Topics

BlueZ PHY CODED scan via HCI UART on nRF52840_pca10056 #ble #nrf52840 #uart #hci


piotr@...
 
Edited

Hi,

I'm trying to force a nRF52840-pca10056 DK to scan for BLE advertisements with PHY set to CODED via HCI and BlueZ 5.50 but keep getting rejected by the hci_uart from Zephyr examples (master branch). I have few scanners and advertisers written on top of nRF15.3 SDK which work so right now I'm trying to test how PHY_CODED works with HCI.
I might (for sure I am) be doing something wrong but I haven't found any good resources on doing that and was thinking that someone on this mailing list has already solved this problem.

What happens is while sending:

$ hcitool cmd 08 41 00 00 04 

the command is correctly recognized by btmon as 

@ RAW Open: hcitool (privileged) version 2.22                {0x0003} [hci0] 5244.434886
< HCI Command: LE Set Extended Scan Para.. (0x08|0x0041) plen 3  #157 [hci0] 5244.435025
        Own address type: Public (0x00)                                                 
        Filter policy: Accept all advertisement (0x00)                                  
        PHYs: 0x04                                                                      
        Entry 0: LE Coded                                                               
          Type: Reserved (0x02)                                                         
          Interval: 13.750 msec (0x0016)                                                
          Window: 0.625 msec (0x0001)                                                   
> HCI Event: Command Complete (0x0e) plen 4                      #158 [hci0] 5271.619061
      LE Set Extended Scan Parameters (0x08|0x0041) ncmd 1                              
            Status: Unknown HCI Command (0x01)                                     


When debugging with GDB i could not send any breakpoints beyond this function call: https://github.com/zephyrproject-rtos/zephyr/blob/21358baa72cea9c23be57444eb91444774842f97/subsys/bluetooth/controller/hci/hci.c#L2235 - for some reason the debugger never stopped anywhere in  https://github.com/zephyrproject-rtos/zephyr/blob/21358baa72cea9c23be57444eb91444774842f97/subsys/bluetooth/controller/hci/hci.c#L1576 


When looking through hci_uart .hex features list I found nothing suspicious:

                                                                         
# BT_HCI_OP_READ_LOCAL_FEATURES           BT_OP(BT_OGF_INFO, 0x0003) 
$ hcitool cmd 04 03                                                          

< HCI Command: Read Local Supported Featu.. (0x04|0x0003) plen 0  #115 [hci0] 865.674540 
> HCI Event: Command Complete (0x0e) plen 12                      #116 [hci0] 865.675121 
      Read Local Supported Features (0x04|0x0003) ncmd 1                                 
        Status: Success (0x00)                                                           
        Features: 0x00 0x00 0x00 0x00 0x60 0x00 0x00 0x00                                
          BR/EDR Not Supported                                                           
          LE Supported (Controller)                                                      


