1.. _bluetooth-arch: 2 3Bluetooth Stack Architecture 4############################ 5 6Overview 7******** 8 9This page describes the software architecture of Zephyr's Bluetooth protocol 10stack. 11 12.. note:: 13 Zephyr supports mainly Bluetooth Low Energy (BLE), the low-power 14 version of the Bluetooth specification. Zephyr also has limited support 15 for portions of the BR/EDR Host. Throughout this architecture document we 16 use BLE interchangeably for Bluetooth except when noted. 17 18.. _bluetooth-layers: 19 20BLE Layers 21========== 22 23There are 3 main layers that together constitute a full Bluetooth Low Energy 24protocol stack: 25 26* **Host**: This layer sits right below the application, and is comprised of 27 multiple (non real-time) network and transport protocols enabling 28 applications to communicate with peer devices in a standard and interoperable 29 way. 30* **Controller**: The Controller implements the Link Layer (LE LL), the 31 low-level, real-time protocol which provides, in conjunction with the Radio 32 Hardware, standard-interoperable over-the-air communication. The LL schedules 33 packet reception and transmission, guarantees the delivery of data, and 34 handles all the LL control procedures. 35* **Radio Hardware**: Hardware implements the required analog and digital 36 baseband functional blocks that permit the Link Layer firmware to send and 37 receive in the 2.4GHz band of the spectrum. 38 39.. _bluetooth-hci: 40 41Host Controller Interface 42========================= 43 44The `Bluetooth Specification`_ describes the format in which a Host must 45communicate with a Controller. This is called the Host Controller Interface 46(HCI) protocol. HCI can be implemented over a range of different physical 47transports like UART, SPI, or USB. This protocol defines the commands that a Host 48can send to a Controller and the events that it can expect in return, and also 49the format for user and protocol data that needs to go over the air. The HCI 50ensures that different Host and Controller implementations can communicate 51in a standard way making it possible to combine Hosts and Controllers from 52different vendors. 53 54.. _bluetooth-configs: 55 56Configurations 57============== 58 59The three separate layers of the protocol and the standardized interface make 60it possible to implement the Host and Controller on different platforms. The two 61following configurations are commonly used: 62 63* **Single-chip configuration**: In this configuration, a single microcontroller 64 implements all three layers and the application itself. This can also be called a 65 system-on-chip (SoC) implementation. In this case the BLE Host and the BLE 66 Controller communicate directly through function calls and queues in RAM. The 67 Bluetooth specification does not specify how HCI is implemented in this 68 single-chip configuration and so how HCI commands, events, and data flows between 69 the two can be implementation-specific. This configuration is well suited for 70 those applications and designs that require a small footprint and the lowest 71 possible power consumption, since everything runs on a single IC. 72* **Dual-chip configuration**: This configuration uses two separate ICs, 73 one running the Application and the Host, and a second one with the Controller 74 and the Radio Hardware. This is sometimes also called a connectivity-chip 75 configuration. This configuration allows for a wider variety of combinations of 76 Hosts when using the Zephyr OS as a Controller. Since HCI ensures 77 interoperability among Host and Controller implementations, including of course 78 Zephyr's very own BLE Host and Controller, users of the Zephyr Controller can 79 choose to use whatever Host running on any platform they prefer. For example, 80 the host can be the Linux BLE Host stack (BlueZ) running on any processor 81 capable of supporting Linux. The Host processor may of course also run Zephyr 82 and the Zephyr OS BLE Host. Conversely, combining an IC running the Zephyr 83 Host with an external Controller that does not run Zephyr is also supported. 