TC BLE Single Connection SDK

SDK Overview

This BLE SDK supplies demonstration code for BLE slave/master single connection development, based on which user can develop his own application program.

Applicable IC

The following IC models are supported:

B85 Series: The TLSR8251, TLSR8253, and TLSR8258 hardware modules are fundamentally consistent, with only minor differences in SRAM and Flash sizes.
B87 Series: The TLSR8238, TLSR8271, TLSR8273, and TLSR8278 hardware modules are fundamentally consistent, with only minor differences in SRAM and Flash sizes.
TC321x Series: A newly added chip series that supports similar functionality to the B85 and B87 series but features different hardware characteristics and optimizations.

For specific details, please refer to the respective chip datasheet.

Software architecture

Software architecture for this BLE SDK includes application (APP) layer and BLE protocol stack.

Figure below shows the file structure after the SDK project is imported in IDE, which mainly contains 10 top-layer folders below: "algorithm", "application", "boot", "common", "drivers", "proj_lib", "project", "script", "stack" and "vendor".

SDK File Structure

Algorithm: This folder contains functions related to encryption algorithms, including general algorithm interfaces, encryption algorithms, and sub-modules such as Elliptic Curve Cryptography (ECC).
Application: This folder contains general application program, including:
- app: USB processing related functions
- audio: Audio processing related functions
- keyboard: Keyboard processing functions
- print: Printing functions
- usbstd: USB standard device class related functions
boot: This folder contains software bootloader for chip, i.e., assembly code after MCU power on or deepsleep wakeup, so as to establish environment for C program running. Includes bootloader files for the B85 series, B87 series, and TC321X series chips.
common: This folder contains generic handling functions across platforms, e.g. SRAM handling function, string handling function, and etc. Also includes the config subdirectory, which stores user configuration files.
drivers: This folder contains hardware configuration and peripheral drivers closely related to MCU, e.g. clock, flash, i2c, usb, gpio, uart. Provides corresponding drivers for different chip series (B85, B87, and TC321x).
proj_lib: Stores the library files required for SDK operation, including:
- liblt_2p4g.a: 2.4GHz protocol stack library
- liblt_825x.a: B85 series chip library, including BLE protocol stack
- liblt_827x.a: B87 series chip library, including BLE protocol stack
- liblt_general_stack.a: General protocol stack library
- liblt_tc321x.a: TC321x series chip library, including BLE protocol stack
- libfirmware_encrypt.a: Firmware encryption library

Files such as the BLE protocol stack, RF driver, and PM driver are encapsulated within the library files; source files are not visible to the user.

project: Stores project engineering files and compilation-related configurations.
script: Stores script files used to assist the development and build processes.
stack: Stores header files related to the protocol stack, including:
- 2p4g: 2.4GHz protocol stack related header files
- ble: BLE protocol stack related header files, including sub-modules such as controller, debug, device, hci, host, and service

The source files are compiled into library files and are not visible to users.

vendor: Used to store user application layer code and various demo projects, including:
- ble_feature_test: BLE feature test demo
- ble_hci: BLE HCI demo
- ble_master_kma_dongle: BLE master device demo (not supported by some chips, such as TC321x series).
- ble_module: BLE module demo
- ble_remote: BLE remote control demo
- ble_sample: BLE simple example demo
- ble_slave_2_4g: BLE slave + 2.4GHz dual-mode demo
- 2p4g_feature: 2.4GHz feature demo
- 2p4g_genfsk_ll: 2.4GHz generic FSK demo
- 2p4g_tpll: 2.4GHz TPLL demo
- 2p4g_tpsll: 2.4GHz TPSLL demo
- common: Common code and configurations

main.c

The “main.c” file includes main function entry, system initialization functions and endless loop “while(1)”. It is recommended not to make any modifications to this file and to use the inherent implementation as provided.

_attribute_ram_code_ int main (void)    //should run in ram_code
{

    DBG_CHN0_LOW;   //debug

    blc_pm_select_internal_32k_crystal();

    #if(MCU_CORE_TYPE == MCU_CORE_825x)
        cpu_wakeup_init();
    #else
        cpu_wakeup_init(LDO_MODE,INTERNAL_CAP_XTAL24M);
    #endif

    int deepRetWakeUp = pm_is_MCU_deepRetentionWakeup();  //MCU deep retention wakeUp

    rf_drv_ble_init();

    gpio_init(!deepRetWakeUp);  //analog resistance will keep available in deepSleep mode, so no need initialize again

    clock_init(SYS_CLK_TYPE);

    if( deepRetWakeUp ){
        user_init_deepRetn();
    }
    else{
        user_init_normal();
    }


        irq_enable();

    while (1) {
        #if (MODULE_WATCHDOG_ENABLE)
            wd_clear(); //clear watch dog
        #endif

        main_loop ();
    }
}

app_config.h

User configuration file, used to configure various system parameters, including BLE configurations, hardware settings, PM (Power Management) low-power settings, and debug options.

In the SDK, the app_config.h file implements configuration selection for different projects through conditional compilation structures. The common/config/user_config.h file includes the specific app_config.h for the corresponding project based on defined project macros:

#if (__PROJECT_8258_BLE_REMOTE__ || __PROJECT_8278_BLE_REMOTE__|| __PROJECT_TC321X_BLE_REMOTE__)
    #include "vendor/ble_remote/app_config.h"
#elif (__PROJECT_8258_BLE_SAMPLE__ || __PROJECT_8278_BLE_SAMPLE__ || __PROJECT_TC321X_BLE_SAMPLE__)
    #include "vendor/ble_sample/app_config.h"
#elif (__PROJECT_8258_MODULE__ || __PROJECT_8278_MODULE__ || __PROJECT_TC321X_MODULE__)
    #include "vendor/ble_module/app_config.h"
#else
    #include "vendor/common/default_config.h"
#endif

This structure allows each demo project to maintain its own independent configuration file while ensuring centralized management of the overall configurations.

Detailed explanations for each parameter in app_config.h are provided later in the respective module descriptions.

Application File

"app.c": User file for BLE protocol stack initialization, data processing and low power management.
"app_att.c" of BLE slave project: configuration files for services and profiles. Contains the Telink-defined Attribute structure, which provides related Attributes such as GATT, standard HID, private OTA, and MIC. These can be referenced to add custom services and profiles.
UI task files: IR (Infrared Radiation), battery detect, and other user tasks.

BLE Stack Entry

There are two entry functions in BLE stack code of Telink BLE SDK.

(1) BLE related interrupt handling entry irq_blt_sdk_handler in irq_handler function of the main.c file.

_attribute_ram_code_ void irq_handler(void)
{
    irq_blt_sdk_handler();
}

(2) BLE logic and data handling entry "irq_blt_sdk_handler" in "main_loop" of the application file.

_attribute_no_inline_ void main_loop(void)
{   
///////////////////// BLE entry ////////////////////////////
    blt_sdk_main_loop();
////////////////////// UI entry ////////////////////////////
    ......
////////////////////// PM process ////////////////////
    ......
}

Software Bootloader

The software bootloader files are stored in the SDK/boot/ directory. In version V3.4.2.4, the software bootloader files and link files have been streamlined, and automatic configuration has been added. Users experienced with older versions are advised to read the following introduction in detail.

Software Bootloader for versions prior to SDK V3.4.2.4

In older versions, the SDK/boot/ directory is as follows:

Bootloader and boot.link path for different ICs in versions prior to V3.4.2.4

Each IC corresponds to two software bootloader files, which enable 16KB deep retention and 32KB deep retention respectively (for the introduction of deep retention, please refer to the chapter of "Low Power Management"). Since the TLSR8273 and TLSR8278 have the same boot file and link file, the TLSR8278 configuration is used uniformly.

Take cstartup_8258_RET_16K.S as an example, the first sentence #ifdef MCU_STARTUP_8258_RET_16K illustrates that the bootloader takes effect only when MCU_STARTUP_8258_RET_16K is defined by user.

Users can choose different software bootloader according to the actual IC used and whether to use the deep retention (16KB or 32KB) function.

The default configuration of the project in B85 BLE SDK is TLSR8258 with SRAM size 64KB, deepsleep retention 16KB SRAM, i.e. the corresponding software bootloader and link files are cstartup_8258_RET_16K.S and boot_16k_retn_8251_8253_8258.link respectively. Users need to manually modify their configuration according to the type of chip they use and the evaluation of Retention size.

Take 8258_ble_remote as an example to illustrate how to change the software bootloader of TLSR8258 to deepsleep retention 32KB SRAM:

Step 1 Define -DMCU_STARTUP_8258_RET_32K in the 8258_ble_remote project settings as shown in the following figure.

Software Bootloader Setting in Versions Prior to V3.4.2.4

Note

According to the previous introduction, the hardware of TLSR8251, TLSR8253 and TLSR8258 in the B85/B87 series is the same, and the hardware of TLSR8271, TLSR8238, TLSR8273 and TLSR8278 is the same, but the SRAM size is different, so users need to modify the boot.link file in the root directory of the SDK after choosing different software bootloader files (according to the correspondence in the following table, replace the contents of the link file in the SDK root directory). The software bootloader and boot.link selection for different ICs are shown in the following table.

IC	16KB retention	32KB retention
TLSR8251	boot_16k_retn_8251_8253_8258.link cstartup_8251_RET_16K.S	boot_32k_retn_8251.link cstartup_8251_RET_32K.S
TLSR8253	boot_16k_retn_8251_8253_8258.link cstartup_8253_RET_16K.S	boot_32k_retn_8253_8258.link cstartup_8253_RET_32K.S
TLSR8258	boot_16k_retn_8251_8253_8258.link cstartup_8258_RET_16K.S	boot_32k_retn_8253_8258.link cstartup_8258_RET_32K.S
TLSR8271	boot_16k_retn_8271_8278.link cstartup_8271_RET_16K.S	boot_32k_retn_8271.link cstartup_8271_RET_32K.S
TLSR8238	boot_16k_retn_8238.link cstartup_8238_RET_16K.S	boot_32k_retn_8238.link cstartup_8238_RET_32K.S
TLSR8273	boot_16k_retn_8271_8278.link cstartup_8278_RET_32K.S	boot_32k_retn_8278.link cstartup_8278_RET_32K.S
TLSR8278	boot_16k_retn_8271_8278.link cstartup_8278_RET_32K.S	boot_32k_retn_8278.link cstartup_8278_RET_32K.S

Step 2 Based on the example above and the mapping table, the software bootloader file is cstartup_8258_RET_32K.S. You need to replace the boot.link in the SDK root directory with the SDK/boot/boot_32k_retn_8253_8258.link file.

Inside the user_init() API, call the following API after blc_ll_initPowerManagement_module() to configure the hardware Retention area: blc_pm_setDeepsleepRetentionType(DEEPSLEEP_MODE_RET_SRAM_LOW32K).

Software Bootloader for SDK v3.4.2.4 and Later Versions

As with previous versions, the software bootloader files are stored in the SDK/boot/ directory:

Bootloader and boot.link path for different ICs in the new version

The TLSR825x, TLSR827x, and TC321x series ICs correspond to different software bootloader files, which are cstartup_825x.S, cstartup_827x.S, and cstartup_TC321X.S respectively. Users configure the SRAM size in the .S file by selecting different chips. All B85/B87/TC321x ICs use the same link file in the new version.

Taking cstartup_825x.S as an example:

#define SRAM_BASE_ADDR      (0x840000)
#define SRAM_32K            (0x8000)    //32K SRAM
#define SRAM_48K            (0xc000)    //48K SRAM
#define SRAM_64K            (0x10000)   //64K SRAM

#if (MCU_STARTUP_8258)
    #define SRAM_SIZE       (SRAM_BASE_ADDR + SRAM_64K)
#elif (MCU_STARTUP_8253)
    #define SRAM_SIZE       (SRAM_BASE_ADDR + SRAM_48K)
#elif (MCU_STARTUP_8251)
    #define SRAM_SIZE       (SRAM_BASE_ADDR + SRAM_32K)
#endif

#ifndef SRAM_SIZE
#define SRAM_SIZE           (SRAM_BASE_ADDR + SRAM_64K)
#endif

The default configuration used by projects in the B85 BLE SDK is for the TLSR8258 with a 64KB SRAM size. Users need to manually modify this configuration based on the specific chip type they are using.

Using 8251_ble_sample as an example, this section explains how to modify the SRAM size defined in the bootloader.

Define -DMCU_STARTUP_8251 in the 8251_ble_sample project settings, as shown in the figure below. Other legacy flags, such as MCU_STARTUP_8258_RET_16K, MCU_STARTUP_8258_RET_32K, etc., are no longer in use.

Software bootloader settings in the new version

In the new version, the Retention size can be set automatically via the API blc_app_setDeepsleepRetentionSramSize(). The mechanism works by checking _retention_size_ to determine the RAM usage at the end of the current retention_data section. If it is less than 16KB, the program sets it to Retention 16KB SRAM mode; if it exceeds 16KB but is less than 32KB, the program automatically switches to Retention 32KB SRAM mode; if it exceeds 32KB, the program reports an error during the compilation stage.

The judgment code in blc_app_setDeepsleepRetentionSRAMSize() is as follows:

if (((u32)&_retention_size_) < 0x4000){
    blc_pm_setDeepsleepRetentionType(DEEPSLEEP_MODE_RET_SRAM_LOW16K); //retention size < 16k, use 16k deep retention
}
else if (((u32)&_retention_size_) < 0x8000){
    blc_pm_setDeepsleepRetentionType(DEEPSLEEP_MODE_RET_SRAM_LOW32K); //retention size < 32k and >16k, use 32k deep retention
}
else{
    /* retention size > 32k, overflow. deep retention size setting err*/
    #if (UART_PRINT_DEBUG_ENABLE)
        tlkapi_printf(APP_LOG_EN, "[APP][INI] deep retention size setting err");
    #endif
}

The error prompt when the Retention size exceeds 32KB is shown below:

Error prompt when deepsleep retention size exceeds 32K

Demo codes

Telink BLE SDK provides users with multiple BLE and 2.4GHz demos.

