1.. _bluetooth-arch:
2
3Bluetooth Stack Architecture
4############################
5
6Overview
7********
8
9This page describes the software architecture of Zephyr's Bluetooth protocol
10stack.
11
12.. note::
13   Zephyr supports mainly Bluetooth Low Energy (BLE), the low-power
14   version of the Bluetooth specification. Zephyr also has limited support
15   for portions of the BR/EDR Host. Throughout this architecture document we
16   use BLE interchangeably for Bluetooth except when noted.
17
18.. _bluetooth-layers:
19
20BLE Layers
21==========
22
23There are 3 main layers that together constitute a full Bluetooth Low Energy
24protocol stack:
25
26* **Host**: This layer sits right below the application, and is comprised of
27  multiple (non real-time) network and transport protocols enabling
28  applications to communicate with peer devices in a standard and interoperable
29  way.
30* **Controller**: The Controller implements the Link Layer (LE LL), the
31  low-level, real-time protocol which provides, in conjunction with the Radio
32  Hardware, standard-interoperable over-the-air communication. The LL schedules
33  packet reception and transmission, guarantees the delivery of data, and
34  handles all the LL control procedures.
35* **Radio Hardware**: Hardware implements the required analog and digital
36  baseband functional blocks that permit the Link Layer firmware to send and
37  receive in the 2.4GHz band of the spectrum.
38
39.. _bluetooth-hci:
40
41Host Controller Interface
42=========================
43
44The `Bluetooth Specification`_ describes the format in which a Host must
45communicate with a Controller. This is called the Host Controller Interface
46(HCI) protocol. HCI can be implemented over a range of different physical
47transports like UART, SPI, or USB. This protocol defines the commands that a Host
48can send to a Controller and the events that it can expect in return, and also
49the format for user and protocol data that needs to go over the air. The HCI
50ensures that different Host and Controller implementations can communicate
51in a standard way making it possible to combine Hosts and Controllers from
52different vendors.
53
54.. _bluetooth-configs:
55
56Configurations
57==============
58
59The three separate layers of the protocol and the standardized interface make
60it possible to implement the Host and Controller on different platforms. The two
61following configurations are commonly used:
62
63* **Single-chip configuration**: In this configuration, a single microcontroller
64  implements all three layers and the application itself. This can also be called a
65  system-on-chip (SoC) implementation. In this case the BLE Host and the BLE
66  Controller communicate directly through function calls and queues in RAM. The
67  Bluetooth specification does not specify how HCI is implemented in this
68  single-chip configuration and so how HCI commands, events, and data flows between
69  the two can be implementation-specific. This configuration is well suited for
70  those applications and designs that require a small footprint and the lowest
71  possible power consumption, since everything runs on a single IC.
72* **Dual-chip configuration**: This configuration uses two separate ICs,
73  one running the Application and the Host, and a second one with the Controller
74  and the Radio Hardware. This is sometimes also called a connectivity-chip
75  configuration. This configuration allows for a wider variety of combinations of
76  Hosts when using the Zephyr OS as a Controller. Since HCI ensures
77  interoperability among Host and Controller implementations, including of course
78  Zephyr's very own BLE Host and Controller, users of the Zephyr Controller can
79  choose to use whatever Host running on any platform they prefer. For example,
80  the host can be the Linux BLE Host stack (BlueZ) running on any processor
81  capable of supporting Linux. The Host processor may of course also run Zephyr