# BT_HCI_OP_READ_SUPPORTED_COMMANDS       BT_OP(BT_OGF_INFO, 0x0002) 
$ hcitool cmd 04 02                                                          
 

< HCI Command: Read Local Supported Comma.. (0x04|0x0002) plen 0  #117 [hci0] 865.679037 
> HCI Event: Command Complete (0x0e) plen 68                      #118 [hci0] 865.680251 
      Read Local Supported Commands (0x04|0x0002) ncmd 1                                 
        Status: Success (0x00)                                                           
        Commands: 65 entries                                                             
          Disconnect (Octet 0 - Bit 5)                                                   
          Read Remote Version Information (Octet 2 - Bit 7)                              
          Set Event Mask (Octet 5 - Bit 6)                                               
          Reset (Octet 5 - Bit 7)                                                        
          Read Transmit Power Level (Octet 10 - Bit 2)                                   
          Set Controller To Host Flow Control (Octet 10 - Bit 5)                         
          Host Buffer Size (Octet 10 - Bit 6)                                            
          Host Number of Completed Packets (Octet 10 - Bit 7)                            
          Read Local Version Information (Octet 14 - Bit 3)                              
          Read Local Supported Features (Octet 14 - Bit 5)                               
          Read BD ADDR (Octet 15 - Bit 1)                                                
          Set Event Mask Page 2 (Octet 22 - Bit 2)                                       
          LE Set Event Mask (Octet 25 - Bit 0)                                           
          LE Read Buffer Size (Octet 25 - Bit 1)                                         
          LE Read Local Supported Features (Octet 25 - Bit 2)                            
          LE Set Random Address (Octet 25 - Bit 4)                                       
          LE Set Advertising Parameters (Octet 25 - Bit 5)                               
          LE Read Advertising Channel TX Power (Octet 25 - Bit 6)                        
          LE Set Advertising Data (Octet 25 - Bit 7)                                     
          LE Set Scan Response Data (Octet 26 - Bit 0)                                   
          LE Set Advertise Enable (Octet 26 - Bit 1)                                     
          LE Set Scan Parameters (Octet 26 - Bit 2)                                      
          LE Set Scan Enable (Octet 26 - Bit 3)                                          
          LE Create Connection (Octet 26 - Bit 4)                                        
          LE Create Connection Cancel (Octet 26 - Bit 5)                                 
          LE Read White List Size (Octet 26 - Bit 6)                                     
          LE Clear White List (Octet 26 - Bit 7)                                         
          LE Add Device To White List (Octet 27 - Bit 0)                                 
          LE Remove Device From White List (Octet 27 - Bit 1)                            
          LE Connection Update (Octet 27 - Bit 2)                                        
          LE Set Host Channel Classification (Octet 27 - Bit 3)                          
          LE Read Channel Map (Octet 27 - Bit 4)                                         
          LE Read Remote Used Features (Octet 27 - Bit 5)                                
          LE Encrypt (Octet 27 - Bit 6)                                                  
          LE Rand (Octet 27 - Bit 7)                                                     
          LE Start Encryption (Octet 28 - Bit 0)                                         
          LE Long Term Key Request Reply (Octet 28 - Bit 1)                              
          LE Long Term Key Request Neg Reply (Octet 28 - Bit 2)                          
          LE Read Supported States (Octet 28 - Bit 3)                                    
          LE Receiver Test (Octet 28 - Bit 4)                                            
          LE Transmitter Test (Octet 28 - Bit 5)                                         
          LE Test End (Octet 28 - Bit 6)                                                 
          Read Authenticated Payload Timeout (Octet 32 - Bit 4)                          
          Write Authenticated Payload Timeout (Octet 32 - Bit 5)                         
          LE Remote Connection Parameter Request Reply (Octet 33 - Bit 4)                
          LE Remote Connection Parameter Request Negative Reply (Octet 33 - Bit 5)       
          LE Set Data Length (Octet 33 - Bit 6)                                          
          LE Read Suggested Default Data Length (Octet 33 - Bit 7)                       
          LE Write Suggested Default Data Length (Octet 34 - Bit 0)                      
          LE Add Device To Resolving List (Octet 34 - Bit 3)                             
          LE Remove Device From Resolving List (Octet 34 - Bit 4)                        
          LE Clear Resolving List (Octet 34 - Bit 5)                                     
          LE Read Resolving List Size (Octet 34 - Bit 6)                                 
          LE Read Peer Resolvable Address (Octet 34 - Bit 7)                             
          LE Read Local Resolvable Address (Octet 35 - Bit 0)                            
          LE Set Address Resolution Enable (Octet 35 - Bit 1)                            
          LE Set Resolvable Private Address Timeout (Octet 35 - Bit 2)                   
          LE Read Maximum Data Length (Octet 35 - Bit 3)                                 
          LE Read PHY (Octet 35 - Bit 4)                                                 
          LE Set Default PHY (Octet 35 - Bit 5)                                          
          LE Set PHY (Octet 35 - Bit 6)                                                  
          LE Enhanced Receiver Test (Octet 35 - Bit 7)                                   
          LE Enhanced Transmitter Test (Octet 36 - Bit 0)                                
          LE Read Transmit Power (Octet 38 - Bit 7)                                      
          LE Set Privacy Mode (Octet 39 - Bit 2)                                         


# BT_HCI_OP_READ_LOCAL_EXT_FEATURES       BT_OP(BT_OGF_INFO, 0x0004) 
$ hcitool cmd 04 04                                                          

< HCI Command: Read Local Extended Features (0x04|0x0004) plen 0  #119 [hci0] 865.683100 
        invalid packet size                                                              
> HCI Event: Command Complete (0x0e) plen 4                       #120 [hci0] 865.684035 
      Read Local Extended Features (0x04|0x0004) ncmd 1                                  
        Status: Unknown HCI Command (0x01)                                               





I've wen't over ninja menuconfig options and all config options seem to be set correctly to enable BLE PHY changes, Bluez 5.50 doesn't seem to be the problem because it just passes the bytes back and forth so what else could be the key to enable BLE PHY CODED scanning and advertising in HCI UART example?