Users can observe intuitive effects by running the software and hardware demo. Users can also modify the demo code to complete their own application development. Demo codes path is shown as below.

BLE SDK demo code

BLE Slave Demo

BLE slave demos and their differences are shown in the table below.

Demo	Stack	Application	MCU Function
ble hci	BLE controller	No	BLE controller, only Advertising and one Slave connection
ble module	BLE controller + host	Application on main MCU	BLE transparent transmission module
ble remote	BLE controller + host	Remote control application	Main MCU
ble sample	BLE controller + host	Simplest slave demo, advertising and connection functions	Main MCU
ble feature test	BLE controller + host	Collection of various features	Main MCU
ble slave_2_4g	BLE controller + host	BLE slave + 2.4GHz dual-mode function	Main MCU
ble slave_2_4g_switch	BLE controller + host	BLE slave + 2.4GHz switchable dual-mode function	Main MCU

The ble hci is a BLE slave controller. It provides a UART-based HCI to communicate with a host on another MCU, forming a complete BLE slave system.

The ble module functions only as a BLE pass-through module. It communicates with the main MCU via a UART interface, and application code is generally written on the main MCU.

The ble module implements functionality to control relevant status changes through the pass-through module.

The ble remote is a remote controller demo based on a complete slave role. It includes features such as Flash write protection, low voltage detection, key scanning, NEC format IR transmission, OTA updates, application-layer power management, Bluetooth control, voice transmission, and IR learning. Users can use this project to understand the structure of a basic use case and how most features are implemented at the application layer.

Note

Due to the high RAM consumption of voice, IR, and IR learning features, for SDK versions prior to V3.4.2.4, the B85/B87 remote should be manually configured to use the 32k retention setting and recompiled when these functions are enabled.

The ble sample is a simplified version of ble remote, capable of pairing and connecting with standard BLE Master devices.

The ble slave_2_4g and ble_slave_2_4g_switch are demos featuring BLE slave and 2.4GHz dual-mode capabilities, allowing for switching between BLE and 2.4GHz modes or simultaneous operation.

BLE master demo

The ble master kma dongle is a BLE Master single-connection demo, which can establish connections and communicate with slave devices such as ble sample, ble remote, or ble module.

In slave projects like ble remote and ble sample, the corresponding Library provides a complete BLE Stack (Master and Slave share the same library), containing the BLE Controller and BLE Host. Users only need to write application code at the App layer, relying entirely on the APIs provided by the Controller and Host, without needing to concern themselves with the underlying processing of the BLE Host.

In the Library of the new SDK version, although the Slave and Master libraries have been combined into one, ble master kma dongle only invokes the standard BLE Controller functions within the library during compilation. The Library itself does not provide standard Master-side Host functions. Therefore, the ble master kma dongle Demo provides a reference BLE Host implementation at the App layer, covering ATT, a simple SDP (Service Discovery Protocol), and the most commonly used SMP (Security Manager Protocol).

The most complex functionality of a BLE Master lies in performing complete Service Discovery on Slave devices and identifying all services, which is typically only fully implemented in Android or Linux systems. Limited by the Flash and SRAM size of the Telink IC, the chip cannot provide universal full-scale Service Discovery. However, the SDK exposes all necessary ATT interfaces; users can refer to the discovery process of ble master kma dongle for ble remote to implement traversal and identification targeting specific services.

Feature Demo

The ble_feature_test provides demo code for some common BLE-related features, and users can refer to these demos to complete their own functional implementations. The BLE section of this document introduces all the features.

In feature_config.h within the ble_feature_test project, the macro "FEATURE_TEST_MODE" can be selectively defined to switch to Demos of different features.

2.4GHz Demo

The SDK also provides several demos related to 2.4GHz protocols:

2p4g_genfsk_ll: Generic FSK low-level protocol demo, implementing basic 2.4GHz communication functions
2p4g_tpll: TPLL protocol demo, implementing a specific communication protocol
2p4g_tpsll: TPSLL protocol demo, implementing another specific communication protocol
2p4g_feature: 2.4GHz feature collection demo, containing various 2.4G application scenarios
2p4g_feature_test: 2.4GHz feature test demo, used for testing various 2.4GHz features

These demos demonstrate the capabilities of the SDK in 2.4GHz communication, and users can select the appropriate demo as a development starting point according to their needs.

Driver Demo

The Driver demo is not provided in the new version of the SDK, users can refer to the sample code in the corresponding Platform SDK.

MCU Basic Modules

MCU Address Space

MCU Address Space Allocation

Taking the typical 64KB SRAM version as an example, the MCU address space allocation is introduced. As shown in the figure below.

The maximum addressing space of the Telink B85/B87/TC321X MCU is 16MB:

The 8MB space from 0 to 0x7FFFFF is the program space, meaning the maximum program capacity is 8MB.
0x800000 to 0xFFFFFF is the external device space: 0x800000~0x80FFFF is the register space; 0x840000~0x84FFFF is the 64KB SRAM space.

MCU Address Space Allocation

When the B85/B87/TC321x MCU is physically addressed, address line BIT (23) is used to distinguish between program space/peripheral space.

When this address is 0, access the program space.
When this address is 1, access the peripheral space.

When the addressing space is peripheral space (BIT(23) is 1), address line BIT(18) is used to distinguish between Registers and SRAM.

When this address is 0, access the register.
When this address is 1, access the SRAM.

SRAM and Firmware Space Allocation

The SRAM space allocation of B85/B87/TC321X is closely related to the deepsleep retention function in the low-power management section; users are requested to first master the knowledge related to deepsleep retention.

The 32KB SRAM address space range is 0x840000 ~ 0x848000, the 48KB SRAM address space range is 0x840000 ~ 0x84C000, and the 64KB SRAM address space range is 0x840000 ~ 0x850000.

Note

In version V3.4.2.4, the software bootloader files and link files have been streamlined, and the layout of some sections has been modified; users who have used older versions are requested to read the following introduction carefully.

Space Allocation of Versions Prior to SDK V3.4.2.4

The figure below illustrates the SRAM space allocation for 32KB, 48KB, and 64KB SRAM chips in 16KB Retention and 32KB Retention modes in the older version.

Note

When the 32KB SRAM chip uses the Deepsleep Retention 32K SRAM mode, the various sections of its SRAM space allocation are dynamically adjusted. Please refer to the corresponding software bootloader and link files for details.

SRAM Space Allocation for Each IC in 16KB and 32KB Retention

Below, the IC 8258 (64KB SRAM) in Deepsleep Retention 16KB SRAM mode is taken as an example to detail the various components of the SRAM area. (Note: For other SRAM sizes or the Deepsleep Retention 32KB SRAM mode, users can deduce by analogy.)

The SRAM and Firmware space allocation under this configuration is shown in the figure below:

SRAM Allocation & Firmware Allocation

The files related to SRAM space allocation in the SDK are boot.link (from the "software bootloader introduction" section we know that the content of boot.link here is the same as the boot_16k_retn_8251_8253_8258.link file) and cstartup_8258_RET_16K.S. (If deepsleep retention 32K SRAM is used, the bootloader corresponds to cstartup_8258_RET_32K.S, and the link file corresponds to boot_32k_retn_8253_8258.link.)

Firmware in Flash includes: vector, ram_code, retention_data, text, rodata, and Data initial value.

In SRAM it includes: vector, ram_code, retention_data, Cache, data, bss, stack, and unused SRAM area.

The vector/ram_code/retention_data in SRAM are copies of the vector/ram_code/retention_data in Flash.

(1) vectors and ram_code

The "vectors" section is the program corresponding to the assembly file software bootloader, which is the software startup code.

The "ram_code" section is the code in Flash Firmware that needs to reside in memory, corresponding to all functions in the SDK with the keyword _attribute_ram_code_ added, such as the flash erase_sector function:

_attribute_ram_code_ void flash_erase_sector(u32 addr);

Functions reside in memory mainly for the following two reasons:

First, certain functions should reside in resident memory (RAM) because they involve timing multiplexing with Flash MSPI pins. If these functions were placed in Flash, it would lead to MSPI timing conflicts and cause system crashes (e.g., all functions related to Flash operations).

Second, functions executed in RAM do not need to be re-fetched from Flash for every invocation, which saves time. Therefore, functions with strict execution time constraints can be kept resident in RAM to improve execution efficiency. The SDK places frequently executed BLE timing-related functions in RAM to reduce execution time, ultimately achieving power conservation.

If users need to make specific functions resident in RAM, they can refer to the implementation of flash_erase_sector by adding the _attribute_ram_code_ keyword before the function declaration. After compilation, it can be confirmed through the .list file that the function has been allocated to the ram_code section.

During the MCU power-on initialization phase, both vector (vector table) and ram_code in the Firmware need to be completely copied to RAM. After compilation, the total size of these two parts is represented by _ramcode_size_. _ramcode_size_ is a linker symbol whose calculation logic is implemented in the boot.link file (as shown below), and its final value equals the sum of the sizes of all instructions in the vector section and the ram_code section.

    . = 0x0;
        .vectors :
        {
        *(.vectors)
        *(.vectors.*)
        }
        .ram_code :
        {
        *(.ram_code)
        *(.ram_code.*)
        }
    PROVIDE(_ramcode_size_ = . );//Calculate actual ramcode size(vector + ram_code)

(2) retention_data

The deepsleep retention mode of B85/B87/TC321X maintains continuous power to the first 16K/32K of SRAM after the MCU enters sleep, thereby ensuring data within this area is not lost due to power loss.

In the program, ordinary global variables are allocated to the .data section or .bss section during default compilation. Since these two sections do not belong to the retention powered area, the contents are lost due to power loss after entering deepsleep retention mode.

If it is necessary to ensure that specific variables can retain their values during deepsleep (especially deepsleep retention mode), they should be explicitly allocated to the retention_data section. The implementation method is to add the _attribute_data_retention_ keyword when defining the variable. The following are application examples:

_attribute_data_retention_   int     AA;
_attribute_data_retention_   unsigned int BB = 0x05;
_attribute_data_retention_   int CC[4];
_attribute_data_retention_   unsigned int DD[4] = {0,1,2,3};

Referring to the subsequent explanations regarding the data and bss sections, it can be seen that: the initial values of global variables in the data section should be pre-stored in Flash; while the initial values of variables in the bss section default to 0, requiring no reserved space in Flash, and the Bootloader directly clears them to zero in SRAM during runtime.

In contrast, the processing mechanism of the retention_data section is different: regardless of whether the initial value of the variable is 0, the compiler unconditionally reserves initial values for it in the retention_data area of Flash. When the system restarts or wakes up from Deep Sleep, this data is copied as a whole to the retention_data area of SRAM.

In terms of memory layout, the retention_data section follows immediately after the ram_code section. That is, the three parts vector, ram_code, and retention_data are stored sequentially at the beginning of Flash, and their total size is defined by the linker symbol _retention_size_.

When the MCU powers on or wakes up from Deep Sleep, vector + ram_code + retention_data is copied as a whole to the starting address of SRAM. During subsequent program execution, as long as the system does not enter a complete power-down mode (i.e., only in Suspend or Deep Sleep Retention mode), this part of the SRAM content remains resident, and the MCU does not need to read from Flash again.

The configuration regarding the retention_data section in the boot.link file is shown as follows:

    . = (0x840000 + (_rstored_));
        .retention_data :
          AT ( _rstored_ )
         {
                . = (((. + 3) / 4)*4);
                PROVIDE(_retention_data_start_ = . );
                *(.retention_data)
                *(.retention_data.*)
                PROVIDE(_retention_data_end_ = . );
 }

The meaning of the above configuration is: when compiling, we see that the variable with the keyword "retention_data" is distributed in the flash firmware with the starting address "_rstored_", and the corresponding address in SRAM is 0x840000 + (_rstored_). The value of "_rstored_" is the end of the "ram_code" section.

When using deepsleep retention 16KB SRAM mode, "retention_size" cannot exceed 16KB, if it exceeds the 16KB limit, user can choose to switch to deepsleep retention 32KB SRAM mode. If the user selects a configuration that uses deepsleep retention 16KB SRAM mode, but the defined "retention_size" exceeds the 16KB limit, the compilation results in the error as shown in the figure below.

Error generated when compiling SDK project

Users can correct the error through any of the following ways:

a. Reduce the amount of data defined with the _attribute_data_retention_ attribute;

b. Choose to switch to Deep Sleep Retention 32KB SRAM mode; for detailed configuration methods, please refer to Section 1.3.

In this version of the SDK, when _retention_size_ does not exceed 16KB (assuming it is 12KB), there is a 4KB "wasteful flash area" (invalid Flash area) on the Flash. In the corresponding Firmware Binary file, it can be seen that the content of the 12KB ~ 16KB area consists entirely of invalid "0"s. After copying to SRAM, there is also a 4KB "wasteful SRAM area" (invalid SRAM area) on the SRAM.

If users do not wish to waste too much Flash/SRAM space, they can appropriately increase custom ram_code and retention_data, migrating functions or variables that were not previously placed in ram_code/retention_data into ram_code/retention_data by adding the corresponding keywords.

