Hi Alain, >> I suspect we'd want bluetoothd to have a configuration that can enforce a more secure posture. >> >> Unfortunately when the command isn't supported, the platform is left between a rock and hard place... There isn't much we can do but to block the use of Bluetooth if the platform requires a more secure posture. > > so if the BR/EDR part is not up to the policy that the host requires, we could still configure the LE part. BlueZ is set up in this way that you can run a dual-mode controller as just a LE controller. > > I would also opt for the kernel just tells us what options it have. Then at least we can provide some feedback to the end-user on why Bluetooth is not available or why only selected features are available. what about something like this: +Read Security Features Command +============================== + + Command Code: 0x0048 + Controller Index: <controller id> + Command Parameters: + Return Parameters: Security_Data_Length (2 Octets) + Security_Data (0-65535 Octets) + + This command is used to retrieve the supported security features + by the controller or the kernel. + + The Security_Data_Length and Security_Data parameters provide + a list of security settings, features and information. It uses + the same format as EIR_Data, but with the namespace defined here. + + Data Type Name + -------------------- + 0x01 Flags + 0x02 Max Encryption Key Size (BR/EDR) + 0x03 Max Encryption Key Size (LE) + 0x04 Encryption Key Size enforcement (BR/EDR) + 0x05 Encryption Key Size enforcement (LE) + 0x06 ECDH Public Key validation (BR/EDR) + 0x07 ECDH Public Key validation (LE) + + + Max Encryption Key Size (BR/EDR and LE) + + When the field is present, then it provides 1 Octet value + indicating the max encryption key size. If the field is not + present, then it is unknown what the max encryption key + size of the controller or host is in use. + + Encryption Key Size Enforcement (BR/EDR and LE) + + When the field is present, then it provides 1 Octet value + indicating the min encryption key size that is enforced by + the controller or host. If the field is not present, then + it is unknown what the controller or host are enforcing. + + ECDH Public Key validation (BR/EDR and LE) + + When the field is present, then it provides 1 Octet value + indicating if public key validation is in use (0x01) or not + available (0x00). If the field is not present, then it is + unknown if the controller or host are validating public keys. + + This command generates a Command Complete event on success or + a Command Status event on failure. + + Possible errors: Invalid Parameters + Invalid Index Maybe this is overkill, but it would give us some flexible way of having the kernel tell us what is supported. Then bluetoothd can decide to power a controller or parts of a controller. Regards Marcel
