STM32WB-WBA BLE Privacy

Coming soon

1. STM32WB - Bluetooth^® Low Energy (BLE) Privacy

The STM32WB - Bluetooth^® Low Energy (BLE) privacy feature reduces the ability to track a device over a period of time by changing the device address on a frequent basis.

The address of a device using privacy mode can be resolved using the Identity Resolving Key (IRK) which is one of the encryption keys exchanged during the pairing process.

2. How to use Resolvable Private Address (RPA)

In initialization sequence Ble_Hci_Gap_Gatt_Init in app_ble.c.

Set public address : aci_hal_write_config_data(CONFIG_DATA_PUBADDR_OFFSET,..).
Set static random address : aci_hal_write_config_data(CONFIG_DATA_RANDOM_ADDRESS_OFFSET,..).
One of these addresses will be chosen by the customer and is the proper address of the device.
Depending on the choice, it is defined with CFG_IDENTITY_ADDRESS in app_conf.h

This parameter is used in aci_gap_set_authentication_requirement and corresponds to SMP identity address type, which is now used as GAP identity address type when privacy is enabled.

Initialize the GAP layer. Register the GAP service with aci_gap_init.

2.1. First case - initialize the GAP layer with privacy enabled and use of the defined device address

aci_gap_init(CFG_PRIVACY = privacy_enabled)
Depending on the role of the device, to start advertising, scan request or connection request, Own_address_type must be set to RPA (0x02) (or NRPA (0x03)) which are allowed values when privacy is enabled.

For aci_gap_set_authentication_req(..,Identity_address_type = CFG_IDENTITY_ADDRESS) proper device address type is used.

As long as aci_gap_add_devices_to_resolving_list is not sent, the proper addess type is the used one.

2.2. Second case - initialize the GAP layer with privacy enabled and use of a Resolvable Private Address

aci_gap_init(CFG_PRIVACY = privacy_enabled)
Depending on the role of the device, to start advertising, scan request or connection request, Own_address_type must be set to RPA (0x02) (or NRPA (0x03)) which are allowed values when privacy is enabled.

Now send aci_gap_add_devices_to_resolving_list(peer_identity_address_type equals to 0 or 1, Peer_address could be whatever except NULL address)

For advertising, scan request or connection request, a RPA will be used.
But device is not yet known.

2.3. Third case - initialize the GAP layer with privacy enabled and use of a Resolvable Private Address after bonding

aci_gap_init(CFG_PRIVACY = privacy_enabled)
Depending on the role of the device, to start advertising, scan request or connection request, Own_address_type must be set to RPA (0x02) which is one of allowed values when privacy is enabled.

Initiate a connection, a pairing (bonding enabled).
Note that like in first case proper address of the device is used.

Disconnect the link.
Now send aci_gap_add_devices_to_resolving_list(Peer_identity_address_type and peer_address_type of the previously bonded device)
Peer_identity_address_type and peer_address_type can be get with aci_gap_get_bonded_devices.

Depending on the role of the device, to start advertising, scan request or connection request, Own_address_type must be set to RPA (0x02) which is one of allowed values when privacy is enabled.

For advertising, scan request or connection request, a RPA will be generated and could be resolved by devices added in resolving list.
Note that both devices need to be in privacy mode. Privacy is necessary to activate the address resolution in Link Layer.

3. First example: Connection between a smartphone and a STM32WB

3.1. first phase - initialize the GAP layer with privacy enabled, connection and bonding - use of public address

3.2. second phase - add device to resolving list

4. Second example : Connection between two STM32WB

4.1. first phase - initialize the GAP layer with privacy enabled, connection and bonding. Use of static random address

4.2. second phase - add device to resolving list

5. STM32WB Privacy Application example

ST Bluetooth^® Low Energy Privacy example^[1]

5.1. References