(3) Cache

Cache is the Instruction Cache of the MCU and should be mapped to a specific address segment in SRAM to function properly. The size of the Cache is fixed, containing a 256-byte Tag and a 2048-byte Instruction Cache, totaling 0x900 (2.25K).

The code residing in RAM (ram_code) can be directly read and executed from SRAM. However, only a small portion of the code in the Firmware resides in SRAM, while the vast majority of the code remains stored in Flash. Based on the principle of locality of programs, the Cache mechanism can dynamically cache parts of the Flash code:

When the code the CPU needs to execute already exists in the Cache (Cache Hit), it is read and executed directly from the Cache;
If it is not in the Cache, the code is read from Flash, moved to the Cache, and then executed.

The text section in the Firmware does not reside in SRAM; this part of the code conforms to the principle of locality and should be loaded into the Cache during runtime to be executed by the CPU.

The size of the Cache is fixed at 2.25KB, but its starting address in SRAM is configurable. In this version of the SDK, the Cache is configured after the SRAM 16K Retention Area, meaning the starting address is 0x844000 and the ending address is 0x844900.

(4) data / bss

The data segment is used to store initialized global variables in SRAM (i.e., global variables with non-zero initial values), while the bss segment is used to store uninitialized global variables in SRAM (i.e., global variables with an initial value of 0). These two segments are physically contiguous, with the bss segment immediately following the data segment; therefore, they are introduced here as a single unit.

The data and bss segments are placed immediately after the Cache, meaning their starting address corresponds to the Cache's ending address, which is 0x844900 in this version. In the boot.link code, the starting address of the data segment in SRAM is directly defined:

    . = 0x844900;
        .data :

The "data" segment is a global variable that is initialized and its initial value needs to be stored in flash in advance, i.e. the "data initial value" in the Firmware.

(5) data_no_init

To save Retention RAM space, this new data section has been added. The characteristics of this section are: it is located in RAM but does not belong to the Retention area, therefore the initial values of variables are random. This section is dedicated to internal SDK optimization and is not recommended for direct use by users. If the application layer involves the use of this section, it should be strictly guaranteed that: variables have completed explicit assignment before use, and no operations such as Deep Sleep Retention, Deep Sleep, Reboot, or re-powering have occurred between the assignment and use.

(6) stack / unused area

For 64KB SRAM, the stack starts from the highest address 0x850000 (the corresponding address for 48K SRAM is 0x84C000, and for 32K SRAM is 0x848000). Its growth direction extends from high address to low address, meaning the stack pointer SP decrements when data is pushed onto the stack and increments when data is popped from the stack.

By default, the stack usage of the SDK library does not exceed 600 bytes. However, since the actual size of the stack depends on the "deepest" position during runtime, the final usage is closely related to the user's upper-layer program design. If the user uses complex recursive function calls, large local array variables, or enables Secure Connection (the 825x series does not support Public Key Engine, requiring software calculation of Public Key, which consumes more stack space), as well as other situations that may cause deep stack calls, it results in a significant increase in the final stack usage.

When the user's SRAM usage is high, the actual stack usage of the program should be determined. This cannot be statically analyzed solely through the list file; the application should be actually run—ensuring that all code paths in the program that may lead to deep stack calls are covered—to determine the peak usage of the stack by reading the SRAM space.

The unused area is the remaining space between the end address of the data_no_init section and the deepest address of the stack. Only when this space exists (greater than 0) does it indicate that the stack has not conflicted with data_no_init, and the SRAM usage is within a safe range. If the deepest position of the stack overlaps with the bss section (or data_no_init section), it indicates that the SRAM has overflowed.

The end address of the bss section can be found through the list file, thereby determining the maximum available space left for the stack. Users need to analyze whether this space is sufficient and combine it with the above method to check the deepest stack address during runtime to judge whether the SRAM usage exceeds the standard. Detailed analysis methods are provided in the subsequent demo.

(7) text

The text section is a collection of all non-ram_code functions in the Flash Firmware. If a function in the program has the _attribute_ram_code_ declaration added, it is compiled into the ram_code section; other functions without this keyword are all compiled into the text section.

Generally, the text section is the part occupying the largest space in the Firmware, far exceeding the capacity of SRAM. Therefore, it is necessary to utilize the Cache buffering mechanism to pre-load the code to be executed into Cache before it can be executed.

(8) rodata /data init value

Except for vector, ram_code and text, the remaining data in Flash Firmware are rodata segment and data initial value.

The rodata segment is the readable and uneditable data defined in the program, and is a variable defined by the keyword const. For example, the ATT table in Slave.

static const attribute_t my_Attributes[] = ……

The user can see in the corresponding list file that my_Attributes is in the rodata segment.

The data segment introduced earlier is a global variable that has been initialized in the program, for example, the global variable is defined as follows.

int   testValue = 0x1234;

Then the compiler stores the initial value 0x1234 in the data initial value, and when running the bootloader, it copies the initial value to the memory address corresponding to the testValue.

Space Allocation for SDK V3.4.2.4 and Later Versions

The SRAM space allocation of SDK V3.4.2.4 and later versions is the same in principle as the previous versions, except that in order to save space, the original fixed 16KB/32KB retention size is modified to the actual used retention size. This chapter introduces the modified and added parts in the new version in detail.

The figure below illustrates the SRAM space allocation corresponding to 32KB SRAM chips, 48KB SRAM chips, and 64KB SRAM chips in 16k retention and 32k retention modes in the new version. The various segments of SRAM space allocation are dynamically adjusted; for details, please refer to the software bootloader and link files.

SRAM Space Allocation for Each IC in 16KB and 32KB retention in the New Version

In the new version, the size of deepsleep retention can be automatically set via the API blc_app_setDeep sleepRetentionSRAMSize(), which determines the RAM size occupied by the end of the current retention_data section through _retention_size_. If it is less than 16KB, it is automatically set to deepsleep retention 16K SRAM mode; if it exceeds 16KB but is less than 32KB, it is automatically set to deepsleep retention 32K SRAM mode; if it exceeds 32K, an error occurs during the compilation stage.

The judgment code in blc_app_setDeepsleepRetentionSRAMSize() is as follows:

if (((u32)&_retention_size_) < 0x4000){
    blc_pm_setDeepsleepRetentionType(DEEPSLEEP_MODE_RET_SRAM_LOW16K); //retention size < 16k, use 16k deep retention
}
else if (((u32)&_retention_size_) < 0x8000){
    blc_pm_setDeepsleepRetentionType(DEEPSLEEP_MODE_RET_SRAM_LOW32K); //retention size < 32k and >16k, use 32k deep retention
}
else{
    /* retention size > 32k, overflow. deep retention size setting err*/
    #if (UART_PRINT_DEBUG_ENABLE)
        tlkapi_printf(APP_LOG_EN, "[APP][INI] deep retention size setting err");
    #endif
}

Add an assertion in the boot.link file to determine during the compilation stage whether the retention size exceeds 32K.

ASSERT(_retention_size_ * __PM_DEEPSLEEP_RETENTION_ENABLE < 0x8000, "Error: Retention RAM size overflow.");

Among them, __PM_DEEPSLEEP_RETENTION_ENABLE is defined in vendor/common/user_config.c, which equals PM_DEEPSLEEP_RETENTION_ENABLE configured by the user in app_config.h.

The error message when deepsleep retention size exceeds 32KB is:

Error message when deepsleep retention size exceeds 32KB

The following details the SRAM area sections using the IC 8258 with 64KB SRAM size as an example. If the SRAM size is a different value, the user can deduce the details by analogy.

The SRAM and firmware space allocation corresponding to 64KB SRAM is shown in the figure below.

New version SRAM allocation & Firmware space allocation

The files related to SRAM space allocation in the SDK are boot.link and cstartup_825x.S.

The firmware in Flash includes vector, ram_code, retention_data, text, rodata, and data initial value.

In the SRAM it includes vector, ram_code, retention_data, Cache, data, bss, data no initial value, sdk_version, stack, and unused SRAM area.

The vector/ram_code/retention_data in SRAM are copies of vector/ram_code/retention_data in Flash.

(1) vectors and ram_code

The vectors and ram_code sections remain unchanged compared to the previous version. For detailed information, please refer to the section "Space Allocation for SDK Versions Prior to V3.4.2.4".

(2) retention_data

The retention_data section remains unchanged compared to the previous version. For detailed information, please refer to the section "Space Allocation for SDK Versions Prior to V3.4.2.4".

(3) Cache

In the new version, the Cache section is configured after retention_data, with the starting address at _retention_data_size_align_256_. Other parts of the Cache section remain consistent with the previous version. For detailed information, please refer to the section "Space Allocation for SDK Versions Prior to V3.4.2.4".

(4) data / bss

In the new version, the starting address of the data section immediately follows the end address of the Cache, which is 0x840900 + (_retention_data_size_align_256_). The following code from boot.link directly defines the starting address of the data section in SRAM:

    . = (0x840900 + (_retention_data_size_align_256_));
        .data :

The other parts of the data and bss sections remain unchanged compared to the previous version. For detailed information, please refer to the section "Space Allocation for SDK Versions Prior to V3.4.2.4".

(5) data_no_init

The data_no_init section remains unchanged compared to the previous version. For detailed information, please refer to the section "Space Allocation for SDK Versions Prior to V3.4.2.4".

(6) stack / unused area

In the new version, assertions have been added to the boot.link file to determine whether the stack overflows during the compilation stage. The system detects a default size of 600 bytes, which customers can modify according to the actual stack usage in their specific applications.

ASSERT(_ram_use_end_<(__SRAM_SIZE - 600), "Error: RAM size maybe overflow.");

Where “ram_use_end” is the end address of data_no_init.

When a stack overflow occurs, the error message displayed is:

Error Message during Stack Overflow

The remaining portions of the stack/unused area remain unchanged from previous versions. For detailed information, please refer to the subsection “SRAM Space Allocation in SDK Versions Prior to V3.4.2.4”.

(7) text

The text section remains unchanged compared to the previous version. For detailed information, please refer to the section "SRAM Space Allocation for SDK Versions Prior to V3.4.2.4".

(8) rodata / data init value

The rodata and data init value sections remain unchanged compared to the previous version. For detailed information, please refer to the section "SRAM Space Allocation for SDK Versions Prior to V3.4.2.4".

(9) sdk_version

The sdk_version section is a new section introduced in SDK V3.4.2.4, specifically used to store SDK version information within the bin file.

List File Analysis Demo

Here taking the 825x ble sample as an example and analyze it with "SRAM space allocation & Firmware space allocation for SDK v3.4.2.4 and later versions".

In the following analysis, there are several screenshots, all from boot.link, cstartup_825x.S, 825x ble sample.bin and 825x ble sample.lst, please find the file to find the corresponding location of the screenshots by yourself.

The distribution of each section in the list file is shown in the following figure (note the Algn byte alignment):

list file section analysis

Based on the "list file section analysis" figure above, the analysis is as follows:

(1) vector:

The start address of the vector section in flash firmware is 0, the end address is 0x1b0, and the size is 0x1b0. After power-up relocation to SRAM, the address range in SRAM is 0x840000 ~ 0x8401b0.

(2) ram_code:

The start address of the ram_code section is 0x1b0, and the end address is 0x2b60. After power-up relocation to SRAM, the address range in SRAM is 0x8401b0 ~ 0x842b60.

(3) retention_data:

The start address _rstored_ of retention_data in flash is 0x2b60, which is the end of ram_code. Its start address in SRAM is 0x842b60, and the end address is 0x8438bc.

(4) Cache:

The address range of Cache in SRAM is 0x843900 ~ 0x844200. Note that the information regarding Cache is not reflected in the list file.

(5) text:

The start address of the text section in flash firmware is 0x3900, the end address is 0xc78c, and the size is 0x8e8c, which is consistent with the section statistics mentioned above.

(6) rodata:

The start address of the rodata section is 0xc78c (the end address of text), and the end address is 0xd3d0.

(7) data:

The start address of the data section in SRAM is 0x844200 (the end address of Cache). The size given in the Section statistics part of the list file is 0x40.

The end address of this section in SRAM is 0x844240.

(8) bss:

The start address of the bss section in SRAM is 0x844240 (the end address of the data section, 16-byte aligned). The size given in the Section statistics part of the list file is 0x204.

The end address of the bss section in SRAM is 0x844444.

(9) data_no_init:

The start address of the data_no_init section in SRAM is 0x844444 (the end address of the bss section). The size given in the Section statistics part of the list file is 0x300.

(10) sdk_version:

The start address of the sdk_version section in SRAM is 0x844744 (the end address of the data_no_init section). The size given in the Section statistics part of the list file is 0x30.

The end address of the sdk_version section in SRAM is 0x844774. Since sdk_version has no substantial function during actual program execution, this area can be occupied.

The remaining SRAM space is 0x850000 – 0x844744 = 0xb8bc = 47292 Bytes. Subtracting the 600 Bytes required for the stack (this value is for example only; the actual size needs to be confirmed by the customer based on the actual application), 46692 Bytes remain.

MCU Address Space Access

Access to the 0x000000 - 0xFFFFFF address space in the program is divided into the following two situations.

Peripheral Space R/W Operation

Read and write operations in the peripheral space (register and SRAM) are implemented directly with pointer access.

    u8  x = *(volatile u8*)0x800066;  //read value of register 0x66
     *(volatile u8*)0x800066 = 0x26;  //assign value to register 0x66
    u32 y = *(volatile u32*)0x840000;      //read value of SRAM 0x40000-0x40003
    *(volatile u32*)0x840000 = 0x12345678; //assign value to SRAM 0x40000-0x40003

The program uses the functions write_reg8, write_reg16, write_reg32, read_reg8, read_reg16, read_reg32 to read and write to the peripheral space, which are essentially pointer operations. For more information, please refer to drivers/8258/bsp.h.