82  and the Zephyr OS BLE Host. Conversely, combining an IC running the Zephyr
83  Host with an external Controller that does not run Zephyr is also supported.
84
85.. _bluetooth-build-types:
86
87Build Types
88===========
89
90The Zephyr software stack as an RTOS is highly configurable, and in particular,
91the BLE subsystem can be configured in multiple ways during the build process to
92include only the features and layers that are required to reduce RAM and ROM
93footprint as well as power consumption. Here's a short list of the different
94BLE-enabled builds that can be produced from the Zephyr project codebase:
95
96* **Controller-only build**: When built as a BLE Controller, Zephyr includes
97  the Link Layer and a special application. This application is different
98  depending on the physical transport chosen for HCI:
99
100  * :ref:`hci_uart <bluetooth-hci-uart-sample>`
101  * :ref:`hci_usb <bluetooth-hci-usb-sample>`
102  * :ref:`hci_spi <bluetooth-hci-spi-sample>`
103
104  This application acts as a bridge between the UART, SPI or USB peripherals and
105  the Controller subsystem, listening for HCI commands, sending application data
106  and responding with events and received data.  A build of this type sets the
107  following Kconfig option values:
108
109  * :kconfig:option:`CONFIG_BT` ``=y``
110  * :kconfig:option:`CONFIG_BT_HCI` ``=y``
111  * :kconfig:option:`CONFIG_BT_HCI_RAW` ``=y``
112  * :kconfig:option:`CONFIG_BT_CTLR` ``=y``
113  * :kconfig:option:`CONFIG_BT_LL_SW_SPLIT` ``=y`` (if using the open source Link Layer)
114
115* **Host-only build**: A Zephyr OS Host build will contain the Application and
116  the BLE Host, along with an HCI driver (UART or SPI) to interface with an
117  external Controller chip.
118  A build of this type sets the following Kconfig option values:
119
120  * :kconfig:option:`CONFIG_BT` ``=y``
121  * :kconfig:option:`CONFIG_BT_HCI` ``=y``
122  * :kconfig:option:`CONFIG_BT_CTLR` ``=n``
123
124  All of the samples located in ``samples/bluetooth`` except for the ones
125  used for Controller-only builds can be built as Host-only
126
127* **Combined build**: This includes the Application, the Host and the
128  Controller, and it is used exclusively for single-chip (SoC) configurations.
129  A build of this type sets the following Kconfig option values:
130
131  * :kconfig:option:`CONFIG_BT` ``=y``
132  * :kconfig:option:`CONFIG_BT_HCI` ``=y``
133  * :kconfig:option:`CONFIG_BT_CTLR` ``=y``
134  * :kconfig:option:`CONFIG_BT_LL_SW_SPLIT` ``=y`` (if using the open source Link Layer)
135
136  All of the samples located in ``samples/bluetooth`` except for the ones
137  used for Controller-only builds can be built as Combined
138
139The picture below shows the SoC or single-chip configuration when using a Zephyr
140combined build (a build that includes both a BLE Host and a Controller in the
141same firmware image that is programmed onto the chip):
142
143.. figure:: img/ble_cfg_single.png
144   :align: center
145   :alt: BLE Combined build on a single chip
146
147   A Combined build on a Single-Chip configuration
148
149When using connectivity or dual-chip configurations, several Host and Controller
150combinations are possible, some of which are depicted below:
151
152.. figure:: img/ble_cfg_dual.png
153   :align: center
154   :alt: BLE dual-chip configuration builds
155
156   Host-only and Controller-only builds on dual-chip configurations
157
158When using a Zephyr Host (left side of image), two instances of Zephyr OS
159must be built with different configurations, yielding two separate images that
160must be programmed into each of the chips respectively. The Host build image
161contains the application, the BLE Host and the selected HCI driver (UART or
162SPI), while the Controller build runs either the
163:ref:`hci_uart <bluetooth-hci-uart-sample>`, or the
164:ref:`hci_spi <bluetooth-hci-spi-sample>` app to provide an interface to
165the BLE Controller.
166
167This configuration is not limited to using a Zephyr OS Host, as the right side
168of the image shows. One can indeed take one of the many existing GNU/Linux
169distributions, most of which include Linux's own BLE Host (BlueZ), to connect it
170via UART or USB to one or more instances of the Zephyr OS Controller build.
171BlueZ as a Host supports multiple Controllers simultaneously for applications
172that require more than one BLE radio operating at the same time but sharing the
173same Host stack.
174
175Source tree layout
176******************
177
178The stack is split up as follows in the source tree:
179
180``subsys/bluetooth/host``
181  The host stack. This is where the HCI command and event handling
182  as well as connection tracking happens. The implementation of the
183  core protocols such as L2CAP, ATT, and SMP is also here.
184
185``subsys/bluetooth/controller``
186  Bluetooth Controller implementation. Implements the controller-side of
187  HCI, the Link Layer as well as access to the radio transceiver.
188
189``include/bluetooth/``
190  Public API header files. These are the header files applications need
191  to include in order to use Bluetooth functionality.