------
Update after more attempts.

I've tried this multiple times but can't get to PHY CODED BLE scanning or even any result when trying to change the radio settings. 
I'm on the master branch of Zephyr and Bluez, kernel 4.15 and nRF52840 running hci_uart example also from Zephyr master branch.
Even the btmgmt "phy" command fails when trying to do anything around coding:

@ MGMT Command: Set PHY Configuration (0x0045) plen 4    
        Selected PHYs: 0x6000
          LE CODED TX
          LE CODED RX
@ MGMT Event: Command Status (0x0002) plen 3             
      Set PHY Configuration (0x0045)
        Status: Unknown Command (0x01)


Config for the project is also in line with what I've found in this mailing list:

CONFIG_CONSOLE=n
CONFIG_STDOUT_CONSOLE=n
CONFIG_UART_CONSOLE=n
CONFIG_GPIO=y
CONFIG_SERIAL=y
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_UART_0_NRF_FLOW_CONTROL=y
CONFIG_MAIN_STACK_SIZE=512
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512
CONFIG_BT=y
CONFIG_BT_HCI_RAW=y
CONFIG_BT_MAX_CONN=16
CONFIG_BT_TINYCRYPT_ECC=n
CONFIG_BT_CTLR_DTM_HCI=y
CONFIG_BT_CTLR_ASSERT_HANDLER=y
 
CONFIG_BT_CONN=y
CONFIG_BT_CTLR_PHY=y
CONFIG_BT_CTLR_PHY_CODED=y
CONFIG_BT_PHY_UPDATE=y
CONFIG_BT_AUTO_PHY_UPDATE=y
CONFIG_BT_CTLR_TX_BUFFER_SIZE=251
CONFIG_BT_RX_BUF_LEN=258
CONFIG_BT_CTLR_DATA_LENGTH_MAX=251
 

Has anyone ever made this work?


Johan Hedberg
 

Hi,

On 3 Apr 2019, at 13.17, piotr@... wrote:
@ MGMT Command: Set PHY Configuration (0x0045) plen 4
Selected PHYs: 0x6000
LE CODED TX
LE CODED RX
@ MGMT Event: Command Status (0x0002) plen 3
Set PHY Configuration (0x0045)
Status: Unknown Command (0x01)
Notice that these are MGMT commands and events, i.e. just communication between BlueZ user space and the Linux kernel and not directly related to the controller. The Set PHY Configuration MGMT command was introduced in Linux 4.19, so it seems like you may have a too old kernel.

Johan


Johan Hedberg
 

Hi,

On 3 Apr 2019, at 13.17, piotr@... wrote:
# BT_HCI_OP_READ_LOCAL_EXT_FEATURES BT_OP(BT_OGF_INFO, 0x0004)
$ hcitool cmd 04 04

< HCI Command: Read Local Extended Features (0x04|0x0004) plen 0 #119 [hci0] 865.683100
invalid packet size
HCI Event: Command Complete (0x0e) plen 4 #120 [hci0] 865.684035
Read Local Extended Features (0x04|0x0004) ncmd 1
Status: Unknown HCI Command (0x01)
HCI_Read_Local_Extended_Features is a BR/EDR-only command, which is why you are getting this response from the LE-only controller. You’ll also see that it’s not listed in the supported commands response.

Johan


piotr@...
 
Edited

Hello Johan,
 
Thank you for your response. Following your suggestion I've updated my kernel to 4.20 and there is a change in behavior though I don't see LE CODED  scanning to be working + btmgmt behavior is bit odd which I document below:
 
For testing the PHY changes via btmgmt I've ran this script (added #1-9 to later reference them in btmon logs):
 
#!/bin/bash
# This is where my bluez@master is at
HCITOOL=~/tmp/bluez/tools/hcitool
BTMGMT=~/tmp/bluez/tools/btmgmt
 
echo "Set 1M"
${BTMGMT} phy LE1MTX LE1MRX  #1
sleep 1
${BTMGMT} phy #2
 
echo "Set 2M"
${BTMGMT} phy LE2MTX LE2MRX #3
sleep 1
${BTMGMT} phy #4
sleep 1
 
echo "Set Coded"
${BTMGMT} phy LECODEDTX LECODEDRX #5
sleep 1
${BTMGMT} phy #6
sleep 1
 
echo "Set coded manually"
${HCITOOL} cmd 08 32 #7
${HCITOOL} cmd 08 31 03 04 04 &8
sleep 1
echo "Now it's ok"
${BTMGMT} phy #9
 