Note the operation similar to write_reg8(0x40000)/ read_reg16(0x40000) in the program, which is defined as shown below, from which the 0x800000 offset is automatically added (address line BIT(23) is 1), so the MCU can ensure that it is accessing the Register/SRAM space and not going to flash space.

#define REG_BASE_ADDR       0x800000
#define write_reg8(addr,v)  U8_SET((addr + REG_BASE_ADDR),v)
#define write_reg16(addr,v) U16_SET((addr + REG_BASE_ADDR),v)
#define write_reg32(addr,v) U32_SET((addr + REG_BASE_ADDR),v)
#define read_reg8(addr)     U8_GET((addr + REG_BASE_ADDR))
#define read_reg16(addr)    U16_GET((addr + REG_BASE_ADDR))
#define read_reg32(addr)    U32_GET((addr + REG_BASE_ADDR))

Note here a memory alignment problem: If you use a pointer to 2 bytes/4 bytes to read or write peripheral space, make sure the address is 2 bytes/4 bytes aligned, if not aligned, data read/write errors occur. The following two are errors.

u16  x = *(volatile u16*)0x840001;     //0x840001 is not 2-byte aligned
*(volatile u32*)0x840005 = 0x12345678;  //0x840005 is not 4-byte aligned

Modify to the correct read/write operation.

u16  x = *(volatile u16*)0x840000;     //0x840000 is 2-byte aligned
*(volatile u32*)0x840004 = 0x12345678;  //0x840004 is 4-byte aligned

Flash Operation

This section is detailed in Chapter 8, Flash.

SDK Flash Space Allocation

This section is detailed in Chapter 8, Flash.

Clock Module

System clock & System Timer

The system clock is the clock used by the MCU to execute the program.

The system timer is a read-only timer that provides a time reference for timing control of the BLE and is also available to the user.

On the B85, B87, and TC321x series ICs, the System Timer and system clock are independent and separate.

"System clock & System Timer"

As you can see, the system clock can be multiplied to 48M by the external 24MHz crystal oscillator through the "doubler" circuit and then divided to get 16MHz, 24MHz, 32MHz, 48MHz, etc. This type of clock is called crystal clock (such as 16MHz crystal system clock, 24M crystal system clock). It can also be processed by the IC internal 24MHz RC Oscillator to get 24MHz RC clock, 32MHz RC clock, 48MHz RC clock and so on. This category is called RC clock (BLE SDK does not support RC clock). In the BLE SDK we recommend to use crystal clock.

To configure the system clock, call the following API during initialization and select the clock corresponding to the clock in the enumeration variable SYS_CLK_TYPEDEF definition.

void clock_init(SYS_CLK_TYPEDEF SYS_CLK)

Since the System Timer of B85/B87/TC321x series chips is different from the system clock, users need to know whether the clock of each hardware module on MCU is from system clock or System Timer. Let's take the case where the system clock is 24M crystal to illustrate, at this time the system clock is 24MHz and the System Timer is 16MHz.

In the file app_config.h, the system clock and the corresponding s, ms and us are defined as follows.

#define CLOCK_SYS_CLOCK_HZ      24000000

s, ms and us:

enum{
        CLOCK_SYS_CLOCK_1S = CLOCK_SYS_CLOCK_HZ,
        CLOCK_SYS_CLOCK_1MS = (CLOCK_SYS_CLOCK_1S / 1000),
        CLOCK_SYS_CLOCK_1US = (CLOCK_SYS_CLOCK_1S / 1000000),
};

All hardware modules whose clock source is system clock can only use the above CLOCK_SYS_CLOCK_HZ, CLOCK_SYS_CLOCK_1S, etc. when setting the clock of the module; in other words, if the user sees that the clock setting in the module uses the above definitions, it means that the clock source of the module is system clock.

If the PWM driver PWM period and duty cycle are set as follows, it means that the PWM clock source is system clock.

pwm_set_cycle_and_duty(PWM_ID, 1000 * CLOCK_SYS_CLOCK_1US, 500 * CLOCK_SYS_CLOCK_1US);

The System Timer is a fixed 16MHz, so for this timer, the SDK code uses the following values for s, ms and us.

/**
 * @brief   system Timer : 16Mhz, Constant
 */
enum{
    CLOCK_16M_SYS_TIMER_CLK_1S  = 16*1000*1000,
    CLOCK_16M_SYS_TIMER_CLK_1MS = 16*1000,
    CLOCK_16M_SYS_TIMER_CLK_1US = 16,
};

The following APIs in SDK are some operations related to System Timer, so when it comes to these API operations, they all use the above similar to "CLOCK_16M_SYS_TIMER_CLK_xxx" to represent the time.

void sleep_us(unsigned long us);
unsigned long clock_time(void);
unsigned int clock_time_exceed(unsigned int ref, unsigned int us);
#define ClockTime           clock_time
#define WaitUs              sleep_us
#define WaitMs(t)           sleep_us((t)*1000)
#define sleep_ms(t)         sleep_us((t)*1000)

Since the System Timer is the reference for BLE timing, all BLE time-related parameters and variables in the SDK are expressed as CLOCK_16M_SYS_TIMER_CLK_xxx when it comes to the time.

System Timer Usage

After the initialization of sys_init in the main function is completed, the System Timer starts to work, and the user can read the value of the System Timer counter (referred to as System Timer tick).

The System Timer tick is incremented by one every clock cycle, and its length is 32bit, that is, every 1/16 us plus 1, the minimum value is 0x00000000, and the maximum value is 0xffffffff. When the System Timer starts, the tick value is 0, and the time required to reach the maximum value of 0xffffffff is: (1/16) us * (2^32) approximately equal to 268 seconds, and the System Timer tick makes one cycle every 268 seconds.

The system tick does not stop when the MCU is running the program.

The reading of System Timer tick can be obtained through the clock_time() function:

u32 current_tick = clock_time();

The entire BLE timing of the BLE SDK is designed based on the System Timer tick. This System Timer tick is also used extensively in the program to complete various timing and timeout judgments. It is strongly recommended that users use this System Timer tick to implement some simple timing and timeout judgments.

For example, to implement a simple software timing. The realization of the software timer is based on the query mechanism. Because it is implemented through query, it cannot guarantee real-time performance and readiness. It is generally used for applications that are not particularly demanding on error. Implementation:

(1) Start timer: set a u32 variable, read and record the current System Timer tick.

u32 start_tick = clock_time();   // clock_time() returns System Timer tick value

(2) Constantly inquire whether the difference between the current System Timer tick and start_tick exceeds the time value required for timing in the program. If it exceeds, consider that the timer is triggered, perform corresponding operations, and clear the timer or start a new round of timing according to actual needs.

Assuming that the time to be timed is 100 ms, the way to query whether the time is reached is:

if( (u32) ( clock_time() - start_tick) >  100 * CLOCK_16M_SYS_TIMER_CLK_1MS)

Since the difference is converted to the u32 type, the limit of the system clock tick from 0xffffffff to 0 is solved.

In fact, in order to solve the problem of conversion to u32 caused by different system clocks, the SDK provides a unified calling function. Regardless of the system clock, the following functions can be used to query and judge:

if( clock_time_exceed(start_tick, 100 * 1000))  //unit of the second parameter is us

Please be noted: since the 16MHz clock takes 268 seconds for one cycle, this query function is only applicable to the timing within 268 seconds. If it exceeds 268 seconds, you need to add a counter to accumulate in the software (not introduced here).

Application example: after 2 seconds when A condition is triggered (only once), the program performs B() operation.

u32  a_trig_tick;
int  a_trig_flg = 0;
while(1)
{
        if(A){
            a_trig_tick = clock_time();
            a_trig_flg = 1;
        }
        if(a_trig_flg && clock_time_exceed(a_trig_tick,2 *1000 * 1000)){
            a_trig_flg = 0;
            B();
        }   
}

GPIO Module

Please refer to gpio.h, gpio_default.h, and gpio.c to understand the GPIO module, as all code is provided in source format.

Regarding the register operations involved in the code, please refer to the GPIO Lookup Table in the datasheet.

GPIO Definition

The B85/B87 series chips have a total of 5 groups with 36 GPIOs: GPIO_PA0 ~ GPIO_PA7, GPIO_PB0 ~ GPIO_PB7, GPIO_PC0 ~ GPIO_PC7, GPIO_PD0 ~ GPIO_PD7, and GPIO_PE0 ~ GPIO_PE3.

The GPIO configuration for the TC321x chip is as follows: there are 6 groups of GPIOs, consisting of GPIO_PA0 ~ GPIO_PA7, GPIO_PB0 ~ GPIO_PB7, GPIO_PC0 ~ GPIO_PC7, GPIO_PD0 ~ GPIO_PD7, GPIO_PE0 ~ GPIO_PE1, and GPIO_PF0 ~ GPIO_PF3.

Note

There are 36 GPIOs in the core part of the IC, however some GPIOs may not be pinned out in the different packages of each IC, therefore please refer to the actual GPIO pins in the package of the IC when using GPIOs.

When you need to use GPIO in your program, define it as written above, see gpio.h for details.

Note

There are 7 special GPIOs that require attention when used:

(1) 4 GPIOs for MSPI. These 4 GPIOs belong to the Master SPI bus in the MCU system bus, specifically used for Flash read/write operations. They default to the SPI state after power-up. Users are strictly prohibited from operating these pins, and they should not be used in the program.

- B85/B87: PE0, PE1, PE2, PE3
- TC321X: PF0, PF1, PF2, PF3

(2) SWS (Single Wire Slave). This pin is used for Debugging and programming Firmware. It defaults to the SWS state after power-up and is usually not used as a regular GPIO in the program.

- The SWS pin for B85/B87 is PA7
- The SWS pin for TC321x is PA3

(3) DM and DP. They default to GPIO state after power-up. When USB function is required, DM and DP should be occupied; if USB function is not required, they can be used as normal GPIOs. The DM and DP pins for B85/B87 are PA5 and PA6 respectively, while TC321x does not support USB function.

Note on Special Pins for TC321x Series:

In addition to the special pins mentioned above, the TC321x series has the following pin limitations to note:

PB0, PB1, PB3, PD4: These pins are not recommended as wake-up sources because they default to output functions, and pull-up/pull-down configurations may be ineffective.
PF0-PF3: As MSPI pins, they cannot be used as normal GPIOs.

GPIO State Control

Only the most basic GPIO states that users need to know are listed here.

(1) func (function configuration: special function/general GPIO), if you need to use the input and output function, you need to configure it as general GPIO.

void gpio_set_func(GPIO_PinTypeDef pin, GPIO_FuncTypeDef func);

The pin is defined for GPIO, the same as below. For func you can choose AS_GPIO or other special functions.

(2) ie (input enable)

void gpio_set_input_en(GPIO_PinTypeDef pin, unsigned int value);

value: 1 and 0 means enable and disable respectively.

(3) datai (data input): When the input enable is on, this value is the current level of this GPIO pin, which is used to read the external voltage.

_Bool gpio_read(GPIO_PinTypeDef pin);

Reading a low voltage returns a value of 0; reading a high voltage returns a non-zero value. Be very careful here, when reading high, the return value is not necessarily 1, it is a non-0 value.

Therefore, in the program, you should avoid using code like if( gpio_read(GPIO_PA0) == 1). The recommended approach is to perform inverse processing on the read value, ensuring the result is strictly either 1 or 0:

if( !gpio_read(GPIO_PA0) )  //determine high or low level

(4) oe (output enable)

void gpio_set_output_en(GPIO_PinTypeDef pin, unsigned int value);

value: 1 and 0 means enable and disable respectively.

(5) dataO (data output): When the output enable is on, the value is 1 to output high, 0 to output low.

void gpio_write(GPIO_PinTypeDef pin, unsigned int value)

(6) Internal analog pull-up/pull-down resistor configuration: There are 3 types of analog resistors available: 1 M\(\Omega\) pull-up, 10 k\(\Omega\) pull-up, and 100 k\(\Omega\) pull-down. There are 4 configurable states: 1 M\(\Omega\) pull-up, 10 k\(\Omega\) pull-up, 100 k\(\Omega\) pull-down, and float state.

void gpio_setup_up_down_resistor( GPIO_PinTypeDef gpio, GPIO_PullTypeDef up_down);

The four configurations of up_down：

typedef enum {
    PM_PIN_UP_DOWN_FLOAT    = 0,
    PM_PIN_PULLUP_1M        = 1,
    PM_PIN_PULLDOWN_100K    = 2,
    PM_PIN_PULLUP_10K   = 3,
}GPIO_PullTypeDef;

In the deepsleep and deepsleep retention states, the GPIO input and output states are all disabled, but the analog pull-up and pull-down resistors are still valid.

Note

The following sequence is required when making GPIO function change configurations.
（A）The beginning function is GPIO, then you need to configure the required function MUX first, and then disable the GPIO function.
（B）The beginning function is IO, you need to change to GPIO output, first set the corresponding IO output value and OEN, and then finally enable GPIO function.
（C）The beginning function is IO, you need to change to GPIO input and IO pullup, first set output to 1, OEN to 1 (corresponding to PA and PD), second set pullup to 1 (corresponding to PB and PC), and finally enable GPIO function.
（D）Set pullup to 1 (corresponding to PB and PC) and IO not pull up, first set output to 0, OEN to 1 (corresponding to PA and PD), then set pullup to 0 (corresponding to PB and PC), and finally enable GPIO function.