84 85.. _bluetooth-build-types: 86 87Build Types 88=========== 89 90The Zephyr software stack as an RTOS is highly configurable, and in particular, 91the BLE subsystem can be configured in multiple ways during the build process to 92include only the features and layers that are required to reduce RAM and ROM 93footprint as well as power consumption. Here's a short list of the different 94BLE-enabled builds that can be produced from the Zephyr project codebase: 95 96* **Controller-only build**: When built as a BLE Controller, Zephyr includes 97 the Link Layer and a special application. This application is different 98 depending on the physical transport chosen for HCI: 99 100 * :ref:`hci_uart <bluetooth-hci-uart-sample>` 101 * :ref:`hci_usb <bluetooth-hci-usb-sample>` 102 * :ref:`hci_spi <bluetooth-hci-spi-sample>` 103 104 This application acts as a bridge between the UART, SPI or USB peripherals and 105 the Controller subsystem, listening for HCI commands, sending application data 106 and responding with events and received data. A build of this type sets the 107 following Kconfig option values: 108 109 * :kconfig:option:`CONFIG_BT` ``=y`` 110 * :kconfig:option:`CONFIG_BT_HCI` ``=y`` 111 * :kconfig:option:`CONFIG_BT_HCI_RAW` ``=y`` 112 * :kconfig:option:`CONFIG_BT_CTLR` ``=y`` 113 * :kconfig:option:`CONFIG_BT_LL_SW_SPLIT` ``=y`` (if using the open source Link Layer) 114 115* **Host-only build**: A Zephyr OS Host build will contain the Application and 116 the BLE Host, along with an HCI driver (UART or SPI) to interface with an 117 external Controller chip. 118 A build of this type sets the following Kconfig option values: 119 120 * :kconfig:option:`CONFIG_BT` ``=y`` 121 * :kconfig:option:`CONFIG_BT_HCI` ``=y`` 122 * :kconfig:option:`CONFIG_BT_CTLR` ``=n`` 123 124 All of the samples located in ``samples/bluetooth`` except for the ones 125 used for Controller-only builds can be built as Host-only 126 127* **Combined build**: This includes the Application, the Host and the 128 Controller, and it is used exclusively for single-chip (SoC) configurations. 129 A build of this type sets the following Kconfig option values: 130 131 * :kconfig:option:`CONFIG_BT` ``=y`` 132 * :kconfig:option:`CONFIG_BT_HCI` ``=y`` 133 * :kconfig:option:`CONFIG_BT_CTLR` ``=y`` 134 * :kconfig:option:`CONFIG_BT_LL_SW_SPLIT` ``=y`` (if using the open source Link Layer) 135 136 All of the samples located in ``samples/bluetooth`` except for the ones 137 used for Controller-only builds can be built as Combined 138 139The picture below shows the SoC or single-chip configuration when using a Zephyr 140combined build (a build that includes both a BLE Host and a Controller in the 141same firmware image that is programmed onto the chip): 142 143.. figure:: img/ble_cfg_single.png 144 :align: center 145 :alt: BLE Combined build on a single chip 146 147 A Combined build on a Single-Chip configuration 148 149When using connectivity or dual-chip configurations, several Host and Controller 150combinations are possible, some of which are depicted below: 151 152.. figure:: img/ble_cfg_dual.png 153 :align: center 154 :alt: BLE dual-chip configuration builds 155 156 Host-only and Controller-only builds on dual-chip configurations 157 158When using a Zephyr Host (left side of image), two instances of Zephyr OS 159must be built with different configurations, yielding two separate images that 160must be programmed into each of the chips respectively. The Host build image 161contains the application, the BLE Host and the selected HCI driver (UART or 162SPI), while the Controller build runs either the 163:ref:`hci_uart <bluetooth-hci-uart-sample>`, or the 164:ref:`hci_spi <bluetooth-hci-spi-sample>` app to provide an interface to 165the BLE Controller. 166 167This configuration is not limited to using a Zephyr OS Host, as the right side 168of the image shows. One can indeed take one of the many existing GNU/Linux 169distributions, most of which include Linux's own BLE Host (BlueZ), to connect it 170via UART or USB to one or more instances of the Zephyr OS Controller build. 171BlueZ as a Host supports multiple Controllers simultaneously for applications 172that require more than one BLE radio operating at the same time but sharing the 173same Host stack. 174 175Source tree layout 176****************** 177 178The stack is split up as follows in the source tree: 179 180``subsys/bluetooth/host`` 181 The host stack. This is where the HCI command and event handling 182 as well as connection tracking happens. The implementation of the 183 core protocols such as L2CAP, ATT, and SMP is also here. 184 185``subsys/bluetooth/controller`` 186 Bluetooth Controller implementation. Implements the controller-side of 187 HCI, the Link Layer as well as access to the radio transceiver. 188 189``include/bluetooth/`` 190 Public API header files. These are the header files applications need 191 to include in order to use Bluetooth functionality. 