Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BLE: Manual BLE security manager db synchronisation #14824

Merged
merged 3 commits into from
Jul 12, 2021
Merged

BLE: Manual BLE security manager db synchronisation #14824

merged 3 commits into from
Jul 12, 2021

Conversation

paul-szczepanek-arm
Copy link
Member

Summary of changes

Adds new BLE API call to manually attempt to synchronise the security manager DB.

Impact of changes

Migration actions required

Documentation

none

Pull request type 

[] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[x] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@ciarmcom ciarmcom requested review from a team June 23, 2021 21:30
@ciarmcom
Copy link
Member

@paul-szczepanek-arm, thank you for your changes.
@ARMmbed/mbed-os-connectivity @ARMmbed/mbed-os-test @ARMmbed/mbed-os-maintainers please review.

@paul-szczepanek-arm paul-szczepanek-arm mentioned this pull request Jun 23, 2021
Closed
chrisswinchatt-arm
chrisswinchatt-arm reviewed Jun 24, 2021
View reviewed changes
connectivity/FEATURE_BLE/include/ble/SecurityManager.h
@@ -501,11 +501,29 @@ class SecurityManager
* Normally all bonding information is lost when device is reset, this requests that the stack
* attempts to save the information and reload it during initialisation. This is not guaranteed.
*
* @note This option is itself saved together with bonding data. When data is read after reset,
* the state of this option decides if data should be restored. If this option has not been saved
Copy link
Contributor

@chrisswinchatt-arm chrisswinchatt-arm Jun 24, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My read of this is that writeBondingStateToPersistentStorage is effectively a no-op unless preserveBondingStateOnReset is set to true before the reset. What's the rationale behind this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

preserveBondingStateOnReset is an option that affects behaviour after the reset. Maybe I should've called it loadBondingDataFromPersistentStorageAfterReset

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could writeBondingStateToPersistentStorage implicitly set preserveBondingStateOnReset? Or is there a reason someone would write the data but not automatically load it after a reset?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good point. If I can't find a good reason by tomorrow I'll add the call.

pan-
pan- reviewed Jun 28, 2021
View reviewed changes
Copy link
Member

@pan- pan- left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we test this ?

Should we add a command for sync and reset the MCU during the test ?

It is a draft, what is expected to be added to this PR ?

connectivity/FEATURE_BLE/include/ble/SecurityManager.h
* @note You still need to call preserveBondingStateOnReset(true) before reset happens for data to be
* loaded when it's read.
*
* @note Depending on the driver used to implement the storage solution used this may be a disruptive
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could use a less ominous tone and instruct the user to prefer calling this function outside of connection otherwise the connection can drop if storage is the internal flash.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this is what it means. Other operations may be affected not just connections. That's why I used generic phrasing.

connectivity/FEATURE_BLE/source/generic/FileSecurityDb.h
@@ -136,7 +136,7 @@ class FileSecurityDb : public SecurityDb {

virtual void restore();

virtual void sync(entry_handle_t db_handle);
virtual void sync(entry_handle_t db_handle = invalid_entry_handle);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do we gain with the default parameter ? It is an implementation and it won't be called directly by the BLE framework.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So that I don't have to modify existing code.

connectivity/FEATURE_BLE/source/generic/KVStoreSecurityDb.h
@@ -200,7 +200,7 @@ class KVStoreSecurityDb : public SecurityDb {

virtual void restore();

virtual void sync(entry_handle_t db_handle);
virtual void sync(entry_handle_t db_handle = invalid_entry_handle);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See above.

@paul-szczepanek-arm
Copy link
Member Author

It will stop being a draft when I verify this :P

@paul-szczepanek-arm
Copy link
Member Author

@AGlass0fMilk does this solution look acceptable to you?

@paul-szczepanek-arm paul-szczepanek-arm marked this pull request as ready for review June 29, 2021 15:06
@paul-szczepanek-arm
Copy link
Member Author

Tested with persistent storage, flushing works so you can sync storage before reset.

@AGlass0fMilk
Copy link
Member

So this essentially adds a new Security Manager API method to manually flush the security DB to non-volatile storage?

Does the SM still need to be reset afterwards? I see that as an arbitrary requirement -- why does the SM state need to be reset to simply save the current security database?

If this works as you say, I think it's fine. The main goal is to make it clear to users how to save security credentials to NV memory to save them the headache of debugging caching/filesystem-related issues.

@paul-szczepanek-arm
Copy link
Member Author

no, you don't need to reset it anymore, the new call causes buffers to flush so your db is good to be restored

@ciarmcom ciarmcom added the stale Stale Pull Request label Jul 6, 2021
@ciarmcom
Copy link
Member

ciarmcom commented Jul 6, 2021

This pull request has automatically been marked as stale because it has had no recent activity. @AGlass0fMilk, @pan-, @ARMmbed/mbed-os-maintainers, @ARMmbed/mbed-os-test, please complete review of the changes to move the PR forward. Thank you for your contributions.

@paul-szczepanek-arm
Copy link
Member Author

@AGlass0fMilk does it solve your problem? Please accept in review or let me know what you don't like.

@ciarmcom ciarmcom removed the stale Stale Pull Request label Jul 6, 2021
@0xc0170
Copy link
Contributor

0xc0170 commented Jul 9, 2021

CI started

@mbed-ci
Copy link

mbed-ci commented Jul 9, 2021

Jenkins CI Test : ✔️ SUCCESS

Build Number: 1 | 🔒 Jenkins CI Job | 🌐 Logs & Artifacts

CLICK for Detailed Summary

jobs Status
jenkins-ci/mbed-os-ci_unittests ✔️
jenkins-ci/mbed-os-ci_cmake-cloud-example-ARM ✔️
jenkins-ci/mbed-os-ci_build-cloud-example-ARM ✔️
jenkins-ci/mbed-os-ci_cmake-cloud-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_build-cloud-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_build-greentea-ARM ✔️
jenkins-ci/mbed-os-ci_build-greentea-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_cmake-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_cmake-example-ARM ✔️
jenkins-ci/mbed-os-ci_build-example-GCC_ARM ✔️
jenkins-ci/mbed-os-ci_build-example-ARM ✔️
jenkins-ci/mbed-os-ci_greentea-test ✔️

@0xc0170 0xc0170 merged commit 3c2c5be into ARMmbed:master Jul 12, 2021
@mergify mergify bot removed the ready for merge label Jul 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisswinchatt-arm chrisswinchatt-arm chrisswinchatt-arm approved these changes

@0xc0170 0xc0170 0xc0170 approved these changes

@AGlass0fMilk AGlass0fMilk Awaiting requested review from AGlass0fMilk

@pan- pan- Awaiting requested review from pan-

Assignees
No one assigned
Labels
component: connectivity component: test release-version: 6.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@paul-szczepanek-arm @ciarmcom @AGlass0fMilk @0xc0170 @mbed-ci @pan- @chrisswinchatt-arm @mbedmain