GPIO configuration application examples：

(1) Configure GPIO_PA4 as output state and output high level.

gpio_set_func(GPIO_PA4, AS_GPIO) ;  // PA4 defaults to GPIO functionality and requires no configuration.
gpio_set_input_en(GPIO_PA4, 0);
gpio_set_output_en(GPIO_PA4, 1);
gpio_write(GPIO_PA4, 1);

(2) Configure GPIO_PC6 as input state to determine whether it reads low and needs to turn on pull-up to prevent the effect of float level.

gpio_set_func(GPIO_PC6, AS_GPIO) ;  // PC6 is GPIO by default, you can leave it
gpio_setup_up_down_resistor(GPIO_PC6, PM_PIN_PULLUP_10K);
    gpio_set_input_en(GPIO_PC6, 1)
    gpio_set_output_en(GPIO_PC6, 0);
    if(!gpio_read(GPIO_PC6)){  //whether low level
        ......
    }

(3) Configure PA5 and PA6 pins for USB function.

gpio_set_func(GPIO_PA5, AS_USB ) ;
gpio_set_func(GPIO_PA6, AS_USB) ;
gpio_set_input_en(GPIO_PA5, 1);
gpio_set_input_en(GPIO_PA6, 1);

Note

The above USB function configurations are only applicable to B85/B87 series chips; the TC321x series does not support USB function.

GPIO Initialization

Calling the gpio_init function in main.c initializes the state of all 32 GPIOs except for the 4 GPIOs of the MSPI.

This function initializes each IO to its default state when no GPIO parameters are configured in the user's app_config.h. The default states of the 32 GPIOs are:

(1) func

Except SWS, all other states are general GPIOs.

(2) ie

Except the default ie for SWS is 1, the default ie for all other general GPIOs is 0.

(3) oe

All is 0.

(4) dataO

All is 0.

(5) Internal pull up/down resistors

All is float.

For more details, please refer to drivers/8258/ gpio_8258.h, drivers/8258/ gpio_default_8258.h and drivers/8278/ gpio_8278.h, drivers/8278/ gpio_default_8278.h.

If there is a state configured in app_config.h to one or more GPIOs, then gpio_init no longer uses the default state, but the state configured by the user. The reason for this is that the default state of gpio is represented using macros that are written (using PA0's ie as an example) as follows:

#ifndef PA0_INPUT_ENABLE
#define PA0_INPUT_ENABLE        1
#endif

When these macros can be defined in advance in app_config, these macros no longer use such default values as above.

The method to configure the GPIO state in app_config.h is (using PA0 as an example):

(1) Configure func:

#define PA0_FUNC                  AS_GPIO

(2) Configure ie：

#define PA0_INPUT_ENABLE           1

(3) Configure oe:

#define PA0_OUTPUT_ENABLE          0

(4) Configure dataO：

#define PA0_DATA_OUT               0

(5) Configure internal pull up/down resistors：

#define  PULL_WAKEUP_SRC_PA0              PM_PIN_UP_DOWN_FLOAT

Summary of GPIO initialization:

(1) The initial state of GPIOs can be pre-defined in the header file and is configured in gpio_init.

(2) It can be set in user_init function by GPIO state control function (gpio_set_input_en, etc.).

(3) A mix of the above two ways can also be used: define some in app_config.h in advance, implement them in gpio_init, and set the rest in user_init.

Note

If a state of the same GPIO is set to a different value in the header file and user_init, the setting in user_init prevails according to the order of program execution.

The gpio_init function is implemented as follows. The value of anaRes_init_en determines whether the analog pull-up and pull-down resistors are set.

void gpio_init(int anaRes_init_en)
{
    // gpio digital status setting
    if(anaRes_init_en){
        gpio_analog_resistance_init();
    }
}

As indicated in the low-power management section, the registers controlling GPIO analog pull-up/pull-down resistors remain powered during deepsleep retention. Consequently, the state of the GPIO analog pull-up/pull-down resistors is maintained in deepsleep retention mode, and their configuration can be skipped upon wakeup from deepsleep retention.

In order to ensure that the state of the GPIO analog pull-up and pull-down resistors is not changed after the deepsleep retention wakeup, it is necessary to determine whether the current deepsleep retention wake_up before gpio_init, and set the value of anaRes_init_en according to this state, as shown in the following code.

int deepRetWakeUp = pm_is_MCU_deepRetentionWakeup();
    gpio_init( !deepRetWakeUp );

GPIO Digital States Fail in Deepsleep Retention Mode

In the GPIO state control described above, all the states (func, ie, oe, dataO, etc.) are controlled by the digital register, except for the analog pull-down resistor which is controlled by the analog register.

Referring to the introduction of low-power management later in the document, it is clear that all digital register states are lost during deepsleep retention.

On B85/B87/TC321x, if suspend is switched to deepsleep retention mode, GPIO output state is disabled and cannot accurately control peripheral devices during sleep. At this point, the state of GPIO analog pull-up and pull-down resistors can be used instead: pull-up 10K instead of GPIO output high, pull-down 100K instead of GPIO output low.

Note

Do not use pull-up 1M for GPIO state control during deepsleep retention (the pull-up voltage may be lower than the supply voltage VCC). In addition, do not use the pull-up 10K of PC0~PC7 in the pull-up 10K control (there is a short time jitter in the deepsleep retention wake_up, generating glitches), pull-up 10K for other GPIO is fine.

Configure SWS Pull-ups to Prevent Crashes

All of Telink's MCUs use SWS (single wire slave) to debug and burn in programs. On the final application code, the state of the pin SWS is:

(1) function set to SWS, not GPIO.

(2) ie =1, only when input enable, it can receive various commands sent by EVK, which is used to operate MCU.

(3) Other configurations: oe, dataO are 0.

After setting to the above state, it can receive operation commands from EVK at any time, but it also brings a risk: when the power supply of the whole system is very jittered (such as when sending IR, the instantaneous current may rush to nearly 100mA), as SWS is in float state, it may read a wrong data and mistake it for a command from EVK, and this wrong command may cause the program stuck.

The solution to the above problem is to modify the float state of the SWS to input pull-up. This is solved by an analog pull-up 1M resistor.

The SWS and GPIO_PA7 are multiplexed on the B85/B87 series. Simply enable the 1M ohm pull-up for PA7 in drivers/B85/gpio_default.h or drivers/B87/gpio_default.h.

#ifndef PULL_WAKEUP_SRC_PA7
#define PULL_WAKEUP_SRC_PA7     PM_PIN_PULLUP_1M  //sws pullup
#endif

The SWS and GPIO_PA3 are multiplexed on the TC321x series. Simply enable the 1M ohm pull-up for PA3 in drivers/TC321X/gpio_default.h.

#ifndef PULL_WAKEUP_SRC_PA3
#define PULL_WAKEUP_SRC_PA3     PM_PIN_PULLUP_1M  //sws pullup
#endif

System Interrupt

This document applies to hardware interrupts of ICs with the following two characteristics.

（1）All interrupts have the same priority, and the MCU does not have the ability to nest interrupts;

（2）All interrupts share the same interrupt hardware entry, which eventually triggers the software irq_handler function, in which the function reads the status bits of the relevant interrupt to determine whether the corresponding interrupt is triggered.

The feature 1 above determines that the MCU responds to interrupts on a first-come, first-served basis. When the first interrupt is not processed, a new interrupt is generated and cannot be responded to immediately and enters the waiting queue until the previous interrupts are processed. Therefore, when there are 2 or more interrupts, all interrupts cannot be responded in real time. The response delay of a particular interrupt depends on whether the MCU is processing other interrupts when this interrupt is triggered and how long it takes to process the other interrupts. As shown in the figure below, since IRQ1 is processing when IRQ2 is triggered, it should wait until IRQ1 is finished processing before responding. The worst case of IRQ2 delay time is the maximum time of IRQ1 process.

IRQ delay

In the BLE SDK, two system interrupts, system timer and RF, are used. If the user does not add new interrupts, there is no need to consider the timing of the two system interrupts; if the customer needs to add other interrupts (e.g. UART, PWM, etc.), the details to be considered are as follows.

(1) For the two system interrupts system timer and RF in the SDK, the maximum possible execution time is 200us. This means that the customer added interrupts may not be able to respond in real time, and the theoretical maximum possible delay time is 200us.

(2) The two system interrupts system timer and RF are for processing BLE tasks, due to the BLE timing is more strict, can not be delayed too long. Therefore, the processing time of the interrupts added by the customer should not be too long, and it is recommended to be within 50us. If the time is too long, there may be BLE timing synchronization errors, resulting in low efficiency of sending and receiving packets, high power consumption, BLE disconnection and other problems.

BLE Module

BLE SDK Software Architecture

Standard BLE SDK Architecture

Figure below shows standard BLE SDK software architecture compliant with BLE spec.

BLE SDK software architecture

As shown above, BLE protocol stack includes Host and Controller.

As BLE bottom-layer protocol, the “Controller” contains Physical Layer (PHY) and Link Layer (LL). Host Controller Interface (HCI) is the sole communication interface for all data transfer between Controller and Host.
As BLE upper-layer protocol, the “Host” contains protocols including Logic Link Control and Adaption Protocol (L2CAP), Attribute Protocol (ATT), Security Manager Protocol (SMP), as well as Profiles including Generic Access Profile (GAP) and Generic Attribute Profile (GATT).
The “Application” (APP) layer contains user application codes and Profiles corresponding to various Services. User controls and accesses Host via “GAP”, while Host transfers data with Controller via “HCI”, as shown below.

"HCI Data Transfer between Host and Controller"

(1) BLE Host will use HCI cmd to operate and set Controller. Controller API corresponding to each HCI cmd will be introduced in this chapter.

(2) Controller will report various HCI Events to Host via HCI.

(3) Host will send target data to Controller via HCI, while Controller will directly load data to Physical Layer for transfer.

(4) When Controller receives RF data in Physical Layer, it will first check whether the data belong to Link Layer or Host, and then process correspondingly: If the data belong to LL, the data will be processed directly; if the data belong to Host, the data will be sent to Host via HCI.

Telink BLE SDK Architecture

Telink BLE Controller

Telink BLE SDK supports standard BLE controllers, including HCI, PHY (Physical Layer) and LL (Link layer).

Telink BLE SDK includes five standard states of Link Layer (standby, advertising, scanning, initiating, connection), and both Slave role and Master role are supported in the connection state. In TC BLE Single Connection SDK, Slave role and Master role are only single connection, that is, Link Layer can only maintain one connection, not multiple Slave/Master or Slave and Master at the same time.

The ble HCI in the SDK is a BLE slave controller, which needs to coordinate with another MCU running BLE Host to form a standard BLE Slave system, the architecture diagram is as follows.

Telink HCI architecture

Link Layer connection status supports both Slave and Master of single connection, then ble HCI can actually be used as BLE master controller. However, actually for a BLE host running on more complex systems (such as Linux/Android), a single connection master controller can only connect to one device, which is almost meaningless, so the SDK does not include the initialization of the master role in the ble HCI.

Telink BLE Slave

Telink BLE SDK in BLE host fully supports stack of Slave; for the Master, it can not fully support, because SDP (service discovery) is too complex.

When user only needs to use standard BLE Slave, and Telink BLE SDK runs Host (Slave part) + standard Controller, the actual stack architecture will be simplified based on the standard architecture, so as to minimize system resource consumption of the whole SDK (including SRAM, running time, power consumption, and etc.). Following shows Telink BLE Slave architecture. In the SDK, ble sample, ble remote and ble module are based on this architecture.

Telink BLE Slave architecture

In figure above, solid arrows indicate data transfer controllable via user APIs, while hollow arrows indicate data transfer within the protocol stack not involved in user.

Controller can still communicate with Host (L2CAP layer) via HCI; however, the HCI is no longer the only interface, and the APP layer can directly exchange data with Link Layer of the Controller. Power Management (PM) Module is embedded in the Link Layer, and the application layer can invoke related PM interfaces to set power management.

Considering efficiency, data transfer between the APP layer and the Host is not controlled via GAP; the ATT, SMP and L2CAP can directly communicate with the APP layer via corresponding interface. However, the event of the Host should be communicated with the APP layer via the GAP layer.

Generic Attribute Profile (GATT) is implemented in the Host layer based on Attribute Protocol. Various Profiles and Services can be defined in the APP layer based on GATT. Basic Profiles including HIDS, BAS, AUDIO and OTA are provided in demo code of this BLE SDK.

Following sections explain each layer of the BLE stack according to the structure above, as well as user APIs for each layer.

Physical Layer is totally controlled by Link Layer, since it does not involve the application layer, it is not covered in this document.

Though HCI still implements part of data transfer between Host and Controller, it is basically implemented by the protocol stack of Host and Controller with little involvement of the APP layer. User only needs to register HCI data callback handling function in the L2CAP layer.

Telink BLE Master

The implementation of Telink BLE master is different from that of Slave. The SDK provides standard controller packed inside the library, but the app layer implements host and user's own application, as shown in the figure below.

Telink BLE master architecture

In the ble master kma dongle project of the SDK, the demo code is implemented based on this architecture, the host layer code is almost all implemented in the app layer. The SDK provides a variety of standard interfaces for users to complete these functions.

The App layer implements standard L2CAP, ATT, and other processing. In the SMP part, it only provides the most basic LE legacy pairing - Just Works method. Due to the complexity of SMP implementation, the specific code implementation is encapsulated in the library; the App layer only needs to call the relevant interfaces. Users can find all the code processing by searching for BLE_HOST_SMP_ENABLE.

#define BLE_HOST_SMP_ENABLE                 1  //Master SMP strongly recommended enabled

The SDP is the most complex part, Telink BLE master does not provide a standard SDP, only a simple reference is given to the ble remote service discovery. The ble master kma dongle default this simple reference SDP is on.