 
The btmon output is the following (I've added separators for where each command from the script above was called):
 
 
Bluetooth monitor ver 5.50
= Note: Linux version 4.20.0-042000-generic (x86_64)                   0.300394
= Note: Bluetooth subsystem version 2.22                               0.300400
= New Index: 00:00:00:00:00:00 (Primary,UART,hci0)              [hci0] 0.300402
= Open Index: 00:00:00:00:00:00                                 [hci0] 0.300402
= Index Info: 00:00:00:00:00:00 (not assigned)                  [hci0] 0.300403
@ MGMT Open: bluetoothd (privileged) version 1.14             {0x0003} 0.300404
@ MGMT Open: bluetoothd (privileged) version 1.14             {0x0001} 0.300405
@ MGMT Open: btmon (privileged) version 1.14                  {0x0002} 0.300660
 
${BTMGMT} phy LE1MTX LE1MRX #1
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 3.097362
@ MGMT Command: Set PHY Configuration (0x0045) plen 4  {0x0004} [hci0] 3.097470
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
< HCI Command: LE Set Default PHY (0x08|0x0031) plen 3       #1 [hci0] 3.097522
        All PHYs preference: 0x00
        TX PHYs preference: 0x01
          LE 1M
        RX PHYs preference: 0x01
          LE 1M
> HCI Event: Command Complete (0x0e) plen 4                  #2 [hci0] 3.098708
      LE Set Default PHY (0x08|0x0031) ncmd 1
        Status: Success (0x00)
@ MGMT Event: Command Complete (0x0001) plen 3         {0x0004} [hci0] 3.098827
      Set PHY Configuration (0x0045) plen 0
        Status: Success (0x00)
@ MGMT Event: PHY Configuration Cha.. (0x0026) plen 4  {0x0002} [hci0] 3.098853
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
@ MGMT Event: PHY Configuration Cha.. (0x0026) plen 4  {0x0003} [hci0] 3.098853
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
@ MGMT Event: PHY Configuration Cha.. (0x0026) plen 4  {0x0001} [hci0] 3.098853
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
@ MGMT Close: btmgmt                                          {0x0004} 3.099048
 
${BTMGMT} phy #2
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 4.104949
@ MGMT Command: Get PHY Configuration (0x0044) plen 0  {0x0004} [hci0] 4.105111
@ MGMT Event: Command Complete (0x0001) plen 15        {0x0004} [hci0] 4.105122
      Get PHY Configuration (0x0044) plen 12
        Status: Success (0x00)
        Supported PHYs: 0x7e00
          LE 1M TX
          LE 1M RX
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Configurable PHYs: 0x7800
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
@ MGMT Close: btmgmt                                          {0x0004} 4.105236
 
${BTMGMT} phy LE2MTX LE2MRX #3
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 4.108783
@ MGMT Command: Set PHY Configuration (0x0045) plen 4  {0x0004} [hci0] 4.108954
        Selected PHYs: 0x1800
          LE 2M TX
          LE 2M RX
@ MGMT Event: Command Status (0x0002) plen 3           {0x0004} [hci0] 4.108965
      Set PHY Configuration (0x0045)
        Status: Invalid Parameters (0x0d)
@ MGMT Close: btmgmt                                          {0x0004} 4.109075
 
${BTMGMT} phy #4
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 5.116776
@ MGMT Command: Get PHY Configuration (0x0044) plen 0  {0x0004} [hci0] 5.116920
@ MGMT Event: Command Complete (0x0001) plen 15        {0x0004} [hci0] 5.116931
      Get PHY Configuration (0x0044) plen 12
        Status: Success (0x00)
        Supported PHYs: 0x7e00
          LE 1M TX
          LE 1M RX
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Configurable PHYs: 0x7800
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
@ MGMT Close: btmgmt                                          {0x0004} 5.117054
 
${BTMGMT} phy LECODEDTX LECODEDRX #5
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 6.124056
@ MGMT Command: Set PHY Configuration (0x0045) plen 4  {0x0004} [hci0] 6.124241
        Selected PHYs: 0x6000
          LE CODED TX
          LE CODED RX
@ MGMT Event: Command Status (0x0002) plen 3           {0x0004} [hci0] 6.124251
      Set PHY Configuration (0x0045)
        Status: Invalid Parameters (0x0d)
@ MGMT Close: btmgmt                                          {0x0004} 6.124351
 
