Skip to content

Deprecate BT_FIXED_APPKEY #25414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Deprecate BT_FIXED_APPKEY #25414

wants to merge 4 commits into from

Conversation

@m-alperen-sener
Copy link
Contributor

@m-alperen-sener m-alperen-sener commented Nov 4, 2025

Deprecating BT_FIXED_PASSKEY and start using BT_APP_PASSKEY instead.

@m-alperen-sener m-alperen-sener requested review from a team as code owners November 4, 2025 16:10
@NordicBuilder NordicBuilder added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Nov 4, 2025
@m-alperen-sener m-alperen-sener mentioned this pull request Nov 4, 2025
Closed
@NordicBuilder NordicBuilder requested a review from a team November 4, 2025 16:10
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 4, 2025
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
matter nrfconnect/sdk-connectedhomeip@17cd163 (master) nrfconnect/sdk-connectedhomeip#653 nrfconnect/sdk-connectedhomeip#653/files
zephyr nrfconnect/sdk-zephyr@164b47d (main) nrfconnect/sdk-zephyr#3466 nrfconnect/sdk-zephyr#3466/files

DNM label due to: 2 projects with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 4, 2025
edited
Loading

CI Information

To view the history of this post, click the 'edited' button above
Build number: 8

Inputs:

Sources:

sdk-nrf: PR head: 215f1ea5b215c60627bdce0992df38aed891a79a
matter: PR head: d68e77bbd9154ba2d3edf46daa112110f06769a6
zephyr: PR head: e84fa1b4757a94c7a7595769049c9a4e492b8862

more details

sdk-nrf:

PR head: 215f1ea5b215c60627bdce0992df38aed891a79a
merge base: ad7d9b915b4d543e00b23c7b9be6a20dad9c63fd
target head (main): 40aaea40b964dd5702c7a9ce13cbd37b086abc4a
Diff

matter:

PR head: d68e77bbd9154ba2d3edf46daa112110f06769a6
merge base: e5f2a2ff99493d9862a3aa5e370681287cf53cf0
target head (master): 17cd1632c8683e5dfeee817b7767d4b8a1d470e6
Diff

zephyr:

PR head: e84fa1b4757a94c7a7595769049c9a4e492b8862
merge base: a9bbd349efde16d5b89d65ce369c307a422327b9
target head (main): 164b47d3094202c9ac5b756aa2648d2ce5822680
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (22) 
doc
│  ├── nrf
│  │  ├── libraries
│  │  │  ├── bluetooth
│  │  │  │  ├── mesh
│  │  │  │  │  ├── vnd
│  │  │  │  │  │  ├── images
│  │  │  │  │  │  │  │ bt_mesh_le_pair_resp.svg
│  │  │  │  │  │  │ le_pair_resp.rst
│  │  ├── releases_and_maturity
│  │  │  ├── migration
│  │  │  │  │ migration_guide_3.2.rst
│  │  │  ├── releases
│  │  │  │  │ release-notes-changelog.rst
include
│  ├── bluetooth
│  │  ├── mesh
│  │  │  ├── vnd
│  │  │  │  │ le_pair_resp.h
modules
│  ├── lib
│  │  ├── matter
│  │  │  ├── config
│  │  │  │  ├── nrfconnect
│  │  │  │  │  ├── chip-module
│  │  │  │  │  │  │ Kconfig.features
samples
│  ├── bluetooth
│  │  ├── mesh
│  │  │  ├── common
│  │  │  │  │ smp_bt_auth.c
│  │  │  ├── dfu
│  │  │  │  ├── distributor
│  │  │  │  │  │ overlay-smp-bt-auth.conf
│  ├── matter
│  │  ├── common
│  │  │  ├── src
│  │  │  │  ├── bt_nus
│  │  │  │  │  ├── bt_nus_service.cpp
│  │  │  │  │  │ bt_nus_service.h
│  │  ├── lock
│  │  │  │ sample.yaml
subsys
│  ├── bluetooth
│  │  ├── mesh
│  │  │  ├── vnd
│  │  │  │  ├── Kconfig
│  │  │  │  │ le_pair_resp.c
west.yml
zephyr
│  ├── doc
│  │  ├── releases
│  │  │  │ migration-guide-4.3.rst
│  ├── include
│  │  ├── zephyr
│  │  │  ├── bluetooth
│  │  │  │  │ conn.h
│  ├── subsys
│  │  ├── bluetooth
│  │  │  ├── host
│  │  │  │  ├── Kconfig
│  │  │  │  ├── shell
│  │  │  │  │  │ bt.c
│  │  │  │  │ smp.c
│  ├── tests
│  │  ├── bluetooth
│  │  │  ├── shell
│  │  │  │  ├── audio.conf
│  │  │  │  ├── log.conf
│  │  │  │  │ prj.conf