#define ACL_CENTRAL_SIMPLE_SDP_ENABLE       1  //simple service discovery

The SDK provides standard interfaces for all service discovery related ATT operations, users can refer to ble remote's service discovery to implement their own service discovery, or disable BLE_HOST_SIMPLE_SDP_ ENABLE and use the agreed service ATT handle with the slave to achieve data access.

The Telink BLE master does not support power management; the scanning and connection master roles at the link layer are not suspended.

BLE Controller

BLE Controller Introduction

BLE Controller contains Physical Layer, Link Layer, HCI and Power Management.

Telink BLE SDK fully packs Physical Layer in the library (corresponding to c file of rf.h in driver file), and user does not need to learn about it. Power Management will be introduced in detail in section 4 Low Power Management (PM).

This section will focus on Link Layer, and also introduce HCI related interfaces to operate Link Layer and obtain data of Link Layer.

Link Layer State Machine

Figure below shows Link Layer state machine in BLE spec. For more information, please refer to Bluetooth Core Specification v5.3 [Vol 6] Part B, Section 1.1 LINK LAYER STATES.

Link Layer State Machine in BLE Spec

Telink BLE SDK Link Layer state machine is shown as below.

Telink Link Layer State Machine

Telink BLE SDK Link Layer state machine is consistent with BLE spec, and it contains five basic states: Idle (Standby), Scanning, Advertising, Initiating, and Connection. Connection state contains Slave Role and Master Role.

From the introduction of library earlier in the document, the current Slave Role and Master Role are both designed based on single connection. To distinguish multi connection, it is named Slave role single connection and Mater Role single connection.

In this document, Slave Role is marked as "ConnSlaveRole" for short; while Master Role is marked as "ConnMasterRole" for short.

The "Power Management" in figure above is not a state of LL, but a functional module which indicates the SDK only implements low power processing for Advertising and ConnSlaveRole. If Idle state needs low power, user can invoke related APIs in the APP layer. For the other states, the SDK does not contain low power management, and user cannot implement low power in the APP layer.

Based on the five states above, corresponding state machine names are defined in "stack/ble/controller/ll/ll.h". "ConnSlaveRole" and "ConnMasterRole" correspond to the state name "BLS_LINK_STATE_CONN".

#define BLS_LINK_STATE_IDLE         0
#define BLS_LINK_STATE_ADV          BIT(0)
#define BLS_LINK_STATE_SCAN         BIT(1)
#define BLS_LINK_STATE_INIT         BIT(2)
#define BLS_LINK_STATE_CONN         BIT(3)

Switch of Link Layer state machine is automatically implemented in BLE stack bottom layer. Therefore, user cannot modify state in APP layer, but can obtain current state by invoking the API below. The return value will be one of the five states.

u8      blc_ll_getCurrentState(void);

Link Layer State Machine Combined Application

Link Layer State Machine Initialization

The Telink BLE SDK Link Layer fully supports all states, but features a flexible design where each state is encapsulated as a module. By default, only the basic Idle module is included; users establish their own state machine combinations by adding modules to implement different applications. For example, for a BLE Slave application, the user only needs to add the Advertising module and ConnSlaveRole module, while the remaining Scanning/Initiating modules do not need to be configured. This design aims to save code size and ram_code, as code for unused states is not compiled.

The MCU initialization is mandatory, and the initialization API is as follows:

void        blc_ll_initBasicMCU (void);

The API below serves to add the basic Idle module. This API is also necessary for all BLE applications.

void        blc_ll_initStandby_module (u8 *public_adr);

The initialization APIs of the corresponding modules for several other states (Scanning, Alerting, Initiating, Slave Role, Master Role Single Connection) are as follows.

void        blc_ll_initAdvertising_module(u8 *public_adr);
void        blc_ll_initScanning_module(u8 *public_adr);
void        blc_ll_initInitiating_module(void);
void        blc_ll_initConnection_module(void);
void        blc_ll_initSlaveRole_module(void);
void        blc_ll_initMasterRoleSingleConn_module(void);

The real parameter public_adr in the above API is a pointer to the BLE public Mac Address.

The following API is used to initialize the module shared by master and slave.

void        blc_ll_initConnection_module(void);

Users can use the above APIs to combine the Link Layer state machine. The following are some common combinations and corresponding application scenarios, but they are not limited to these examples; users can configure their own combinations.

Idle + Advertising

As shown above, only Idle and Advertising module are initialized, and it applies to applications which use basic advertising function to advertise product information in single direction, e.g. beacon.

Following is module initialization code of Link Layer state machine.

u8  mac_public[6] = {……};
blc_ll_initBasicMCU();  
blc_ll_initStandby_module(mac_public);
blc_ll_initAdvertising_module(mac_public);

State switch of Idle and Advertising is implemented via the “bls_ll_setAdvEnable”.

Idle + Scanning

As shown in the figure below, only the Idle and Scanning modules are initialized, and the most basic Scanning function is used to achieve the scanning and discovery of beacons and other product broadcast information.

The Link Layer state machine module initialization code is:

u8  mac_public[6] = {……};
blc_ll_initBasicMCU();
blc_ll_initStandby_module(mac_public);
blc_ll_initScanning_module(mac_public);

The switching of Idle and Scanning states is implemented by "blc_ll_setScanEnable".

Idle + Scanning

Idle + Advertising + ConnSlaveRole

BLE Slave LL State

The figure above shows the Link Layer state machine combination for a basic BLE slave application. The ble HCI/ble sample/ble remote/ble module in the SDK are all based on this state machine combination.

The Link Layer state machine module is initialized with the following code.

u8  mac_public[6] = {……};
blc_ll_initBasicMCU();                     
blc_ll_initStandby_module(mac_public);
blc_ll_initAdvertising_module(mac_public); 
blc_ll_initConnection_module();
blc_ll_initSlaveRole_module();

State switch in this combination is shown as below:

(1) After power on, the MCU enters Idle state. In Idle state, when Advertising is enabled, Link Layer switches to Advertising state; when Advertising is disabled, it will return to Idle state.

The API “bls_ll_setAdvEnable” serves to enable/disable ADV.

After power on, Link Layer is in Idle state by default. Typically it’s needed to enable ADV in the “user_init” so as to enter Advertising state.

(2) When Link Layer is in Idle state, Physical Layer does not take any RF operation including packet transmission and reception.

(3) When Link Layer is in Advertising state, advertising packets are transmitted in ADV channels. Master will send Connection Indication if it receives ADV packet. After Link Layer receives this Connection Indication, it will respond, establish connection and enter ConnSlaveRole.

(4) When Link Layer is in ConnSlaveRole, it will return to Idle State or Advertising state in any of the following cases:

Master sends “terminate” command to Slave and requests disconnection. Slave will exit ConnSlaveRole after it receives this command.
By sending “terminate” command to Master, Slave actively terminates the connection and exits ConnSlaveRole.
If Slave fails to receive any packet due to Slave RF Rx abnormity or Master Tx abnormity until BLE connection supervision timeout is triggered, Slave will exit ConnSlaveRole.

When ConnSlaveRole of Link layer exits this state, it switches to a different state depending on whether ADV is enabled or not: if ADV is enabled, Link Layer goes back to Advertising state; if ADV is Disable, Link Layer goes back to Idle state. Whether ADV is Enable or Disable depends on the value set by the user when bls_ll_setAdvEnable was last called by the application layer.

Idle + Scanning + Initiating + ConnMasterRole

BLE Master LL State

The above figure shows the Link Layer state machine combination for a basic BLE master application, the ble master kma dongle in the SDK is based on this state machine combination. The Link Layer state machine module initialization code is.

u8  mac_public [6] = {……};
blc_ll_initBasicMCU();
blc_ll_initStandby_module(mac_public);
blc_ll_initScanning_module(mac_public); 
blc_ll_initInitiating_module();
blc_ll_initConnection_module();
blc_ll_initMasterRoleSingleConn_module();

The state change under this state machine combination is described as follows.

(1) After the MCU is powered on, it enters the Idle state; Scan is enabled in the Idle state, and the Link Layer is switched to the Scanning state; when Scan is disabled in the Scanning state, it returns to the Idle state.

The Scan Enable and Disable are controlled by API blc_ll_setScanEnable.

After power on, the Link layer is in Idle state by default. It is generally necessary to set Scan Enable inside user_init to enter Scanning state.

When the Link Layer is in the Scanning state, it reports the scanned Advertising packets to the BLE Host via the HCI event "HCI_SUB_EVT_LE_ADVERTISING_REPORT".

(2) In Idle state and Scanning state, Link Layer can trigger API blc_ll_createConnection to enter Initiating state.

The blc_ll_createConnection specifies the Mac Address of one or more BLE devices that need to be connected. After the Link Layer enters the Initiating state, it continuously scans the specified BLE device, sends a connection request and enters the ConnMasterRole after receiving a correct ADV packet that can be connected. If the initiating state does not scan the specified BLE device within a certain period of time and cannot initiate a connection, it will trigger a create connection timeout and revert to Idle State or Scanning state.

Note

Initiating state can enter from Idle state and Scanning state (ble master kma dongle enters directly from Scanning state), create connection timeout and then return to the Idle State or Scanning state before create connection.

(3) When the Link Layer is in ConnMasterRole, it returns to Idle State in one of three ways：

a) The slave sends a terminate command to the master to disconnect. The master receives the terminate command and exits ConnMasterRole. b) The master sends a terminate command to the slave, actively disconnects, and exits ConnMasterRole. c) The master's RF packet receiving exception or the slave's packet sending exception causes the master to receive no packet for a long time, triggering the BLE's connection supervision timeout and exiting the ConnMasterRole.

If the Link layer's ConnMasterRole exits this state, it can only return to the Idle state. if it needs to continue scanning, it should use the API blc_ll_setScanEnable to set the Link Layer to enter the Scanning state again.

Link Layer Timing Sequence

In this section, Link Layer timing sequence in various states will be illustrated combining with irq_handler and main_loop of this BLE SDK.

_attribute_ram_code_ void irq_handler(void)
{
    ……
    irq_blt_sdk_handler ();
    ……
}

void main_loop (void)
{
///////////////////// BLE entry ////////////////////////////
    blt_sdk_main_loop();
////////////////////// UI entry ////////////////////////////
    ……
}

The “blt_sdk_main_loop” function at BLE entry serves to process data and events related to BLE protocol stack. UI entry is for user application code.

Timing Sequence in Idle State

When Link Layer is in Idle state, no task is processed in Link Layer and Physical Layer; the “blt_sdk_main_loop” function does not act and does not generate any interrupt, i.e. the whole timing sequence of main_loop is occupied by UI entry.

Timing Sequence in Advertising State

As shown in the figure above, an ADV event is triggered by the Link Layer during each ADV interval. A typical ADV event with three active ADV channels sends an advertising packet in channel 37, 38, and 39, respectively. After an ADV packet is sent, the Slave enters the Rx state and waits for a response from the Master:

If the Slave receives a scan request from the Master, it sends a scan response to the Master.
If the Slave receives a connect request from the Master, it establishes a BLE connection with the Master and enters the Connection state Slave Role.

The code for the UI entry in main_loop executes during the UI task/suspend period shown in the figure above. This duration can be used for UI tasks only, or the MCU can enter sleep (suspend or deep sleep retention) during the redundant time to reduce power consumption.

In the Advertising state, the blt_sdk_main_loop function does not process many tasks; only some callback events related to ADV are triggered, including BLT_EV_FLAG_ADV_DURATION_TIMEOUT, BLT_EV_FLAG_SCAN_RSP, BLT_EV_FLAG_CONNECT, etc.

Timing Sequence in Scanning State

Scan interval is configured by the API “blc_ll_setScanParameter”. During a whole Scan interval, packet reception is implemented in one channel, and Scan window is not designed in the SDK. Therefore, the SDK does not process the setting of Scan window in the “blc_ll_setScanParameter”.

After the end of each Scan interval, it will switch to the next receiving channel, and enters next Scan interval. Channel switch action is triggered by interrupt, and it’s executed in irq which takes very short time.

In Scanning interval, PHY Layer of Scan state is always in RX state, and it depends on MCU hardware to implement packet reception. Therefore, all timing in software are for UI task.

After correct BLE packet is received in Scan interval, the data are first buffered in software RX fifo (corresponding to “my_fifo_t blt_rxfifo” in code), and the “blt_sdk_main_loop” function will check whether there are data in software RX fifo. If correct ADV data are discovered, the data will be reported to BLE Host via the event “HCI_SUB_EVT_LE_ADVERTISING_REPORT”.

Timing Sequence in Initiating State

The timing sequence of the Initiating state is shown above, and is the same as that of the Scanning state, with the difference that the Scan interval is configured by the API "blc_ll_createConnection". Packet reception is performed on one channel during the entire Scan interval. Similarly, the SDK does not process the setting of the Scan window in "blc_ll_createConnection".

After the end of each Scan interval, it will switch to the next listening channel, and start a new Scan interval. Channel switch action is triggered by interrupt, and it’s executed in irq which takes very short time.

In the Scanning state, the BLE Controller reports the received ADV packet to the BLE Host; however, in the Initiating state, ADV packets are not reported to the BLE Host, and it only scans for the device specified by "blc_ll_createConnection". If the specific device is scanned, it sends a connection_request and establishes a connection, then the Link Layer enters the ConnMasterRole.

Timing Sequence in Conn State Slave Role

As shown in the above figure, each connection interval starts with a brx event, i.e. transfer process of BLE RF packets by Link Layer: PHY enters Rx state, and an ack packet will be sent to respond to each received data packet from Master. If there is more data, then continue to receive master packets and reply, this process is called brx event for short.