192
193``drivers/bluetooth/``
194  HCI transport drivers. Every HCI transport needs its own driver. For example,
195  the two common types of UART transport protocols (3-Wire and 5-Wire)
196  have their own drivers.
197
198``samples/bluetooth/``
199  Sample Bluetooth code. This is a good reference to get started with
200  Bluetooth application development.
201
202``tests/bluetooth/``
203  Test applications. These applications are used to verify the
204  functionality of the Bluetooth stack, but are not necessary the best
205  source for sample code (see ``samples/bluetooth`` instead).
206
207``doc/guides/bluetooth/``
208  Extra documentation, such as PICS documents.
209
210Host
211****
212
213The Bluetooth Host implements all the higher-level protocols and
214profiles, and most importantly, provides a high-level API for
215applications. The following diagram depicts the main protocol & profile
216layers of the host.
217
218.. figure:: img/ble_host_layers.png
219   :align: center
220   :alt: Bluetooth Host protocol & profile layers
221
222   Bluetooth Host protocol & profile layers.
223
224Lowest down in the host stack sits a so-called HCI driver, which is
225responsible for abstracting away the details of the HCI transport. It
226provides a basic API for delivering data from the controller to the
227host, and vice-versa.
228
229Perhaps the most important block above the HCI handling is the Generic
230Access Profile (GAP). GAP simplifies Bluetooth LE access by defining
231four distinct roles of BLE usage:
232
233* Connection-oriented roles
234
235  * Peripheral (e.g. a smart sensor, often with a limited user interface)
236
237  * Central (typically a mobile phone or a PC)
238
239* Connection-less roles
240
241  * Broadcaster (sending out BLE advertisements, e.g. a smart beacon)
242
243  * Observer (scanning for BLE advertisements)
244
245Each role comes with its own build-time configuration option:
246:kconfig:option:`CONFIG_BT_PERIPHERAL`, :kconfig:option:`CONFIG_BT_CENTRAL`,
247:kconfig:option:`CONFIG_BT_BROADCASTER` & :kconfig:option:`CONFIG_BT_OBSERVER`. Of the
248connection-oriented roles central implicitly enables observer role, and
249peripheral implicitly enables broadcaster role. Usually the first step
250when creating an application is to decide which roles are needed and go
251from there. Bluetooth mesh is a slightly special case, requiring at
252least the observer and broadcaster roles, and possibly also the
253Peripheral role. This will be described in more detail in a later
254section.
255
256Peripheral role
257===============
258
259Most Zephyr-based BLE devices will most likely be peripheral-role
260devices. This means that they perform connectable advertising and expose
261one or more GATT services. After registering services using the
262:c:func:`bt_gatt_service_register` API the application will typically
263start connectable advertising using the :c:func:`bt_le_adv_start` API.
264
265There are several peripheral sample applications available in the tree,
266such as :zephyr_file:`samples/bluetooth/peripheral_hr`.
267
268Central role
269============
270
271Central role may not be as common for Zephyr-based devices as peripheral
272role, but it is still a plausible one and equally well supported in
273Zephyr. Rather than accepting connections from other devices a central
274role device will scan for available peripheral device and choose one to
275connect to. Once connected, a central will typically act as a GATT
276client, first performing discovery of available services and then
277accessing one or more supported services.
278
279To initially discover a device to connect to the application will likely
280use the :c:func:`bt_le_scan_start` API, wait for an appropriate device
281to be found (using the scan callback), stop scanning using
282:c:func:`bt_le_scan_stop` and then connect to the device using
283:c:func:`bt_conn_le_create`. If the central wants to keep
284automatically reconnecting to the peripheral it should use the
285:c:func:`bt_le_set_auto_conn` API.
286
287There are some sample applications for the central role available in the
288tree, such as :zephyr_file:`samples/bluetooth/central_hr`.
289
290Observer role
291=============
292
293An observer role device will use the :c:func:`bt_le_scan_start` API to
294scan for device, but it will not connect to any of them. Instead it will
295simply utilize the advertising data of found devices, combining it
296optionally with the received signal strength (RSSI).