Outputs:

Toolchain

Version: df3cc9d822
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:df3cc9d822_e595b21c39

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
    • sdk-nrf test count: 1428
    • sdk-zephyr test count: 677
  • ❌ Integration tests
    • ✅ test-sdk-audio
    • ✅ desktop52_verification
    • ✅ test_ble_nrf_config
    • ✅ test-fw-nrfconnect-ble_mesh
    • ✅ test-fw-nrfconnect-ble_samples
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ✅ test-fw-nrfconnect-nrf-iot_thingy91
    • ✅ test-sdk-find-my
    • ❌ test-low-level
    • ✅ test-sdk-dfu
Disabled integration tests
    • test-fw-nrfconnect-nrf_lrcs_positioning
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-ps-main
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread-main
    • test-sdk-mcuboot
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@github-actions
Copy link

github-actions bot commented Nov 4, 2025

You can find the documentation preview for this PR here.

nordicjm
nordicjm reviewed Nov 5, 2025
View reviewed changes
PavelVPV
PavelVPV requested changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@PavelVPV PavelVPV left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think smp_bt_auth.c for sure should not use the deprecated API and should only be compiled with CONFIG_BT_APP_PASSKEY.

But also I think that since the LE Pairing Responder model is experimental, it is OK to change it is behavior and API without deprecation period. But we need to mention this change in the release notes.

Also, remember to update documentation of the model: https://github.com/nrfconnect/sdk-nrf/blob/main/doc/nrf/libraries/bluetooth/mesh/vnd/le_pair_resp.rst.

@m-alperen-sener m-alperen-sener force-pushed the deprace_bt_fixed_appkey branch from 2999999 to 0d6a557 Compare November 5, 2025 15:56
@m-alperen-sener m-alperen-sener requested review from a team as code owners November 5, 2025 15:56
@NordicBuilder NordicBuilder added doc-required PR must not be merged without tech writer approval. and removed changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Nov 5, 2025
@NordicBuilder NordicBuilder requested review from a team November 5, 2025 15:56
m-alperen-sener
m-alperen-sener commented Nov 5, 2025
View reviewed changes
Copy link
Contributor Author

@m-alperen-sener m-alperen-sener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the documentation and added release notes for DFU distributer sample and LE Pair Responder model.

Remove all dependency on deprecated FIXED_PASSKEY, solely it depends on APP_PASSKEY now.

Removed immediate invalidation of passkey.

Update the Documentation diagram.

added commit to update matter door lock sample.

PavelVPV
PavelVPV reviewed Nov 5, 2025
View reviewed changes
ArekBalysNordic
ArekBalysNordic requested changes Nov 6, 2025
View reviewed changes
Copy link
Contributor

@ArekBalysNordic ArekBalysNordic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some changes are required in the Matter Lock sample.

@m-alperen-sener m-alperen-sener force-pushed the deprace_bt_fixed_appkey branch from 0d6a557 to d30f085 Compare November 6, 2025 08:49
divipillai
divipillai reviewed Nov 6, 2025
View reviewed changes
doc/nrf/libraries/bluetooth/mesh/vnd/le_pair_resp.rst Outdated
This function can be called from callbacks :c:member:`bt_conn_auth_info_cb.pairing_complete` and :c:member:`bt_conn_auth_info_cb.pairing_failed`.
See the :file:`samples/bluetooth/mesh/common/smp_bt_auth.c` file for the reference.
This model requires an application to only enable the display capability for the LE pairing by setting the :c:member:`bt_conn_auth_cb.pairing_display` callback. The application must also set the :c:member:`bt_conn_auth_cb.app_passkey` callback to use the passkey generated by LE Pairing Responder model.
After every pairing request, the application must invalidate the previously used passkey by calling the :c:func:`bt_mesh_le_pair_resp_passkey_invalidate` function or calling :c:func:`bt_mesh_le_pair_resp_passkey_set` with :ref:`BT_PASSKEY_RAND` value.
Copy link
Contributor

@divipillai divipillai Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
After every pairing request, the application must invalidate the previously used passkey by calling the :c:func:`bt_mesh_le_pair_resp_passkey_invalidate` function or calling :c:func:`bt_mesh_le_pair_resp_passkey_set` with :ref:`BT_PASSKEY_RAND` value.
After every pairing request, the application must invalidate the previously used passkey by calling the :c:func:`bt_mesh_le_pair_resp_passkey_invalidate` function or calling :c:func:`bt_mesh_le_pair_resp_passkey_set` with the ``BT_PASSKEY_RAND`` value.