In this BLE SDK, each brx process consists of three phases according to the assignment of hardware and software.

(1) brx start phase

When Master is about to send packet, an interrupt is triggered by system tick irq to enter brx start phase. During this interrupt, MCU sets BLE state machine of PHY to enter brx state, hardware in bottom layer prepares for packet transfer, and then MCU exits from the interrupt irq.

(2) brx working phase

After brx start phase ends and MCU exits from irq, hardware in bottom layer enters Rx state first and waits for packet from Master. During the brx working phase, all packet reception and transmission are implemented automatically without involvement of software.

(3) brx post phase

After packet transfer is finished, the brx working phase is completed. System tick irq triggers an interrupt to switch to the brx post phase. During this phase, protocol stack will process BLE data and timing sequence according to packet transfer in the brx working phase.

During the three phases, brx start and brx post are implemented in interrupt, while brx working phase does not need the involvement of software, and UI task can be executed normally (Note that during brx working phase, UI task can be executed in the time slots except RX, TX, and System Timer interrupt handler). During the brx working phase, MCU can’t enter sleep (suspend or deep sleep retention) since hardware needs to transfer packets.

Within each connection interval, the duration except for brx event can be used for UI task only, or MCU can enter sleep (suspend or deep sleep retention) for the redundant time to reduce power consumption.

In the ConnSlaveRole, the "blt_sdk_main_loop" processes the data received during the brx process. During the brx working phase, the data packet received from the Master is copied out during the RX interrupt IRQ handler; this data is not processed immediately but is buffered in the software RX FIFO (corresponding to my_fifo_t blt_rxfifo in the code). The "blt_sdk_main_loop" function checks whether there is data in the software RX FIFO and processes the detected data packet accordingly.

The processing of packets by blt_sdk_main_loop includes:

(1) Decryption of data packet

(2) Parsing of data packet

If the parsed data belongs to the control command sent by Master to Link Layer, this command will be executed immediately; if it’s the data sent by Master to Host layer, the data will be transferred to L2CAP layer via HCI interface.

Timing Sequence in Conn State Master Role

Timing Sequence in Conn Master Role

The ConnMasterRole timing sequence is shown above. At the beginning of each conn interval, the Link Layer performs a BLE RF packet sending and receiving process: first the PHY enters the packet sending state, sends a packet to the slave and then waits for the other party's ack packet, if there is more data, it continues to send packets to the slave, this process is referred to as btx event.

In this BLE SDK, each brx process consists of three phases according to the assignment of hardware and software.

(1) btx start phase

When the time for master to send packets is approaching, it will be triggered by system tick irq to enter the btx start phase, in which the MCU sets the BLE state machine of the PHY to enter the btx state, and the bottom layer hardware prepares to send and receive packets, and then exits the interrupt irq.

(2) btx working phase

After btx start, the MCU exits irq and the bottom layer hardware enters the transmitting state and does all the work of sending and receiving packets automatically, without any software involvement, this process is called the btx working phase.

(3) btx post phase

After the packet is sent and received, btx working is finished and the system tick irq triggers the btx post phase. This phase is mainly for the protocol stack to process some data and timing of the BLE according to the btx working phase.

The btx start and btx post in the above three phases are both interrupted, while the btx working phase requires no software involvement and the UI task can be executed normally at this point.

At ConnMasterRole, blt_sdk_main_loop needs to process the data received by the btx process. The btx working process actually copies the slave packets received by the hardware during the RX receive interrupt irq processing, this data is not immediately processed in real time, but cached in the software RX fifo. The blt_sdk_main_loop function will check if there is data in the software RX fifo and process it as soon as it is available.

The processing of packets by blt_sdk_main_loop includes：

1) Decryption of data packet

2) Parsing of data packet

If the parsed data is found to belong to a control command sent by the slave to the Link Layer, the command will be executed immediately. If it is data sent by the master to the Host Layer, the data will be dropped to the L2CAP layer for processing through the HCI interface.

Timing Protect for Conn State Slave role

In ConnSlaveRole, each interval requires a send/receive packet event, which is the Brx Event above. In the B85m SDK, the Brx Event is triggered entirely by interrupts, so the MCU main system interrupt needs to be turned on all the time. If the user is in the Conn state for a long time and has to turn off the main system interrupt (e.g. to erase the Flash), the Brx Event will be stopped and the BLE timing will soon be messed up and eventually the connection will be disconnected.

In this situation, the SDK provides a protection mechanism that allows the user to disable the Brx Event without breaking the BLE timing, and the user needs to strictly follow this mechanism. The relevant API is as follows.

    int     bls_ll_requestConnBrxEventDisable(void);
    void    bls_ll_disableConnBrxEvent(void);
    void    bls_ll_restoreConnBrxEvent(void);

Call bls_ll_requestConnBrxEventDisable to request that the Brx Event be switched off.

(1) If the return value of this API is 0, it means that the user's application is not currently accepted, i.e. the Brx Event cannot be stopped at this time. During the Brx working phase at Conn state, the application cannot be accepted and the return value is 0. It should wait until the end of a full Brx Event to accept the application for the remaining UI task/suspend time.

(2) This API returns a non-zero value to indicate that the request can be accepted and the value returned is the time in ms allowed to stop the Brx Event. There are three cases for this event value：

a) If the current Link Layer is Alerting state or Idle state, the return value is 0xffff, that is, there is no Brx Event, and the user is allowed to turn off the system interrupt for any length of time. b) If the current Conn state receives an update map or update connection parameter from the master and has not yet reached the update time point, the return time is the update time point minus the current time. In other words, the time to stop the Brx Event cannot exceed the update time, otherwise all the packets is not received and the connection will be disconnected. c) If the current state is Conn state and there is no update request from master, the return value is half of the current connection supervision timeout value. For example, if the current timeout is 1s, the return value is 500ms.

The user calls the above API to request to disable the Brx Event, and if the return value corresponds to enough time for the task to run itself, the task can be performed. Before the task is executed, API bls_ll_disableConnBrxEvent is called to disable the Brx Event. After the task is finished, API bls_ll_restoreConnBrxEvent is called to re-enable the Brx Event and repair the BLE timing.

The reference usage is as follows. Where the specific time is judged by the actual time of tested task.

Timing of Scanning in Advertising state

Link Layer State Machine Extension

The above BLE Link Layer state machine and working timings introduce the most basic states, which can satisfy the basic applications such as BLE slave/master. However, considering potential special user applications (such as the ability to perform advertising while in the ConnSlaveRole), the Telink BLE SDK adds special extension functions to the Link Layer state machine, which are introduced in detail below.

Scanning in Advertising state

When Link Layer is in Advertising state, the Scanning feature can be added.

The API to add Scanning feature：

ble_sts_t    blc_ll_addScanningInAdvState(void);

The API to remove Scanning feature：

ble_sts_t    blc_ll_removeScanningFromAdvState(void);

For the above two API, the return value of ble_sts_t type are both BLE_SUCCESS.

Combining the timing sequence of the Advertising state and Scanning state, the timing sequence is as follows when the Scanning feature is added to the Advertising state.

Timing of Scanning in Advertising state

The current Link Layer is still in the Advertising state (BLS_LINK_STATE_ADV) and the remaining time in each ADV interval, excluding the ADV event, is used for Scanning.

At each Set Scan, it is determined whether the current time exceeds a Scan interval (set by blc_ll_setScanParameter) since the last Set Scan, and if so, the Scan channel is switched (channel 37/38/39).

For the usage of Scanning in Advertising state, please refer to the TEST_SCANNING_IN_ADV_AND_CONN_SLAVE_ROLE in the ble_feature_test.

Scanning in ConnSlaveRole

When the Link Layer is in ConnSlaveRole, the Scanning feature can be added.

The API to add Scanning feature：

ble_sts_t    blc_ll_addScanningInConnSlaveRole(void);

The API to remove Scanning feature：

ble_sts_t    blc_ll_removeScanningFromConnSLaveRole(void);

For the above two API, the return value of ble_sts_t type are both BLE_SUCCESS.

Combining the timing sequence of Scanning state and ConnSlaveRole, when the Scanning feature is added to ConnSlaveRole, the timing sequence is as follows.

Timing of Scanning in ConnSlaveRole

The current Link Layer is still in ConnSlaveRole (BLS_LINK_STATE_CONN) and the remaining time in each Conn interval, excluding the brx event, is used for Scanning.

At each Set Scan, it is determined whether the current time exceeds a Scan interval (set by blc_ll_setScanParameter) since the last Set Scan, and if so, the Scan channel is switched (channel 37/38/39).

For the usage of Scanning in ConnSlaveRole, please refer to the TEST_SCANNING_IN_ADV_AND_CONN_ SLAVE_ROLE in ble_feature_test.

Advertising in ConnSlaveRole

When the Link Layer is in ConnSlaveRole, the Advertising feature can be added.

The API to add Advertising feature：

ble_sts_t   blc_ll_addAdvertisingInConnSlaveRole(void);

The API to remove Advertising feature：

ble_sts_t   blc_ll_removeAdvertisingFromConnSLaveRole(void);

The API to configure parameters for Advertising in ConnSlaveRole is:

ble_sts_t   blc_ll_setAdvParamInConnSlaveRole( u8 *adv_data,  u8 advData_len, u8 *scanRsp_data,  u8 scanRspData_len, adv_type_t  advType,   own_addr_type_t ownAddrType, adv_chn_map_t adv_channelMap, adv_fp_type_t advFilterPolicy)

The return value of type ble_sts_t for the above three APIs is BLE_SUCCESS.

Combining the timing sequence of Advertising and ConnSlaveRole, when the Advertising feature is added to ConnSlaveRole, the timing sequence is as follows.

Timing of Advertising in ConnSlaveRole

The current Link Layer is still in ConnSlaveRole (BLS_LINK_STATE_CONN) and executes an ADV event immediately after the brx event in each Conn interval, and then leaves the rest of the time for the UI task or goes into sleep (suspend/ deepsleep retention) to save power.

For the usage of Advertising in ConnSlaveRole, please refer to the TEST_ADVERTISING_IN_CONN_SLAVE_ROLE in ble_feature_test.

Advertising and Scanning in ConnSlaveRole

Combined with the use of Scanning in ConnSlaveRole and Advertising in ConnSlaveRole above, it is possible to add both Scanning and Advertising to ConnSlaveRole. The timing sequence is as follows.

Timing of Advertising and Scanning in ConnSlaveRole

The current Link Layer is still in ConnSlaveRole (BLS_LINK_STATE_CONN) and an ADV event is executed immediately after the brx event in each Conn interval, and then the rest of the time is used for Scanning.

At each Set Scan, it is determined whether the current time exceeds a Scan interval (set by blc_ll_setScanParameter) since the last Set Scan, and if so, the Scan channel is switched (channel 37/38/39).

For the usage of Advertising and Scanning in ConnSlaveRole, please refer to the TEST_ADVERTISING_SCANNING_IN_CONN_SLAVE_ROLE in ble_feature_test.

Link Layer TX fifo & RX fifo

All data from the application layer and the BLE Host eventually needs to be sent through the Link Layer of the Controller to complete the RF data. A BLE TX fifo is designed in the Link Layer, which can be used to cache the incoming data and to send the data after the brx/btx has started.

All data received from the peer device during Link Layer brx/btx is first stored in a BLE RX fifo before being uploaded to the BLE Host or application layer for processing.

The BLE TX fifo and BLE RX fifo for the Slave role and Master role are handled in the same way. Both the BLE TX fifo and BLE RX fifo are defined at the application layer.

MYFIFO_INIT(blt_rxfifo, 64, 8);
MYFIFO_INIT(blt_txfifo, 40, 16);

The RX fifo size is 64 by default and the TX fifo size is 40 by default, and these two sizes are not allowed to be modified unless a Data Length Extension(DLE) is required.

Both TX fifo number and RX fifo number should be set to the power of 2, i.e. 2, 4, 8, 16, etc. Users can modify them slightly to suit their needs.

RX fifo number is 8 by default, which is a reasonable value and can ensure that the bottom layer of the Link Layer can buffer up to 8 packets. If the setting is too large, it will take up too much SRAM. If the setting is too small, there may be a risk of data overwriting: in the brx event, the Link Layer is likely to word under More Data (MD) mode on an interval, and continue to receive multiple packets, if you set 4, it is likely that there will be five or six packets in an interval (such as OTA, playing master voice data, etc.), and the upper layer's response to these data is too long to process due to the long decryption time, then it is possible some data is overflowed.

Here is an example of RX overflow, we have the following assumptions:

a) The number of RX fifo is 8;

b) Before brx_event(n) is turned on, the read and write pointers of RX fifo are 0 and 2 respectively;

c) In the brx_event(n) and brx_event(n+1) stages, the main_loop has task blockage, and the RX fifo is not taken in time;

d) Both brx_event stages are multi-packet situations.

From the description in the “Conn state Slave role timing” section above, we know that the BLE data packets received in the brx_working stage will only be copied to the RX fifo (RX fifo write pointer++), and the RX fifo data is actually taken out for processing. In the main_loop stage (RX fifo read pointer++), we can see that the sixth data will cover the read pointer 0 area. It should be noted here that the UI task time slot in the brx working stage is the time except for interrupt processing such as RX, TX, and system timer.

RX overflow case 1

Relative to the extreme case above with long task blockade duration due to one connection interval, the case below is more likely to occur: During one brx_event, since Master writes multiple packets (e.g. 7/8 packets) into Slave, Slave fails to process the received data in time. As shown below, the rptr (read pointer) is increased by two, but the wptr (write pointer) is also increased by eight, which thus causes data overflow.

