8. Secure Storage

8.1. overview

Starting from SDK version 6.0.24, we introduced two app modules:

  • Encryption module: provides an easy-to-use API for encryption functions.

  • Storage module: provides an easy-to-use API for memory storage functions.

These modules are used in the bond database system to securely store encrypted bonding data.You can see how these modules work in the ble_app_security demo available in: projects\target_apps\ble_examples\ble_app_security, where sample user data is securely written to and read from flash memory.

8.2. Testing Storage and Encryption (from SDK 6.0.24)

below are the steps for Storage and Encryption tests:

1/ Initial Flash Verification:

  • Download the firmware using Keil or burn it to flash.

  • Run the device with sleep enabled and empty flash.

  • Use SST (Smart Snippet Toolbox) to check flash:

    • At offset 0x01E000, size 0x294

    • At offset 0x01F000, size 0x24

  • The data at these locations should not be all zeros, as they are stored encrypted.

2/ Bonding and Adding User Data:

  • Download the firmware again using Keil.

  • Bond with the device using a generic BLE app.

  • Write 0x01 to the custom profile’s control point once to add an entry to the user database.

3/ Verify Flash Contents:

  • Use SST to read the flash.

  • New bonding and user data entries should appear below the initial encrypted data.

  • You can identify them using the struct’s start/end headers and size.

4/ Reconnection Test:

  • Re-download the firmware and reconnect with the previously bonded device.

  • Pairing should not occur again.

  • Read the ADC value to confirm that the user data was properly recovered.

5/ Repeat Bond/Delete Cycle:

  • Disconnect and delete the bond from the phone.

  • Reconnect, bond again, and write 0x01 to the custom profile.

  • Repeat verification steps above.

  • Reconnect again to ensure data loads correctly.

6/ Storage Limit Testing:

  • When bonding data size is 0x1000, the 7th bond/delete cycle will exceed storage.

    • All old entries are erased, only the last one is kept.

  • The same applies to the user database, which holds up to 3 entries due to smaller size.

7/ Non-Encrypted Mode:

  • All the above tests were also repeated with encryption disabled:

    • Set BDB_ENCRYPTED and UDDB_ENCRYPTED to false.