297
298Broadcaster role
299================
300
301A broadcaster role device will use the :c:func:`bt_le_adv_start` API to
302advertise specific advertising data, but the type of advertising will be
303non-connectable, i.e. other device will not be able to connect to it.
304
305Connections
306===========
307
308Connection handling and the related APIs can be found in the
309:ref:`Connection Management <bluetooth_connection_mgmt>` section.
310
311Security
312========
313
314To achieve a secure relationship between two Bluetooth devices a process
315called pairing is used. This process can either be triggered implicitly
316through the security properties of GATT services, or explicitly using
317the :c:func:`bt_conn_security` API on a connection object.
318
319To achieve a higher security level, and protect against
320Man-In-The-Middle (MITM) attacks, it is recommended to use some
321out-of-band channel during the pairing. If the devices have a sufficient
322user interface this "channel" is the user itself. The capabilities of
323the device are registered using the :c:func:`bt_conn_auth_cb_register`
324API.  The :c:struct:`bt_conn_auth_cb` struct that's passed to this API has
325a set of optional callbacks that can be used during the pairing - if the
326device lacks some feature the corresponding callback may be set to NULL.
327For example, if the device does not have an input method but does have a
328display, the ``passkey_entry`` and ``passkey_confirm`` callbacks would
329be set to NULL, but the ``passkey_display`` would be set to a callback
330capable of displaying a passkey to the user.
331
332Depending on the local and remote security requirements & capabilities,
333there are four possible security levels that can be reached:
334
335    :c:enumerator:`BT_SECURITY_L1`
336        No encryption and no authentication.
337
338    :c:enumerator:`BT_SECURITY_L2`
339        Encryption but no authentication (no MITM protection).
340
341    :c:enumerator:`BT_SECURITY_L3`
342        Encryption and authentication using the legacy pairing method
343        from Bluetooth 4.0 and 4.1.
344
345    :c:enumerator:`BT_SECURITY_L4`
346        Encryption and authentication using the LE Secure Connections
347        feature available since Bluetooth 4.2.
348
349.. note::
350  Mesh has its own security solution through a process called
351  provisioning. It follows a similar procedure as pairing, but is done
352  using separate mesh-specific APIs.
353
354L2CAP
355=====
356
357L2CAP stands for the Logical Link Control and Adaptation Protocol. It is
358a common layer for all communication over Bluetooth connections, however
359an application comes in direct contact with it only when using it in the
360so-called Connection-oriented Channels (CoC) mode. More information on
361this can be found in the :ref:`L2CAP API section <bt_l2cap>`.
362
363GATT
364====
365
366The Generic Attribute Profile is the most common means of communication
367over LE connections. A more detailed description of this layer and the
368API reference can be found in the
369:ref:`GATT API reference section <bt_gatt>`.
370
371Mesh
372====
373
374Mesh is a little bit special when it comes to the needed GAP roles. By
375default, mesh requires both observer and broadcaster role to be enabled.
376If the optional GATT Proxy feature is desired, then peripheral role
377should also be enabled.
378
379The API reference for mesh can be found in the
380:ref:`Mesh API reference section <bluetooth_mesh>`.
381
382LE Audio
383========
384The LE audio is a set of profiles and services that utilizes GATT and
385Isochronous Channel to provide audio over Bluetooth Low Energy.
386The architecture and API references can be found in
387:ref:`Bluetooth Audio Architecture <bluetooth_audio_arch>`.
388
389
390.. _bluetooth-persistent-storage:
391
392Persistent storage
393==================
394
395The Bluetooth host stack uses the settings subsystem to implement
396persistent storage to flash. This requires the presence of a flash
397driver and a designated "storage" partition on flash. A typical set of
398configuration options needed will look something like the following:
399
400  .. code-block:: none
401
402    CONFIG_BT_SETTINGS=y
403    CONFIG_FLASH=y
404    CONFIG_FLASH_PAGE_LAYOUT=y
405    CONFIG_FLASH_MAP=y
406    CONFIG_NVS=y
407    CONFIG_SETTINGS=y
408
409Once enabled, it is the responsibility of the application to call
410settings_load() after having initialized Bluetooth (using the
411bt_enable() API).
412
413
414.. _Bluetooth Specification: https://www.bluetooth.com/specifications/bluetooth-core-specification
415