diff --git a/applications/nrf5340_audio/prj_fota.conf b/applications/nrf5340_audio/prj_fota.conf index 993dc3f39790..b696d20c2071 100644 --- a/applications/nrf5340_audio/prj_fota.conf +++ b/applications/nrf5340_audio/prj_fota.conf @@ -73,7 +73,7 @@ CONFIG_BT_HCI_CORE_LOG_LEVEL_WRN=y # DFU CONFIG_AUDIO_BT_MGMT_DFU=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_BT_L2CAP_TX_MTU=498 CONFIG_BT_BUF_ACL_TX_SIZE=251 diff --git a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf index 7ddfd713ab9e..5e7ddf15bfff 100644 --- a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_fast_pair.conf @@ -113,7 +113,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf index a5dc3f69c24b..b6e4d4d2f407 100644 --- a/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf +++ b/applications/nrf_desktop/configuration/nrf52840dk_nrf52840/prj_mcuboot_smp.conf @@ -99,7 +99,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_BT_L2CAP_TX_MTU=260 diff --git a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf index 93b91c1fe6fc..a75263a4fc1f 100644 --- a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_fast_pair.conf @@ -155,7 +155,7 @@ CONFIG_SPI_NRFX_RAM_BUFFER_SIZE=8 # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf index deaff52c65cd..e82be3872341 100644 --- a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf +++ b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_mcuboot_smp.conf @@ -141,7 +141,7 @@ CONFIG_ZCBOR=y CONFIG_CRC=y CONFIG_MCUMGR=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_MCUMGR_GRP_IMG=y diff --git a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf index 1d837bed89cd..43eb5444b973 100644 --- a/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/prj_release_fast_pair.conf @@ -149,7 +149,7 @@ CONFIG_SPI_NRFX_RAM_BUFFER_SIZE=8 # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf b/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf index 11ff72313103..4bc310b853b4 100644 --- a/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf52kbd_nrf52832/prj_release_fast_pair.conf @@ -112,7 +112,7 @@ CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf index f2836953c48d..d7d5f7414349 100644 --- a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf +++ b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj.conf @@ -117,7 +117,7 @@ CONFIG_LOG_PROCESS_THREAD_STACK_SIZE=1024 # Enable MCUmgr Bluetooth transport CONFIG_DESKTOP_DFU_MCUMGR_ENABLE=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y # Allow for large Bluetooth data packets. CONFIG_BT_L2CAP_TX_MTU=498 diff --git a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf index 6f83a10f2781..c76ea6d62d0b 100644 --- a/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf +++ b/applications/nrf_desktop/configuration/nrf54h20dk_nrf54h20_cpuapp/prj_release.conf @@ -95,7 +95,7 @@ CONFIG_UART_CONSOLE=n # Enable MCUmgr Bluetooth transport CONFIG_DESKTOP_DFU_MCUMGR_ENABLE=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y # Allow for large Bluetooth data packets. CONFIG_BT_L2CAP_TX_MTU=498 diff --git a/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf index f513d8ba074f..90362d6a0db1 100644 --- a/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/prj_fast_pair.conf @@ -102,7 +102,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/applications/nrf_desktop/configuration/nrf54l15pdk_nrf54l15_cpuapp/prj_fast_pair.conf b/applications/nrf_desktop/configuration/nrf54l15pdk_nrf54l15_cpuapp/prj_fast_pair.conf index ca32cd8a8fcb..a374218176a6 100644 --- a/applications/nrf_desktop/configuration/nrf54l15pdk_nrf54l15_cpuapp/prj_fast_pair.conf +++ b/applications/nrf_desktop/configuration/nrf54l15pdk_nrf54l15_cpuapp/prj_fast_pair.conf @@ -102,7 +102,7 @@ CONFIG_LED_PWM=y # Enable MCUmgr Bluetooth transport and increase Bluetooth buffers to speed up DFU image transfer. CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER=y CONFIG_IMG_MANAGER=y diff --git a/samples/bluetooth/mesh/common/smp_bt.c b/samples/bluetooth/mesh/common/smp_bt.c index 2d1fc7cfda2c..2860cd2072da 100644 --- a/samples/bluetooth/mesh/common/smp_bt.c +++ b/samples/bluetooth/mesh/common/smp_bt.c @@ -149,7 +149,7 @@ int smp_service_adv_init(void) int smp_dfu_init(void) { - if (IS_ENABLED(CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN) && + if (IS_ENABLED(CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN) && IS_ENABLED(CONFIG_BT_MESH_LE_PAIR_RESP)) { int err; diff --git a/samples/bluetooth/mesh/dfu/distributor/CMakeLists.txt b/samples/bluetooth/mesh/dfu/distributor/CMakeLists.txt index 1a73fc5c3473..cf0a1219e11e 100644 --- a/samples/bluetooth/mesh/dfu/distributor/CMakeLists.txt +++ b/samples/bluetooth/mesh/dfu/distributor/CMakeLists.txt @@ -18,7 +18,7 @@ target_sources(app PRIVATE ${app_sources} ) # Enable authentication with passkey -if (CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN AND CONFIG_BT_MESH_LE_PAIR_RESP) +if (CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN AND CONFIG_BT_MESH_LE_PAIR_RESP) target_sources(app PRIVATE ${ZEPHYR_NRF_MODULE_DIR}/samples/bluetooth/mesh/common/smp_bt_auth.c) endif() diff --git a/samples/bluetooth/mesh/dfu/distributor/README.rst b/samples/bluetooth/mesh/dfu/distributor/README.rst index c564aa1b0945..7c5293898291 100644 --- a/samples/bluetooth/mesh/dfu/distributor/README.rst +++ b/samples/bluetooth/mesh/dfu/distributor/README.rst @@ -107,7 +107,7 @@ Building and running .. include:: /includes/build_and_run.txt .. note:: - To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN` option. + To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN` option. This will enforce a remote device to initiate a pairing request before accessing SMP characteristics. See `SMP over Bluetooth authentication`_ for more information. @@ -221,12 +221,12 @@ SMP over Bluetooth authentication ================================= By default, the SMP characteristics don't require authentication when using SMP over Bluetooth to access the :ref:`management subsystem `. -To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN` option. +To prevent an unauthenticated access to the device over SMP, it is strongly recommended to enable the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN` option. This will enforce a remote device to initiate a pairing request before accessing SMP characteristics. See `Zephyr Bluetooth LE Security`_ for more details about securing the Bluetooth LE connection. The sample supports the :ref:`bt_mesh_le_pair_resp_readme` model that allows sending a passkey over a mesh network when the Distributor has no means of displaying the passkey. -When the model and the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN` option are enabled while a remote device tries to read the SMP characteristics, the pairing request will be initiated and the sample will require the remote device to enter the passkey generated by the model. +When the model and the :kconfig:option:`CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN` option are enabled while a remote device tries to read the SMP characteristics, the pairing request will be initiated and the sample will require the remote device to enter the passkey generated by the model. To enable the LE pairing authentication with the LE Pairing Responder model support, set :makevar:`EXTRA_CONF_FILE` to :file:`overlay-smp-bt-auth.conf` file when building the sample. diff --git a/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf b/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf index f6883d9a93e0..57599466ce0a 100644 --- a/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf +++ b/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf @@ -1,4 +1,4 @@ -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=y +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN=y CONFIG_BT_SMP=y CONFIG_BT_FIXED_PASSKEY=y CONFIG_BT_MESH_LE_PAIR_RESP=y diff --git a/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp.conf b/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp.conf index 85af891fe430..137a9a7ff355 100644 --- a/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp.conf +++ b/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp.conf @@ -8,7 +8,7 @@ CONFIG_MCUMGR=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y CONFIG_MCUMGR_GRP_IMG=y diff --git a/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp_ns.conf b/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp_ns.conf index 85af891fe430..137a9a7ff355 100644 --- a/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp_ns.conf +++ b/samples/bluetooth/peripheral_status/boards/thingy53_nrf5340_cpuapp_ns.conf @@ -8,7 +8,7 @@ CONFIG_MCUMGR=y CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y CONFIG_MCUMGR_GRP_IMG=y diff --git a/samples/common/mcumgr_bt_ota_dfu/Kconfig b/samples/common/mcumgr_bt_ota_dfu/Kconfig index 21988e914341..0c11da3f2765 100644 --- a/samples/common/mcumgr_bt_ota_dfu/Kconfig +++ b/samples/common/mcumgr_bt_ota_dfu/Kconfig @@ -38,8 +38,9 @@ config NCS_SAMPLE_MCUMGR_BT_OTA_DFU_MCUBOOT_DIRECT_XIP_SUPPORT default y if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT imply MCUMGR_GRP_IMG_REJECT_DIRECT_XIP_MISMATCHED_SLOT -config MCUMGR_TRANSPORT_BT_AUTHEN - default n +choice MCUMGR_TRANSPORT_BT_PERM + default MCUMGR_TRANSPORT_BT_PERM_RW +endchoice config IMG_ERASE_PROGRESSIVELY default y diff --git a/samples/nrf5340/extxip_smp_svr/prj.conf b/samples/nrf5340/extxip_smp_svr/prj.conf index a6a23a4e7290..eb6f357dfbe5 100644 --- a/samples/nrf5340/extxip_smp_svr/prj.conf +++ b/samples/nrf5340/extxip_smp_svr/prj.conf @@ -51,7 +51,7 @@ CONFIG_BT_CTLR_DATA_LENGTH_MAX=251 # Enable the Bluetooth mcumgr transport (unauthenticated). CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y # Enable the Shell mcumgr transport. diff --git a/samples/suit/recovery/prj.conf b/samples/suit/recovery/prj.conf index 45c7f509c56d..9aff7421c393 100644 --- a/samples/suit/recovery/prj.conf +++ b/samples/suit/recovery/prj.conf @@ -48,7 +48,7 @@ CONFIG_BT_BUF_ACL_TX_SIZE=502 # Enable the Bluetooth mcumgr transport (unauthenticated). CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y # Disable SMP over UART diff --git a/samples/suit/smp_transfer/sysbuild/smp_transfer_bt.conf b/samples/suit/smp_transfer/sysbuild/smp_transfer_bt.conf index 595d5de92ff7..cfd9a3dc3857 100644 --- a/samples/suit/smp_transfer/sysbuild/smp_transfer_bt.conf +++ b/samples/suit/smp_transfer/sysbuild/smp_transfer_bt.conf @@ -14,7 +14,7 @@ CONFIG_BT_BUF_ACL_TX_SIZE=502 # Enable the Bluetooth mcumgr transport (unauthenticated). CONFIG_MCUMGR_TRANSPORT_BT=y -CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN=n +CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW=y CONFIG_MCUMGR_TRANSPORT_BT_CONN_PARAM_CONTROL=y # Enable logs over UART