STM32WB55 advertising dynamic switch from just works / legacy pincode

lgrosbois_WTK · ‎2025-09-15

Hi,
I need to implement the following behavior on a STM32WB55.

Upon a command, device must advertise in 2 different modes:

Just works. No bonding, connection is accepted without any authentication requirements. All characteristics can be read and written.
Legacy pincode. No bonding, a fixed pincode shall be required by the host at every connection.

To acheive that, I followed scrupulously the ST wiki & configured the following:

aci_gap_set_io_capability
aci_gap_set_authentication_requirement
characteristic security permissions

I am able to have either one of the 2 scenarii, but I cannot switch dynamically from one another.

The key difference resides in the security permission of each characteristic.

With ATTR_PERMISSION_NONE, characteristics can be read & written without authentication (just works mode)
With ATTR_PERMISSION_AUTHEN_READ | ATTR_PERMISSION_AUTHEN_WRITE, pincode is properly required at each connection.

Unfortunately, I cannot switch dynamically between the 2.

I tried the following:

A call to aci_gatt_set_access_permission. This returns 0x0C - command disallowed
I tried to telete all characteristics and re-create them calling aci_gatt_del_char and aci_gatt_add_char_desc but I have the error code 0x98 Out of memory.
The stack fails to recreate the the last characteristic as if there was some king of memory leak in the stack (if called repeatedly, the last characteristic goes up in the creation loop ...)

Here are my questions:

Is there a way to achieve this without changing the permissions of the characteristics ?
If no, can I change the permissions dynamically ?
If no, do you think of any way that would not need deleting characteristics ?
If no, can ST investigate the possible memory leak at characteristic deletion ?

Code snippet of the authentication requirements:

    /**
     * Configuration that differs upon advertizing mode
     */
    switch (mode)
    {
    case ble_advertize_justworks:
        io_capability = IO_CAP_NO_INPUT_NO_OUTPUT;
        MITM_Mode = CFG_MITM_PROTECTION_NOT_REQUIRED;
        break;
    case ble_advertize_passkey:
        io_capability = IO_CAP_DISPLAY_ONLY;
        MITM_Mode = CFG_MITM_PROTECTION_REQUIRED;
        break;
    default:
        assert(FALSE); // should not reach here
        break;
    }

    /**
     * Set I/O capability
     */
    ret = aci_gap_set_io_capability(io_capability);
    if (ret != BLE_STATUS_SUCCESS) {
        APP_DBG_MSG("aci_gap_set_io_capability failed with status %x", ret);
        return ret;
    }
    /**
     * Configure authentication
     */
    ret = aci_gap_set_authentication_requirement(0, // No bonding required
                                                 MITM_Mode,
                                                 CFG_SECURE_NOT_SUPPORTED,
                                                 CFG_KEYPRESS_NOT_SUPPORTED,
                                                 CFG_ENCRYPTION_KEY_SIZE_MIN,
                                                 CFG_ENCRYPTION_KEY_SIZE_MAX,
                                                 0,                // use a fixed pin
                                                 passkey,          // fixed pin value
                                                 GAP_PUBLIC_ADDR); // identity address type
    if (ret != BLE_STATUS_SUCCESS)
    {
        APP_DBG_MSG("aci_gap_set_authentication_requirement failed with status %x", ret);
        return ret;
    }

    /**
     * Fill UUID with UUID
     */
    memcpy(&(ble_adv_uuid[1]), ble_get_uuid(), sizeof(ble_uuid_t));

    /**
     * Start advertising
     */
    ret = aci_gap_set_discoverable(
        ADV_IND,
        CFG_FAST_CONN_ADV_INTERVAL_MIN,
        CFG_FAST_CONN_ADV_INTERVAL_MAX,
        BLE_ADDR_TYPE,
        NO_WHITE_LIST_USE,
        sizeof(ble_local_name) - 1,    /* Don't count the 0 byte at the end */
        (uint8_t*) ble_local_name,
        sizeof(ble_adv_uuid),
        (uint8_t*) ble_adv_uuid,
        0,  /* No specific minimum connection interval */
        0   /* No specific maximum connection interval */
    );
    if (ret != BLE_STATUS_SUCCESS) {
        APP_DBG_MSG("aci_gap_set_discoverable failed with status %x", ret);
        return ret;
    }

grohmano · ‎2025-09-16

Hello @lgrosbois_WTK,

to your questions:

1) no, you have to change the permissions of characteristics according to your need in terms of security. If security permissions of the characteristic will be higher than link security level, characteristic won't be accessible. So you may need to change characteristic security permissions

2) aci_gat_set_access_permission and aci_gat_set_security_permission, can change security properties only of attributes, not entire characteristics

3) My idea is if it could be sufficient for you that you would have no_init variable and when you want to change the mode, you would change this variable and perform NVIC_System_Reset. Then you would set security requirements according to this variable

4) I would probably need your logs and your steps to the deletion and adding of characteristic in order to replicate your issue

lgrosbois_WTK · ‎2025-09-16

Hello @grohmano,

Thank you for your reply.