192 193``drivers/bluetooth/`` 194 HCI transport drivers. Every HCI transport needs its own driver. For example, 195 the two common types of UART transport protocols (3-Wire and 5-Wire) 196 have their own drivers. 197 198``samples/bluetooth/`` 199 Sample Bluetooth code. This is a good reference to get started with 200 Bluetooth application development. 201 202``tests/bluetooth/`` 203 Test applications. These applications are used to verify the 204 functionality of the Bluetooth stack, but are not necessary the best 205 source for sample code (see ``samples/bluetooth`` instead). 206 207``doc/guides/bluetooth/`` 208 Extra documentation, such as PICS documents. 209 210Host 211**** 212 213The Bluetooth Host implements all the higher-level protocols and 214profiles, and most importantly, provides a high-level API for 215applications. The following diagram depicts the main protocol & profile 216layers of the host. 217 218.. figure:: img/ble_host_layers.png 219 :align: center 220 :alt: Bluetooth Host protocol & profile layers 221 222 Bluetooth Host protocol & profile layers. 223 224Lowest down in the host stack sits a so-called HCI driver, which is 225responsible for abstracting away the details of the HCI transport. It 226provides a basic API for delivering data from the controller to the 227host, and vice-versa. 228 229Perhaps the most important block above the HCI handling is the Generic 230Access Profile (GAP). GAP simplifies Bluetooth LE access by defining 231four distinct roles of BLE usage: 232 233* Connection-oriented roles 234 235 * Peripheral (e.g. a smart sensor, often with a limited user interface) 236 237 * Central (typically a mobile phone or a PC) 238 239* Connection-less roles 240 241 * Broadcaster (sending out BLE advertisements, e.g. a smart beacon) 242 243 * Observer (scanning for BLE advertisements) 244 245Each role comes with its own build-time configuration option: 246:kconfig:option:`CONFIG_BT_PERIPHERAL`, :kconfig:option:`CONFIG_BT_CENTRAL`, 247:kconfig:option:`CONFIG_BT_BROADCASTER` & :kconfig:option:`CONFIG_BT_OBSERVER`. Of the 248connection-oriented roles central implicitly enables observer role, and 249peripheral implicitly enables broadcaster role. Usually the first step 250when creating an application is to decide which roles are needed and go 251from there. Bluetooth mesh is a slightly special case, requiring at 252least the observer and broadcaster roles, and possibly also the 253Peripheral role. This will be described in more detail in a later 254section. 255 256Peripheral role 257=============== 258 259Most Zephyr-based BLE devices will most likely be peripheral-role 260devices. This means that they perform connectable advertising and expose 261one or more GATT services. After registering services using the 262:c:func:`bt_gatt_service_register` API the application will typically 263start connectable advertising using the :c:func:`bt_le_adv_start` API. 264 265There are several peripheral sample applications available in the tree, 266such as :zephyr_file:`samples/bluetooth/peripheral_hr`. 267 268Central role 269============ 270 271Central role may not be as common for Zephyr-based devices as peripheral 272role, but it is still a plausible one and equally well supported in 273Zephyr. Rather than accepting connections from other devices a central 274role device will scan for available peripheral device and choose one to 275connect to. Once connected, a central will typically act as a GATT 276client, first performing discovery of available services and then 277accessing one or more supported services. 278 279To initially discover a device to connect to the application will likely 280use the :c:func:`bt_le_scan_start` API, wait for an appropriate device 281to be found (using the scan callback), stop scanning using 282:c:func:`bt_le_scan_stop` and then connect to the device using 283:c:func:`bt_conn_le_create`. If the central wants to keep 284automatically reconnecting to the peripheral it should use the 285:c:func:`bt_le_set_auto_conn` API. 286 287There are some sample applications for the central role available in the 288tree, such as :zephyr_file:`samples/bluetooth/central_hr`. 289 290Observer role 291============= 292 293An observer role device will use the :c:func:`bt_le_scan_start` API to 294scan for device, but it will not connect to any of them. Instead it will 295simply utilize the advertising data of found devices, combining it 296optionally with the received signal strength (RSSI). 