In this worksheet we introduce bonding and protecting a characteristic so it can only be read by a client with a bonding relationship.

If you have received warnings about the SE firmware version not matching the SDK requirements, you should upgrade SE firmware before proceeding.

Returning to the GATT Configurator and selecting the Temperature Measurement characteristic, we can add the requirement that a client must be bonded to access the characteristic. When a non-bonded client makes a request for a protected characteristic the client will receive an error indicating that the characteristic requires bonded access. Fortunately, most mobile phones will react by requesting security increase, which if configured correctly will result in a bonding relationship between the device and the mobile phone.

We configure the security requirements of the device using sl_bt_sm_configure. This would usually be done in the system-boot event handler.

We can hard code a passkey using sl_bt_sm_set_passkey.

A reasonable setting for configuration flags is 3, requires authentication for bonding and requires bonding for encryption. Thus there is no way to increase security without attempting to bond. A setting of 7 will refuse to bond with a devices which does not support Secure Connections.

Configuring the device as having only display capabilities will force the other device to prompt for the passkey.

  sl_bt_sm_configure(3, sl_bt_sm_io_capability_displayonly);
  sl_bt_sm_set_passkey(123456);

When there is no bonding relationship, a request for the passkey will be displayed. If the matching passkey is entered the bonding will succeed, an a bonding relationship is established. On subsequent connections, the devices will use the keys saved during the initial bonding.

In order to erase the bonding information from the mobile phone, you can request the phone forget the device, this will result in an symmetry, where the phone believes there is not relationship, but the device believes there is. Bonding must be erased from both devices before they can successfully bond again.

This can be achieved using the Simple Button component. If it is installed with an instance btn0 the following could be used

#include "sl_button.h"
#include "sl_simple_button_btn0_config.h"

extern const sl_button_t sl_button_btn0;

Initializing in app_init

void app_init(void)
{
  sl_sensor_rht_init();
  sl_button_init(&sl_button_btn0);
}

The checking the state in the system-boot handler and calling sl_bt_sm_delete_bondings if the button is pressed when the device is reset.

if(sl_button_get_state(&sl_button_btn0)) {
  sl_bt_sm_delete_bondings();
}

• Add bonding requirement to secure_thermometer firmware.
• Verify that bonding works as expected.
• Try capturing PTI traffic during bonding and when bonded.