Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

applications: nrf_desktop: Add a note about disabling BLE legacy pairing #20619

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

applications: nrf_desktop: Add a note about disabling BLE legacy pairing #20619

wants to merge 1 commit into from

Conversation

MarekPieta
Copy link
Contributor

Change introduces a release note to inform that BLE legacy pairing was disabled by default in application configurations.

Jira: NCSDK-31809

@MarekPieta MarekPieta requested review from seko-nordic and a team February 26, 2025 10:27
@MarekPieta MarekPieta requested a review from a team as a code owner February 26, 2025 10:27
@github-actions github-actions bot added the doc-required PR must not be merged without tech writer approval. label Feb 26, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 26, 2025
edited
Loading

After documentation is built, you will find the preview for this PR here.

Preview links for modified nRF Connect SDK documents:

https://ncsdoc.z6.web.core.windows.net/PR-20619/nrf/app_dev/device_guides/nrf54l/kmu_provision.html
https://ncsdoc.z6.web.core.windows.net/PR-20619/nrf/releases_and_maturity/releases/release-notes-changelog.html

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Feb 26, 2025
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 5

Inputs:

Sources:

sdk-nrf: PR head: 3950a1e0824599d4adf2996017f958aa8b102402

more details

sdk-nrf:

PR head: 3950a1e0824599d4adf2996017f958aa8b102402
merge base: 34e99f3f2f98450caba679157d399c013221c5cb
target head (main): 0a5fa170d3a31422d09ba1b07c5eccad114820ae
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (1) 
doc
│  ├── nrf
│  │  ├── releases_and_maturity
│  │  │  ├── releases
│  │  │  │  │ release-notes-changelog.rst

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain
  • ◻️ Build twister
  • ◻️ Integration tests
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-chip
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_cloud
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-ps
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread
    • test-fw-nrfconnect-zigbee
    • test-low-level
    • test-sdk-audio
    • test-sdk-dfu
    • test-sdk-find-my
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-sidewalk
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@MarekPieta MarekPieta force-pushed the desktop_security_release_note branch from 519c4e9 to 13ec0fb Compare February 26, 2025 10:32
seko-nordic
seko-nordic reviewed Feb 26, 2025
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
@@ -254,6 +254,12 @@ nRF Desktop
This change results from the Bluetooth subsystem transition to the PSA cryptographic API.
The GATT database hash calculation now requires larger stack size.

* Support for Bluetooth LE legacy pairing is no longer enabled by default, because it's not secure.
Using Bluetooth LE legacy pairing introduces risk of eavesdropping.

This comment was marked as resolved.

Sign in to view

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add it as an example (this one is relevant for BLE HID use-case I think):

Using Bluetooth LE legacy pairing introduces, among others, risk of eavesdropping.

@github-actions GitHub Actions
Copy link

You can find the documentation preview for this PR here.

Preview links for modified nRF Connect SDK documents:

https://ncsdoc.z6.web.core.windows.net/PR-20619/nrf/releases_and_maturity/releases/release-notes-changelog.html

@MarekPieta MarekPieta force-pushed the desktop_security_release_note branch from 4727183 to af91234 Compare February 26, 2025 12:29
peknis
peknis reviewed Feb 26, 2025
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
Comment on lines 258 to 259
Using Bluetooth LE legacy pairing introduces, among others, a risk of eavesdropping.
Supporting Bluetooth LE legacy pairing makes devices vulnerable for a downgrade attack.
Copy link
Contributor

@peknis peknis Feb 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we combine these two and say, for example:
Bluetooth LE legacy pairing introduces, for example, a risk of eavesdropping and makes devices vulnerable for a downgrade attack.

Or is it different case for using and just supporting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to separate the using from supporting here

peknis
peknis approved these changes Feb 26, 2025
View reviewed changes
Copy link
Contributor

@peknis peknis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggesting to combine a couple of statements.

@MarekPieta
applications: nrf_desktop: Add a note about disabling BLE legacy pairing
3950a1e 
Change introduces a release note to inform that BLE legacy pairing was
disabled by default in application configurations.

Jira: NCSDK-31809

Signed-off-by: Marek Pieta <[email protected]>
Signed-off-by: Pekka Niskanen <[email protected]>
@MarekPieta MarekPieta force-pushed the desktop_security_release_note branch from af91234 to 3950a1e Compare February 26, 2025 14:49
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seko-nordic seko-nordic seko-nordic approved these changes

@peknis peknis peknis approved these changes

@divipillai divipillai divipillai approved these changes

Assignees
No one assigned
Labels
doc-required PR must not be merged without tech writer approval.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MarekPieta @NordicBuilder @seko-nordic @peknis @divipillai