As I understand, I need either to:

- fix what looks like a memory leak in the stack

- perform a hard reset of the chip

Reset is not an option, as the WB55 features is not only performing BLE, but also has other tasks in active use.

I will see during the week what I can provide you with in order to reproduce the issue.

FYI, I am using stm32wb5x_BLE_Stack_full_fw.bin, version STM32Cube_FW_WB_V1.20.0.
I checked with the latest release note and there is no mention of fixing a memory leak in the changelog.

Kind regards,

lgrosbois_WTK · ‎2025-09-22

Hello @grohmano ,

My customer is OK for me spending time on this issue.
Although, I cannot send you his code.

I will modify the ble_heartrate example in order to reproduce my issue and provide you with it.

hope I will w be able to send you something within the 2 coming weeks.

Kind regards,

Laurent

lgrosbois_WTK · ‎2025-11-18

Dear @grohmano ,

I finally found the time to work on a PoC to reproduce the issue.

Please find enclosed a modified ble_heartrate:

- A new BLE service with numerous characteristics replaces the usual services which have been commented out

- Logs have been enabled

- Gatt configuration variables have been modified (CFG_BLE_NUM_GATT_SERVICES, CFG_BLE_NUM_GATT_ATTRIBUTES, CFG_BLE_ATT_VALUE_ARRAY_SIZE).
- Button switch 1 function has been modified to trigger characteristic deletion / re-creation

- I did not port event handling as I did not thinbk it was relevant to the issue reproduction.

As you will see, service and characteristics instanciation are fine at init.
When pressing switch1, service and characteristics are deleted. Then, the last characteristic cannot be instanciated due to lack of memory. When re-trying, then characteristic n-2 cannot be instanciated, and so on with n-3, ...

Please see the logs below.

==>> Start Ble_Hci_Gap_Gatt_Init function
  Success: hci_reset command
  Success: aci_hal_write_config_data command - CONFIG_DATA_PUBADDR_OFFSET
  Public Bluetooth Address: 00:80:e1:26:c1:c3
  Success: aci_hal_write_config_data command - CONFIG_DATA_IR_OFFSET
  Success: aci_hal_write_config_data command - CONFIG_DATA_ER_OFFSET
  Success: aci_hal_set_tx_power_level command
  Success: aci_gatt_init command
  Success: aci_gap_init command
  Success: aci_gatt_update_char_value - Device Name
  Success: aci_gatt_update_char_value - Appearance
  Success: hci_le_set_default_phy command
  Success: aci_gap_set_io_capability command
  Success: aci_gap_set_authentication_requirement command
  Success: aci_gap_configure_whitelist command
==>> End Ble_Hci_Gap_Gatt_Init function

[BLE] Create service success
[BLE] Create characteristic success
==>> aci_gap_set_discoverable - Success
==>> Success: Start Fast Advertising

==>> BUTTON 1 pressed
[BLE] Delete characteristic success
[BLE] Delete service success
[BLE] Create service success
[BLE] Failed to create characteristic 0x0074: error 0x0098
==>> BUTTON 1 pressed
[BLE] Delete characteristic success
[BLE] Delete service success
[BLE] Create service success
[BLE] Failed to create characteristic 0x0073: error 0x0098
==>> BUTTON 1 pressed
[BLE] Delete characteristic success
[BLE] Delete service success
[BLE] Create service success
[BLE] Failed to create characteristic 0x0071: error 0x0098
==>> BUTTON 1 pressed
[BLE] Delete characteristic success
[BLE] Delete service success
[BLE] Create service success
[BLE] Failed to create characteristic 0x0071: error 0x0098
==>> BUTTON 1 pressed
[BLE] Delete characteristic success
[BLE] Delete service success
[BLE] Create service success
[BLE] Failed to create characteristic 0x0070: error 0x0098
==>> BUTTON 1 pressed
[BLE] Delete characteristic success
[BLE] Delete service success
[BLE] Create service success
[BLE] Failed to create characteristic 0x0060: error 0x0098

grohmano · ‎2025-11-19

Hello @lgrosbois_WTK,

I have replicated the issue but did not find the cause, so I have submitted a ticket to our developers for verification and will let you know when I know more.

Best regards

lgrosbois_WTK · ‎2025-11-19

Hello @grohmano ,

Wow, that was fast ! Thanks !

Please keep me posted :).
Have a nice day,

Laurent

lgrosbois_WTK · ‎2025-12-03

Hello @grohmano ,

Any update from ST development team ?

Thanks !

grohmano · ‎2025-12-03

Hello,

no, not yet. We can expect some update in January probably.

Sorry for the delay