including the HCI Raw interface and the BLE Controller, this 1020 option injects support for the 2 HCI commands required for LE Secure 1021 Connections so that Hosts can make use of those. The option defaults 1022 to enabled for a combined build with Zephyr's own controller, since it 1023 does not have any special ECC support itself (at least not currently). 1024 1025config BT_HOST_CCM 1026 bool "Host side AES-CCM module" 1027 help 1028 Enables the software based AES-CCM engine in the host. Will use the 1029 controller's AES encryption functions if available, or BT_HOST_CRYPTO 1030 otherwise. 1031 1032config BT_PER_ADV_SYNC_BUF_SIZE 1033 int "Maximum periodic advertising report size" 1034 depends on BT_PER_ADV_SYNC 1035 range 0 1650 1036 default 0 1037 help 1038 Maximum size of a fragmented periodic advertising report. If the periodic 1039 advertising report provided by the controller is fragmented and larger 1040 than this buffer size, then the data will be discarded. 1041 Unfragmented reports are forwarded as they are received. 1042 1043config BT_DEBUG_ISO_DATA 1044 bool "ISO channel data debug" 1045 depends on BT_ISO_LOG_LEVEL_DBG 1046 help 1047 Use this option to enable ISO channels data debug logs for the 1048 Bluetooth Audio functionality. This will enable debug logs for all 1049 ISO data received and sent. 1050 1051config BT_SMP_SELFTEST 1052 bool "Bluetooth SMP self tests executed on init" 1053 depends on BT_SMP_LOG_LEVEL_DBG 1054 help 1055 This option enables SMP self-tests executed on startup 1056 to verify security and crypto functions. 1057 1058config BT_SMP_FORCE_BREDR 1059 bool "Force Bluetooth SMP over BR/EDR" 1060 depends on BT_SMP_LOG_LEVEL_DBG 1061 help 1062 This option enables SMP over BR/EDR even if controller is not 1063 supporting BR/EDR Secure Connections. This option is solely for 1064 testing and should never be enabled on production devices. 1065 1066config BT_LOG_SNIFFER_INFO 1067 bool "Bluetooth log information for sniffer" 1068 help 1069 This option enables the Bluetooth stack to log information such as 1070 DH private key and LTK keys, which can be used by sniffers to decrypt 1071 the connection without the use of Debug keys. 1072 1073 WARNING: This option prints out private security keys such as 1074 the Long Term Key. 1075 Use of this feature in production is strongly discouraged 1076 1077config BT_TESTING 1078 bool "Bluetooth Testing" 1079 help 1080 This option enables custom Bluetooth testing interface. 1081 Shall only be used for testing purposes. 1082 1083config BT_CONN_DISABLE_SECURITY 1084 bool "Disable security" 1085 depends on BT_TESTING 1086 help 1087 This option disables security checks for incoming requests enabling 1088 to test accessing GATT attributes and L2CAP channels that would 1089 otherwise require encryption/authentication in order to be accessed. 1090 1091 WARNING: This option enables anyone to snoop on-air traffic. 1092 Use of this feature in production is strongly discouraged. 1093 1094rsource "./classic/Kconfig" 1095 1096config BT_HCI_VS_EVT_USER 1097 bool "User Vendor-Specific event handling" 1098 help 1099 Enable registering a callback for delegating to the user the handling of 1100 VS events that are not known to the stack 1101 1102endmenu 1103