Any specific reason for using ref for a value?

Copy link
Contributor

@PavelVPV PavelVPV Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps it should be :c:macro:BT_PASSKEY_RAND?

Copy link
Contributor Author

@m-alperen-sener m-alperen-sener Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not able to check this locally, does :c:macro: works with zephyr defined ones? I mean can doc pick up from zephyr?

Copy link
Contributor

@PavelVPV PavelVPV Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do use it at least here and it works:

sdk-nrf/doc/nrf/protocols/bt/bt_mesh/vendor_model/dev_overview.rst

Line 106 in cc348c5

The last element in the opcode list is always the :c:macro:`BT_MESH_MODEL_OP_END` macro:

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/protocols/bt/bt_mesh/vendor_model/dev_overview.html#adding_the_model_to_the_node_composition_data

Copy link
Contributor Author

@m-alperen-sener m-alperen-sener Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, we can do that then 👍

@m-alperen-sener m-alperen-sener force-pushed the deprace_bt_fixed_appkey branch from d30f085 to 27124bd Compare November 6, 2025 13:49
m-alperen-sener
m-alperen-sener commented Nov 6, 2025
View reviewed changes
Copy link
Contributor Author

@m-alperen-sener m-alperen-sener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed the Doc reviews.

Replaced the matter sample commit with the one given by @ArekBalysNordic with connectedhomeip revision.

I ll update the diagram once I have it, until then at least we can merge the sdk-zephyr, and sdk-connectedhomeip PRs.

ArekBalysNordic
ArekBalysNordic approved these changes Nov 6, 2025
View reviewed changes
Copy link
Contributor

@ArekBalysNordic ArekBalysNordic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@m-alperen-sener m-alperen-sener force-pushed the deprace_bt_fixed_appkey branch 2 times, most recently from 6064145 to 708e406 Compare November 6, 2025 15:46
m-alperen-sener
m-alperen-sener commented Nov 6, 2025
View reviewed changes
Copy link
Contributor Author

@m-alperen-sener m-alperen-sener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doc fix.

@m-alperen-sener m-alperen-sener force-pushed the deprace_bt_fixed_appkey branch from 708e406 to bfe6ea8 Compare November 7, 2025 08:31
m-alperen-sener
m-alperen-sener commented Nov 7, 2025
View reviewed changes
Copy link
Contributor Author

@m-alperen-sener m-alperen-sener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated le pair responder example use diagram

@alxelax
Copy link
Contributor

alxelax commented Nov 7, 2025
edited
Loading

Hi @m-alperen-sener, before merging could you check these things to be sure these changes still work:

  1. mesh le pairing system test (https://projecttools.nordicsemi.no/bitbucket/projects/NCS-TEST/repos/test-sdk-mesh/browse/tests/mesh/samples/le_pairing)
  2. nRF Mesh DFU mobile app manages with pairing (IOS)
  3. Device Manager mobile app manages with pairing (IOS)

mobile app is possible to check with mesh dfu distributor sample

divipillai
divipillai reviewed Nov 7, 2025
View reviewed changes
doc/nrf/releases_and_maturity/migration/migration_guide_3.2.rst Outdated
Comment on lines 94 to 95
* The :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` kconfig option has been deprecated, replace it with the :kconfig:option:`CONFIG_BT_APP_PASSKEY` kconfig option.
Now, if you want to use a fixed passkey for the Matter Lock NUS service, register the ``app_passkey`` callback in the ``bt_conn_auth_cb`` structure.
Copy link
Contributor

@divipillai divipillai Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* The :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` kconfig option has been deprecated, replace it with the :kconfig:option:`CONFIG_BT_APP_PASSKEY` kconfig option.
Now, if you want to use a fixed passkey for the Matter Lock NUS service, register the ``app_passkey`` callback in the ``bt_conn_auth_cb`` structure.
* The :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` Kconfig option has been deprecated, replace it with the :kconfig:option:`CONFIG_BT_APP_PASSKEY` Kconfig option.
Now, if you want to use a fixed passkey for the Matter Lock NUS service, register the :c:member:`bt_conn_auth_cb.app_passkey` callback in the :c:struct:`bt_conn_auth_cb` structure.

Copy link
Contributor

@ArekBalysNordic ArekBalysNordic Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@m-alperen-sener could you please add these changes to my PR, or add a new one with the changes?

