Search code examples

Bluetooth Pairing via BlueZ in Just Work Mode Fails - Confirm Value Failed

Kernel: Linux 4.9.84 armv7l on board
Bluez: 5.65
Peer: Android 12 & IOS 16.6

  • Use btmgmt open bluetooth settings

btmgmt power off
btmgmt connectable on
btmgmt pairable on
btmgmt power on
btmgmt le on
btmgmt io-cap 0x3(set io capability as NoInputNoOutput)
btmgmt ssp on (use legacy mode)

btmgmt settings

  • BT_SECURITY for the L2CAP socket has been set to low, and an encryption requirement has been applied to one characteristic.

btgatt-server settings

I didn't manually create an agent with IO capability via bluetoothctl, but with the above operations, it seems like the protocol automatically creates an agent to handle pairing issues when I try to access the characteristic with the encryption requirement.
We can see the communication via btmon.

> ACL Data RX: Handle 24 flags 0x02 dlen 11                                                                                                                                                                                                              #240 [hci0] 74.105218
  SMP: Pairing Request (0x01) len 6
    IO capability: KeyboardDisplay (0x04)
    OOB data: Authentication data not present (0x00)
    Authentication requirement: Bonding, MITM, SC, No Keypresses, CT2 (0x2d)
    Max encryption key size: 16
    Initiator key distribution: EncKey IdKey Sign LinkKey (0x0f)
    Responder key distribution: EncKey IdKey Sign LinkKey (0x0f) 
< ACL Data TX: Handle 24 flags 0x00 dlen 11                                                                                                                                                                                                              #241 [hci0] 74.105300
      SMP: Pairing Response (0x02) len 6
        IO capability: NoInputNoOutput (0x03)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, MITM, Legacy, No Keypresses (0x05)
        Max encryption key size: 16
        Initiator key distribution: EncKey Sign (0x05)
        Responder key distribution: EncKey Sign (0x05)
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                                                                                                                                   #242 [hci0] 74.224936
        Num handles: 1
        Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
        Count: 1
> ACL Data RX: Handle 24 flags 0x02 dlen 21                                                                                                                                                                                                              #243 [hci0] 75.304575
      SMP: Pairing Confirm (0x03) len 16
        Confim value: bf331d0c1af509252c7ac50a03acc66f
< ACL Data TX: Handle 24 flags 0x00 dlen 21                                                                                                                                                                                                              #244 [hci0] 75.304672
      SMP: Pairing Confirm (0x03) len 16
        Confim value: ac378c91768d6efd8b5b07ad5cd78ba4
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                                                                                                                                   #245 [hci0] 75.425942
        Num handles: 1
        Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
        Count: 1
> ACL Data RX: Handle 24 flags 0x02 dlen 21                                                                                                                                                                                                              #246 [hci0] 75.484575
      SMP: Pairing Random (0x04) len 16
        Random value: 830af66a612fb5dcb8bf8376a43b8dda
< ACL Data TX: Handle 24 flags 0x00 dlen 6                                                                                                                                                                                                               #247 [hci0] 75.486908
      SMP: Pairing Failed (0x05) len 1
        Reason: Confirm value failed (0x04)
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                                                                                                                                   #248 [hci0] 75.545938
        Num handles: 1
        Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
        Count: 1
> HCI Event: Disconnect Complete (0x05) plen 4                                                                                                                                                                                                           #249 [hci0] 79.624942
        Status: Success (0x00)
        Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
        Reason: Remote User Terminated Connection (0x13)

btmon data

Problem: I faced the problem where the Peripheral (my board) confirmation failed during the confirm phase. For details, see the btmon message in the picture above.

Error Phase
ps : This picture from Core_v5.4 Vol3, Part H, pate 1618

I'm not quite sure where the problem is located, but after reading the confirmation calculation formula, I suspect it might be due to the algorithm differences between my phone and my board or an address issue, as the other parameters seem to be the same.

Confirm value calculation
C1 formula
Function e

I have tried to connect to my virtual machine(ubuntu) via Bluetooth with the same BlueZ version and the same operations, and it worked! Therefore, I suspect the problem is located in the kernel configuration of my board


  • The problem was finally located in the Linux Kernel configuration.
    The recommended configuration from Bluez is shown in the picture below. enter image description here

    (Screenshot from A1 Bluetooth Linux Study Guide - Installation and Configuration.pdf Page 4 downloaded from the official website)

    However, this configuration leads to a confirm value calculation failure, so an extra configuration is needed

    * User-space interface for random number generator algorithms