This page describes the software architecture of Zephyr’s Bluetooth protocol stack.
Note
Zephyr supports mainly Bluetooth Low Energy (BLE), the low-power version of the Bluetooth specification. Zephyr also has limited support for portions of the BR/EDR Host. Throughout this architecture document we use BLE interchangably for Bluetooth except when noted.
Zephyr主要支持蓝牙低能耗(BLE),即蓝牙规范的低功耗版本。Zephyr对br/edr主机的部分支持也有限。在整个体系结构文档中,除了特别指出的情况外,我们使用BLE作为蓝牙接口。
There are 3 main layers that together constitute a full Bluetooth Low Energy protocol stack:
该层位于应用程序的正下方,由多个(非实时)网络和传输协议组成,使应用程序能够以标准的、可互操作的方式与对等设 备通信。
控制器实现链路层(le ll),这是一种低级别的实时协议,它与无线电硬件一起提供标准的空中通信互操作。LL调度数据包的接收和传输,保证数据的传输,并处理所有的LL控制程序。
硬件实现所需的模拟和数字基带功能块,允许链路层固件以2.4GHz频段发送和接收。
The Bluetooth Specification describes the format in which a Host must communicate with a Controller. This is called the Host Controller Interface (HCI) protocol. HCI can be implemented over a range of different physical transports like UART, SPI, or USB. This protocol defines the commands that a Host can send to a Controller and the events that it can expect in return, and also the format for user and protocol data that needs to go over the air. The HCI ensures that different Host and Controller implementations can communicate in a standard way making it possible to combine Hosts and Controllers from different vendors.
The three separate layers of the protocol and the standardized interface make it possible to implement the Host and Controller on different platforms. The two following configurations are commonly used:
The Zephyr software stack as an RTOS is highly configurable, and in particular, the BLE subsystem can be configured in multiple ways during the build process to include only the features and layers that are required to reduce RAM and ROM footprint as well as power consumption. Here’s a short list of the different BLE-enabled builds that can be produced from the Zephyr project codebase:
Controller-only build: When built as a BLE Controller, Zephyr includes the Link Layer and a special application. This application is different depending on the physical transport chosen for HCI:
This application acts as a bridge between the UART, SPI or USB peripherals and the Controller subsystem, listening for HCI commands, sending application data and responding with events and received data. A build of this type sets the following Kconfig option values:
CONFIG_BT
=y
CONFIG_BT_HCI
=y
CONFIG_BT_HCI_RAW
=y
CONFIG_BT_CTLR
=y
CONFIG_BT_LL_SW
=y
(if using the open source Link Layer)Host-only build: A Zephyr OS Host build will contain the Application and the BLE Host, along with an HCI driver (UART or SPI) to interface with an external Controller chip. A build of this type sets the following Kconfig option values:
CONFIG_BT
=y
CONFIG_BT_HCI
=y
CONFIG_BT_CTLR
=n
All of the samples located in samples/bluetooth
except for the ones used for Controller-only builds can be built as Host-only
Combined build: This includes the Application, the Host and the Controller, and it is used exclusively for single-chip (SoC) configurations. A build of this type sets the following Kconfig option values:
CONFIG_BT
=y
CONFIG_BT_HCI
=y
CONFIG_BT_CTLR
=y
CONFIG_BT_LL_SW
=y
(if using the open source Link Layer)All of the samples located in samples/bluetooth
except for the ones used for Controller-only builds can be built as Combined
The picture below shows the SoC or single-chip configuration when using a Zephyr combined build (a build that includes both a BLE Host and a Controller in the same firmware image that is programmed onto the chip):
A Combined build on a Single-Chip configuration
When using connectivity or dual-chip configurations, several Host and Controller combinations are possible, some of which are depicted below:
Host-only and Controller-only builds on dual-chip configurations
When using a Zephyr Host (left side of image), two instances of Zephyr OS must be built with different configurations, yielding two separate images that must be programmed into each of the chips respectively. The Host build image contains the application, the BLE Host and the selected HCI driver (UART or SPI), while the Controller build runs either the hci_uart, or the hci_spi app to provide an interface to the BLE Controller.
当使用Zephyr主机(图像左侧)时,必须使用不同的配置构建两个Zephyr OS实例,生成两个单独的图像,这些图像必须分别编程到每个芯片中。主机构建映像包含应用程序、BLE主机和选定的HCI驱动程序(UART或SPI),而控制器构建运行HCI UART或HCI SPI应用程序以向BLE控制器提供接口。
This configuration is not limited to using a Zephyr OS Host, as the right side of the image shows. One can indeed take one of the many existing GNU/Linux distributions, most of which include Linux’s own BLE Host (BlueZ), to connect it via UART or USB to one or more instances of the Zephyr OS Controller build. BlueZ as a Host supports multiple Controllers simultaneously for applications that require more than one BLE radio operating at the same time but sharing the same Host stack.
如图右侧所示,此配置不限于使用Zephyr OS主机。实际上,我们可以利用许多现有的GNU/Linux发行版中的一个,其中大部分包括Linux自己的BLE主机(bluez),通过UART或USB将其连接到Zephyr OS控制器构建的一个或多个实例。Bluez作为主机同时支持多个控制器,用于需要同时操作多个BLE无线电但共享同一主机堆栈的应用程序。
The stack is split up as follows in the source tree:
subsys/bluetooth/host
The host stack. This is where the HCI command and event handling as well as connection tracking happens. The implementation of the core protocols such as L2CAP, ATT, and SMP is also here.
subsys/bluetooth/controller
Bluetooth Controller implementation. Implements the controller-side of HCI, the Link Layer as well as access to the radio transceiver.
include/bluetooth/
Public API header files. These are the header files applications need to include in order to use Bluetooth functionality.
drivers/bluetooth/
HCI transport drivers. Every HCI transport needs its own driver. For example, the two common types of UART transport protocols (3-Wire and 5-Wire) have their own drivers.
samples/bluetooth/
Sample Bluetooth code. This is a good reference to get started with Bluetooth application development.
tests/bluetooth/
Test applications. These applications are used to verify the functionality of the Bluetooth stack, but are not necessary the best source for sample code (see samples/bluetooth
instead).
doc/guides/bluetooth/
Extra documentation, such as PICS documents.