Copy link
Contributor Author

@m-alperen-sener m-alperen-sener Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

umapraseeda
umapraseeda requested changes Nov 7, 2025
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
* Deprecated the :kconfig:option:`CONFIG_BT_MESH_NLC_PERF_CONF` and :kconfig:option:`CONFIG_BT_MESH_NLC_PERF_DEFAULT` Kconfig options.
Existing configurations continue to work but you should migrate to individual profile options.

* Update the LE Pairing Responder model:
Copy link
Contributor

@umapraseeda umapraseeda Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Update the LE Pairing Responder model:
* Updated the LE Pairing Responder model:

m-alperen-sener and others added 4 commits November 7, 2025 14:20
@m-alperen-sener
manifest: sdk-zephyr: deprecate fixed passkey
9d0568e 
Manifest update to depracate and replace BT_FIXED_PADDKEY

Signed-off-by: alperen sener <[email protected]>
@m-alperen-sener
bluetooth: mesh: update le pair responder model with BT_APP_PASSKEY
6c6795c 
BT_FIXED_PASSKEY is depracated so wee need to aling the le pair
responder model with the new Kconfig BT_APP_PASSKEY usage.

Adding bt_mesh_le_pair_resp_passkey_get to be able to retreive
the passkey set randomly or by app.

Signed-off-by: alperen sener <[email protected]>
@m-alperen-sener
sample: bluetooth: mesh: start using BT_APP_PASSKEY
1b1e6a9 
BT_FIXED_PASSKEY is deprecated, thus we start using BT_APP_PASSKEY

Signed-off-by: alperen sener <[email protected]>
@ArekBalysNordic @m-alperen-sener
samples: matter: Align Matter NUS to APP_PASSKEY
215f1ea 
CONFIG_BT_FIXED_PASSKEY has been deprecated. We switched to
CONFIG_BT_APP_PASSKEY and added a migration guide entry.

Signed-off-by: Arkadiusz Balys <[email protected]>
@m-alperen-sener m-alperen-sener force-pushed the deprace_bt_fixed_appkey branch from bfe6ea8 to 215f1ea Compare November 7, 2025 13:29
m-alperen-sener
m-alperen-sener commented Nov 7, 2025
View reviewed changes
Copy link
Contributor Author

@m-alperen-sener m-alperen-sener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DOC fix
Rebased on sdk-nrf main

@m-alperen-sener
Copy link
Contributor Author

m-alperen-sener commented Nov 7, 2025

Hi @m-alperen-sener, before merging could you check these things to be sure these changes still work:

  1. mesh le pairing system test (https://projecttools.nordicsemi.no/bitbucket/projects/NCS-TEST/repos/test-sdk-mesh/browse/tests/mesh/samples/le_pairing)
  2. nRF Mesh DFU mobile app manages with pairing (IOS)
  3. Device Manager mobile app manages with pairing (IOS)

mobile app is possible to check with mesh dfu distributor sample

Tried the IOS app; it triggers pairing succesfully with le pair responder. And SMP is functional.

divipillai
divipillai reviewed Nov 7, 2025
View reviewed changes
include/bluetooth/mesh/vnd/le_pair_resp.h
* pre-defined passkey instead.
*
* @params passkey Passkey to use for the pairing, or @ref BT_PASSKEY_INVALID to use randomly
* @params passkey Passkey to use for the pairing, or @ref BT_PASSKEY_RAND to use randomly
Copy link
Contributor

@divipillai divipillai Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The doc build error is because of reference to this macro. The macro is defined in the Zephyr PR. This will work only after the Zephyr PR - https://github.com/nrfconnect/sdk-zephyr/pull/3466/files#diff-4538e90f4e61dd34802aa1c0a5382dc89d4df6032ec6a3dbbf4eef746ebdd488 is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlescufi carlescufi carlescufi left review comments

@omkar3141 omkar3141 omkar3141 left review comments

@nordicjm nordicjm nordicjm left review comments

@alxelax alxelax alxelax left review comments

@divipillai divipillai divipillai left review comments

@ArekBalysNordic ArekBalysNordic ArekBalysNordic approved these changes

@umapraseeda umapraseeda umapraseeda requested changes

@PavelVPV PavelVPV PavelVPV approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

DNM doc-required PR must not be merged without tech writer approval. manifest manifest-matter manifest-zephyr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@m-alperen-sener @NordicBuilder @alxelax @PavelVPV @carlescufi @omkar3141 @nordicjm @umapraseeda @divipillai @ArekBalysNordic