297 298Broadcaster role 299================ 300 301A broadcaster role device will use the :c:func:`bt_le_adv_start` API to 302advertise specific advertising data, but the type of advertising will be 303non-connectable, i.e. other device will not be able to connect to it. 304 305Connections 306=========== 307 308Connection handling and the related APIs can be found in the 309:ref:`Connection Management <bluetooth_connection_mgmt>` section. 310 311Security 312======== 313 314To achieve a secure relationship between two Bluetooth devices a process 315called pairing is used. This process can either be triggered implicitly 316through the security properties of GATT services, or explicitly using 317the :c:func:`bt_conn_security` API on a connection object. 318 319To achieve a higher security level, and protect against 320Man-In-The-Middle (MITM) attacks, it is recommended to use some 321out-of-band channel during the pairing. If the devices have a sufficient 322user interface this "channel" is the user itself. The capabilities of 323the device are registered using the :c:func:`bt_conn_auth_cb_register` 324API. The :c:struct:`bt_conn_auth_cb` struct that's passed to this API has 325a set of optional callbacks that can be used during the pairing - if the 326device lacks some feature the corresponding callback may be set to NULL. 327For example, if the device does not have an input method but does have a 328display, the ``passkey_entry`` and ``passkey_confirm`` callbacks would 329be set to NULL, but the ``passkey_display`` would be set to a callback 330capable of displaying a passkey to the user. 331 332Depending on the local and remote security requirements & capabilities, 333there are four possible security levels that can be reached: 334 335 :c:enumerator:`BT_SECURITY_L1` 336 No encryption and no authentication. 337 338 :c:enumerator:`BT_SECURITY_L2` 339 Encryption but no authentication (no MITM protection). 340 341 :c:enumerator:`BT_SECURITY_L3` 342 Encryption and authentication using the legacy pairing method 343 from Bluetooth 4.0 and 4.1. 344 345 :c:enumerator:`BT_SECURITY_L4` 346 Encryption and authentication using the LE Secure Connections 347 feature available since Bluetooth 4.2. 348 349.. note:: 350 Mesh has its own security solution through a process called 351 provisioning. It follows a similar procedure as pairing, but is done 352 using separate mesh-specific APIs. 353 354L2CAP 355===== 356 357L2CAP stands for the Logical Link Control and Adaptation Protocol. It is 358a common layer for all communication over Bluetooth connections, however 359an application comes in direct contact with it only when using it in the 360so-called Connection-oriented Channels (CoC) mode. More information on 361this can be found in the :ref:`L2CAP API section <bt_l2cap>`. 362 363GATT 364==== 365 366The Generic Attribute Profile is the most common means of communication 367over LE connections. A more detailed description of this layer and the 368API reference can be found in the 369:ref:`GATT API reference section <bt_gatt>`. 370 371Mesh 372==== 373 374Mesh is a little bit special when it comes to the needed GAP roles. By 375default, mesh requires both observer and broadcaster role to be enabled. 376If the optional GATT Proxy feature is desired, then peripheral role 377should also be enabled. 378 379The API reference for mesh can be found in the 380:ref:`Mesh API reference section <bluetooth_mesh>`. 381 382LE Audio 383======== 384The LE audio is a set of profiles and services that utilizes GATT and 385Isochronous Channel to provide audio over Bluetooth Low Energy. 386The architecture and API references can be found in 387:ref:`Bluetooth Audio Architecture <bluetooth_audio_arch>`. 388 389 390.. _bluetooth-persistent-storage: 391 392Persistent storage 393================== 394 395The Bluetooth host stack uses the settings subsystem to implement 396persistent storage to flash. This requires the presence of a flash 397driver and a designated "storage" partition on flash. A typical set of 398configuration options needed will look something like the following: 399 400 .. code-block:: none 401 402 CONFIG_BT_SETTINGS=y 403 CONFIG_FLASH=y 404 CONFIG_FLASH_PAGE_LAYOUT=y 405 CONFIG_FLASH_MAP=y 406 CONFIG_NVS=y 407 CONFIG_SETTINGS=y 408 409Once enabled, it is the responsibility of the application to call 410settings_load() after having initialized Bluetooth (using the 411bt_enable() API). 412 413 414.. _Bluetooth Specification: https://www.bluetooth.com/specifications/bluetooth-core-specification 415