${BTMGMT} phy #6
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 7.131377
@ MGMT Command: Get PHY Configuration (0x0044) plen 0  {0x0004} [hci0] 7.131551
@ MGMT Event: Command Complete (0x0001) plen 15        {0x0004} [hci0] 7.131561
      Get PHY Configuration (0x0044) plen 12
        Status: Success (0x00)
        Supported PHYs: 0x7e00
          LE 1M TX
          LE 1M RX
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Configurable PHYs: 0x7800
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Selected PHYs: 0x0600
          LE 1M TX
          LE 1M RX
@ MGMT Close: btmgmt                                          {0x0004} 7.131922
@ RAW Open: hcitool (privileged) version 2.22                 {0x0004} 8.138584
@ RAW Close: hcitool                                          {0x0004} 8.138654
@ RAW Open: hcitool (privileged) version 2.22                 {0x0004} 8.138690
@ RAW Close: hcitool                                          {0x0004} 8.138700
 
${HCITOOL} cmd 08 32 #7
 
@ RAW Open: hcitool (privileged) version 2.22          {0x0004} [hci0] 8.138735
< HCI Command: LE Set PHY (0x08|0x0032) plen 0               #3 [hci0] 8.138854
        invalid packet size
> HCI Event: Command Status (0x0f) plen 4                    #4 [hci0] 8.139762
      LE Set PHY (0x08|0x0032) ncmd 1
        Status: Unsupported Feature or Parameter Value (0x11)
@ RAW Close: hcitool                                   {0x0004} [hci0] 8.139915
@ RAW Open: hcitool (privileged) version 2.22                 {0x0004} 8.143334
@ RAW Close: hcitool                                          {0x0004} 8.143388
@ RAW Open: hcitool (privileged) version 2.22                 {0x0004} 8.143425
@ RAW Close: hcitool                                          {0x0004} 8.143436
 
${HCITOOL} cmd 08 31 03 04 04 #8
 
@ RAW Open: hcitool (privileged) version 2.22          {0x0004} [hci0] 8.143472
< HCI Command: LE Set Default PHY (0x08|0x0031) plen 3       #5 [hci0] 8.143606
        All PHYs preference: 0x03
          No TX PHY preference
          No RX PHY preference
        TX PHYs preference: 0x04
          LE Coded
        RX PHYs preference: 0x04
          LE Coded
> HCI Event: Command Complete (0x0e) plen 4                  #6 [hci0] 8.144779
      LE Set Default PHY (0x08|0x0031) ncmd 1
        Status: Success (0x00)
@ RAW Close: hcitool                                   {0x0004} [hci0] 8.144922
 
${BTMGMT} phy #9
 
@ MGMT Open: btmgmt (privileged) version 1.14                 {0x0004} 9.151090
@ MGMT Command: Get PHY Configuration (0x0044) plen 0  {0x0004} [hci0] 9.151272
@ MGMT Event: Command Complete (0x0001) plen 15        {0x0004} [hci0] 9.151282
      Get PHY Configuration (0x0044) plen 12
        Status: Success (0x00)
        Supported PHYs: 0x7e00
          LE 1M TX
          LE 1M RX
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Configurable PHYs: 0x7800
          LE 2M TX
          LE 2M RX
          LE CODED TX
          LE CODED RX
        Selected PHYs: 0x6000
          LE CODED TX
          LE CODED RX
@ MGMT Close: btmgmt                                          {0x0004} 9.151400
 
 
 
As you see only operation #8 actually changed the PHY settings as reported by btmgmt. This might have something to do with bluez itself, not sure. I'm ok with using hcitool and sending raw commands via hcitool to change the PHY. The thing is that even after changing the PHY to CODED, when I start LE scan I don't get anything even though I have S=8 CODED advertisers around me which also scan each other. I start scanning just by this command:
 
${HCITOOL} cmd 08 0c 01 01 
 
 
Best regards,
PB


Marc Herbert
 


On 5 Apr 2019, at 01:57, piotr@... wrote:

[Edited Message Follows]
[Reason: Formatting changes after being able to post back to my own thread instead of private reply which is the only available through web interface]

There's a "Group Reply" button in the bottom right-corner. It took me while to find because you can see it only *after* clicking "Reply", that's an unusual interface.






Piotr Barszczewski <piotr@...>
 

Is there anything else I could check to make it work?