The Bluetooth Host implements all the higher-level protocols and profiles, and most importantly, provides a high-level API for applications. The following diagram depicts the main protocol & profile layers of the host.
Bluetooth Host protocol & profile layers.
Lowest down in the host stack sits a so-called HCI driver, which is responsible for abstracting away the details of the HCI transport. It provides a basic API for delivering data from the controller to the host, and vice-versa.
Perhaps the most important block above the HCI handling is the Generic Access Profile (GAP). GAP simplifies Bluetooth LE access by defining four distinct roles of BLE usage:
Each role comes with its own build-time configuration option: CONFIG_BT_PERIPHERAL
, CONFIG_BT_CENTRAL
, CONFIG_BT_BROADCASTER
& CONFIG_BT_OBSERVER
. Of the connection-oriented roles central implicitly enables observer role, and peripheral implicitly enables broadcaster role. Usually the first step when creating an application is to decide which roles are needed and go from there. Bluetooth Mesh is a slightly special case, requiring at least the observer and broadcaster roles, and possibly also the Peripheral role. This will be described in more detail in a later section.
Most Zephyr-based BLE devices will most likely be peripheral-role devices. This means that they perform connectable advertising and expose one or more GATT services. After registering services using the bt_gatt_service_register()
API the application will typically start connectable advertising using the bt_le_adv_start()
API.
There are several peripheral sample applications available in the tree, such as samples/bluetooth/peripheral_hr.
Central role may not be as common for Zephyr-based devices as peripheral role, but it is still a plausible one and equally well supported in Zephyr. Rather than accepting connections from other devices a central role device will scan for available peripheral device and choose one to connect to. Once connected, a central will typically act as a GATT client, first performing discovery of available services and then accessing one or more supported services.
To initially discover a device to connect to the application will likely use the bt_le_scan_start()
API, wait for an appropriate device to be found (using the scan callback), stop scanning using bt_le_scan_stop()
and then connect to the device using bt_conn_create_le()
. If the central wants to keep automatically reconnecting to the peripheral it should use the bt_le_set_auto_conn()
API.
There are some sample applications for the central role available in the tree, such as samples/bluetooth/central_hr.
An observer role device will use the bt_le_scan_start()
API to scan for device, but it will not connect to any of them. Instead it will simply utilize the advertising data of found devices, combining it optionally with the received signal strength (RSSI).
A broadcaster role device will use the bt_le_adv_start()
API to advertise specific advertising data, but the type of advertising will be non-connectable, i.e. other device will not be able to connect to it.
Connection handling and the related APIs can be found in the Connection Management section.
To achieve a secure relationship between two Bluetooth devices a process called pairing is used. This process can either be triggered implicitly through the security properties of GATT services, or explicitly using the bt_conn_security()
API on a connection object.
To achieve a higher security level, and protect against Man-In-The-Middle (MITM) attacks, it is recommended to use some out-of-band channel during the pairing. If the devices have a sufficient user interface this “channel” is the user itself. The capabilities of the device are registered using the bt_conn_auth_cb_register()
API. The bt_conn_auth_cb
struct that’s passed to this API has a set of optional callbacks that can be used during the pairing - if the device lacks some feature the corresponding callback may be set to NULL. For example, if the device does not have an input method but does have a display, the passkey_entry
and passkey_confirm
callbacks would be set to NULL, but the passkey_display
would be set to a callback capable of displaying a passkey to the user.
Depending on the local and remote security requirements & capabilities, there are four possible security levels that can be reached:
BT_SECURITY_LOW
No encryption and no authentication.
BT_SECURITY_MEDIUM
Encryption but no authentication (no MITM protection).
BT_SECURITY_HIGH
Encryption and authentication using the legacy pairing method from Bluetooth 4.0 and 4.1.
BT_SECURITY_FIPS
Encryption and authentication using the LE Secure Connections feature available since Bluetooth 4.2.
Note
Mesh has its own security solution through a process called provisioning. It follows a similar procedure as pairing, but is done using separate mesh-specific APIs.
L2CAP stands for the Logical Link Control and Adaptation Protocol. It is a common layer for all communication over Bluetooth connections, however an application comes in direct contact with it only when using it in the so-called Connection-oriented Channels (CoC) mode. More information on this can be found in the L2CAP API section.
The Generic Attribute Profile is the most common means of communication over LE connections. A more detailed description of this layer and the API reference can be found in the GATT API reference section.
Mesh is a little bit special when it comes to the needed GAP roles. By default, mesh requires both observer and broadcaster role to be enabled. If the optional GATT Proxy feature is desired, then peripheral role should also be enabled.
The API reference for Mesh can be found in the Mesh API reference section.
The Bluetooth host stack uses the settings subsystem to implement persistent storage to flash. This requires the presence of a flash driver and a designated “storage” partition on flash. A typical set of configuration options needed will look something like the following:
CONFIG_BT_SETTINGS=y CONFIG_FLASH=y CONFIG_FLASH_PAGE_LAYOUT=y CONFIG_FLASH_MAP=y CONFIG_FCB=y CONFIG_SETTINGS=y CONFIG_SETTINGS_FCB=y
Once enabled, it is the responsibility of the application to call settings_load() after having initialized Bluetooth (using the bt_enable() API).