From c75a04fa6e9f6b1cdf4acb2b72ad3bac0ec31911 Mon Sep 17 00:00:00 2001 From: Chris Andreae Date: Mon, 18 Dec 2023 21:45:59 +0900 Subject: [PATCH] Enable CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE --- app/boards/arm/glove80/glove80_lh_defconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/boards/arm/glove80/glove80_lh_defconfig b/app/boards/arm/glove80/glove80_lh_defconfig index 6e5c081c2147..6cd7e22cf830 100644 --- a/app/boards/arm/glove80/glove80_lh_defconfig +++ b/app/boards/arm/glove80/glove80_lh_defconfig @@ -42,6 +42,14 @@ CONFIG_BT_GATT_AUTO_SEC_REQ=y # Work-around for Windows bug with battery notifications CONFIG_BT_GATT_ENFORCE_SUBSCRIPTION=n +# Allow unauthenticated re-pairing for already paired hosts. This would permit +# an attacker that can spoof the host's peer address to "steal" the keyboard +# pairing by overwriting it, but without access to the previous keys it can't +# establish a MITM, and the sudden loss of the keyboard would be very obvious to +# the previously-connected host. +CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE=y +ZMK_BLE_PASSKEY_ENTRY=n + # Enable MPU CONFIG_ARM_MPU=y