RX overflow case 2

Once there is a data loss problem caused by overflow, for the encryption system, there will be a MIC failure disconnection problem. (For old SDK, as brx event Rx IRQ will fill data to Rx fifo but not do data overflow check, if main_loop is too slow to process RX fifo it will lead to overflow problem, so when using old SDK, user need to pay more attention to this risk, avoid master to send too much data on one connection interval, pay attention to user UI that the task processing time is as short as possible to avoid blocking problems.)

Rx overflow checks have now been added to the SDK. Check whether the current RX fifo write pointer and read pointer difference is greater than the number of Rx fifo in brx/btx event Rx IRQ. Once the Rx fifo is found to be full, the RF does not ACK the other party. BLE protocol Data retransmission is ensured. In addition, the SDK also provides the Rx overflow callback function to notify users. This callback will be introduced in the chapter "Telink defined event" later in the document.

Similarly, if there may be more than 8 valid packets in an interval, the default 8 is not enough.

The TX fifo number is 16 by default, which is able to handle the larger data volume of the voice remote control function. Users can modify it to 8 if they do not use such a large fifo.

If set too large (e.g. 32) it will take up too much sram.

In the TX fifo, the SDK bottom layer stack needs to use 2, and the rest is used exclusively by the application layer; for a TX fifo of 16, the application layer can only use 14; for 8, the application layer can only use 6.

When sending data from the application layer (e.g. calling blc_gatt_pushHandleValueNotify), the user should first check how many TX fifo's are currently available in the Link Layer.

The following API is used to determine how many TX fifo's are currently occupied, not how many are left.

    u8          blc_ll_getTxFifoNumber (void);

For example, if the TX fifo number defaults to 16, there are 14 users available, so the value returned by the API is available as long as it is less than 14: a return of 13 means there is 1 available, and a return of 0 means there are 14 available.

When using TX fifo, if the user first looks at how many are left before deciding whether to push the data directly, a fifo should be left in place to prevent various boundary issues from occurring.

In the voice processing of the ble remote, as each voice data is known to be split into 5 packets, 5 TX fifo's are required and no more than 9 occupied fifo's can be used. In order to avoid exceptions caused by some boundary conditions when the TX fifo is used (e.g. just in time for the BLE stack to reply to the master's command and insert a data into the TX fifo), the final code is written as follows: the voice data is only pushed to the TX fifo when there are no more than 8 occupied TX fifo's.

        if (blc_ll_getTxFifoNumber() < 9)
        {
            ……
        }

As discussed above, the SDK provides the following API for limiting the amount of more data received on an interval (if the user wants to limit the data even if the RX fifo is sufficient), in addition to the automatic data overflow handling mechanism.

void    blc_ll_init_max_md_nums(u8 num);

In which, the maximum number of More Data set by parameter num should not to exceed the RX fifo number.

Note

Note that the ability to qualify more data on a connection event is only enabled if the API is called at the application level (parameter num is greater than 0).

Controller Event

To meet user requirements for recording and processing key actions of the BLE stack bottom layer at the application layer, the Telink BLE SDK provides three types of events:

(1) Standard HCI events defined by the BLE Controller;

(2) A set of events defined by Telink, referred to as "Telink defined events" (both of the first two types belong to Controller events);

(3) Event notification-type GAP events for protocol stack interaction flows defined by the BLE Host (can also be considered Host events; for details, please refer to the "GAP event" section of this document).

The BLE SDK event architecture is illustrated in the figure below. It can be seen that HCI events and Telink defined events belong to Controller events, while GAP events belong to BLE Host events. The following two subsections mainly introduce Controller events.

BLE SDK Event Architecture

Controller HCI Event

HCI event is designed according to BLE Spec; Telink defined event only applies to BLE Slave (ble remote/ble module etc).

BLE Master only supports HCI event.
BLE Slave supports both HCI event and Telink defined event.

For BLE Slave, basically the two sets of event are independent of each other, except for the connect and disconnect event of Link Layer, which will be introduced in detail later.

User can select one set or use both as needed.

As shown in the “Host + Controller” architecture below, Controller HCI event indicates all events of Controller are reported to Host via HCI.

HCI Event

For details regarding the definition of Controller HCI events, please refer to the Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7 Events. Specifically, Section 7.7.65 "LE Meta Event" refers to HCI LE (Low Energy) Events, while the others are standard HCI events. According to the definition in the specification, the Telink BLE SDK also categorizes Controller HCI events into two types: HCI Events and HCI LE Events. As the Telink BLE SDK mainly supports the Bluetooth Low Energy protocol stack, it supports only a few basic HCI Events, while supporting the majority of HCI LE Events.

For the definition of macros and interfaces related to Controller HCI event, please refer to head files under “stack/ble/hci”.

To receive Controller HCI event in Host or APP layer, user should register callback function of Controller HCI event, and then enable mask of corresponding event.

Following are callback function prototype and register interface of Controller HCI event:

typedef int (*hci_event_handler_t) (u32 h, u8 *para, int n);
void  blc_hci_registerControllerEventHandler(hci_event_handler_t  handler);

In the callback function prototype, “u32 h” is a mark which will be frequently used in bottom-layer stack, and user only needs to know the following:

#define         HCI_FLAG_EVENT_TLK_MODULE           (1<<24)
#define         HCI_FLAG_EVENT_BT_STD               (1<<25)

The “HCI_FLAG_EVENT_TLK_MODULE” will be introduced in “Telink defined event”, while “HCI_FLAG_EVENT _BT_STD” indicates current event is Controller HCI event.

In the callback function prototype, “para” and “n” indicate data and data length of event. The data is consistent with the definition in BLE spec. User can refer to the following usage in the ble_master kma dongle and the specific implementation of the controller_event_callback function.

blc_hci_registerControllerEventHandler(controller_event_callback);

HCI event

Telink BLE SDK supports a few HCI events. Following lists some events for user.

#define HCI_EVT_DISCONNECTION_COMPLETE                  0x05
#define HCI_EVT_ENCRYPTION_CHANGE                       0x08
#define HCI_EVT_READ_REMOTE_VER_INFO_COMPLETE           0x0C
#define HCI_EVT_ENCRYPTION_KEY_REFRESH                  0x30
#define HCI_EVT_LE_META                                 0x3E

a) HCI_EVT_DISCONNECTION_COMPLETE

Please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7.5 Disconnection Complete Event. Total data length of this event is 7, and 1-byte "param len" is 4, as shown below. Please refer to BLE spec for data definition.

Disconnection Complete Event

b) HCI_EVT_ENCRYPTION_CHANGE and HCI_EVT_ENCRYPTION_KEY_REFRESH

Please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7.8 & 7.7.39. The two events are related to Controller encryption, and the processing is assembled in library.

c) HCI_EVT_READ_REMOTE_VER_INFO_COMPLETE

Please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7.12. When Host uses the “HCI_CMD_READ_REMOTE_VER_INFO” command to exchange version information between Controller and BLE peer device, and version of peer device is received, this event will be reported to Host. Total data length of this event is 11, and 1-byte "param len" is 8, as shown below. Please refer to BLE spec for data definition.

Read Remote Version Information Complete Event

d) HCI_EVT_LE_META

It indicates current event is HCI LE event, and event type can be judged according to sub event code. Except for HCI_EVT_LE_META, other HCI events should use the API below to enable corresponding event mask.

ble_sts_t   blc_hci_setEventMask_cmd(u32 evtMask);

Definition of event mask:：

#define HCI_EVT_MASK_DISCONNECTION_COMPLETE                                 0x0000000010     
#define HCI_EVT_MASK_ENCRYPTION_CHANGE                                      0x0000000080
#define HCI_EVT_MASK_READ_REMOTE_VERSION_INFORMATION_COMPLETE               0x0000000800

If the user does not set the HCI event mask via this API, the SDK will only turn on the mask corresponding to HCI_CMD_DISCONNECTION_COMPLETE by default, i.e. to ensure that the Controller disconnect event is reported.

HCI LE event

When event code in HCI event is “HCI_EVT_LE_META” to indicate HCI LE event, common sub-event code are shown as below:

#define HCI_SUB_EVT_LE_CONNECTION_COMPLETE                          0x01
#define HCI_SUB_EVT_LE_ADVERTISING_REPORT                           0x02
#define HCI_SUB_EVT_LE_CONNECTION_UPDATE_COMPLETE                   0x03
#define HCI_SUB_EVT_LE_CONNECTION_ESTABLISH                         0x20

a) HCI_SUB_EVT_LE_CONNECTION_COMPLETE

Please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7.65.1 LE Connection Complete Event. When connection is established between Link Layer and peer device, this event will be reported. Total data length of this event is 22, and 1-byte "param len" is 19, as shown below. Please refer to BLE spec for data definition.

LE Connection Complete Event

b) HCI_SUB_EVT_LE_ADVERTISING_REPORT

Please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7.65.2 LE Advertising Report Event. When Link Layer scans right ADV packet, it will be reported to Host via "HCI_SUB_EVT_LE_ADVERTISING_REPORT". Data length of this event is not fixed and it depends on payload of ADV packet, as shown below. Please refer to BLE spec for data definition.

LE Advertising Report Event

Note: In Telink BLE SDK, each "LE Advertising Report Event" only reports an ADV packet, i.e. "i" in figure above is 1.

c) HCI_SUB_EVT_LE_CONNECTION_UPDATE_COMPLETE

Please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.7.65.3 LE Connection Update Complete Event. When "connection update" in Controller takes effect, the "HCI_SUB_EVT_LE_CONNECTION_UPDATE_COMPLETE" will be reported to Host. Total data length of this event is 13, and 1-byte "param len" is 10, as shown below. Please refer to BLE spec for data definition.

LE Connection Update Complete Event

d) HCI_SUB_EVT_LE_CONNECTION_ESTABLISH

The “HCI_SUB_EVT_LE_CONNECTION_ESTABLISH” is a supplement to the “HCI_SUB_EVT_LE_CONNECTION _COMPLETE”, so all the parameters except for subevent is the same. This event is used by the b85m_master kma dongle in the SDK. It is the only non-BLE spec standard event, is privately defined by Telink and is only used in the b85m_master kma dongle.

Following illustrates the reason for Telink to define this event.

When BLE Controller in Initiating state scans ADV packet from specific device to be connected, it will send connection request packet to peer device; no matter whether this connection request is received, it will be considered as “Connection complete”, “LE Connection Complete Event” will be reported to Host, and Link Layer immediately enters Master role. Since this packet does not support ack/retry mechanism, Slave may miss the connection request, thus it cannot enter Slave role, and does not enter brx mode to transfer packets. In this case, Master Controller will process according to the mechanism below: After it enters Master role, it will check whether there’s any packet received from Slave during the beginning 6 ~ 10 conn intervals (CRC check is negligible).

If no packet is received, it’s considered that Slave does not receive connection request; suppose “LE Connection Complete Event” has already been reported, it should report a “Disconnection Complete Event” quickly, and indicate disconnect reason is “0x3E (HCI_ERR_CONN_FAILED_TO_ESTABLISH)”.
If there’s packet received from Slave, it can confirm that Connection is established, thus Master can continue rest of the flow.

According to the description above, the processing method of BLE Host should be: After it receives “LE Connection Complete Event” of Controller, it cannot confirm that connection has already been established, but instead, starts a timer based on conn interval (timing value should be configured as 10 intervals or above to cover the longest time). After the timer is started, it will check whether there is “Disconnection Complete Event” with disconnect reason of 0x3E; if there is no such event, it will be considered as “Connection Established”.

Considering this processing of BLE Host is very complex and error prone, the SDK defines the “HCI_SUB_EVT_LE_CONNECTION_ESTABLISH” in the bottom layer. When Host receives this event, it indicates that Controller has confirmed connection is OK on Slave side and can continue rest of the flow.

“HCI LE event” needs the API below to enable mask.

ble_sts_t   blc_hci_le_setEventMask_cmd(u32 evtMask);

Following lists some evtMask definitions. User can view the other events in the “hci_const.h”.

#define HCI_LE_EVT_MASK_CONNECTION_COMPLETE             0x00000001
#define HCI_LE_EVT_MASK_ADVERTISING_REPORT              0x00000002
#define HCI_LE_EVT_MASK_CONNECTION_UPDATE_COMPLETE      0x00000004
#define HCI_LE_EVT_MASK_CONNECTION_ESTABLISH            0x80000000

If HCI LE event mask is not set via this API, mask of all HCI LE events in the SDK are disabled by default.

Telink Defined Event

Besides standard Controller HCI event, the SDK also provides Telink defined event. Up to 20 Telink defined events are supported, which are defined by using macros in the “stack/ble/ll/ll.h”.

Current SDK version supports the following callback events. The “BLT_EV_FLAG_CONNECT / BLT_EV_FLAG_ TERMINATE” has the same function as the “HCI_SUB_EVT_LE_CONNECTION_COMPLETE” / “HCI_EVT_ DISCONNECTION_COMPLETE” in HCI event, but data definition of these events are different.

#define         BLT_EV_FLAG_ADV                                 0
#define         BLT_EV_FLAG_ADV_DURATION_TIMEOUT                1
#define         BLT_EV_FLAG_SCAN_RSP                            2
#define         BLT_EV_FLAG_CONNECT                             3
#define         BLT_EV_FLAG_TERMINATE                           4
#define         BLT_EV_FLAG_LL_REJECT_IND                       5
#define         BLT_EV_FLAG_RX_DATA_ABANDON                     6
#define         BLT_EV_FLAG_PHY_UPDATE                          7
#define         BLT_EV_FLAG_DATA_LENGTH_EXCHANGE                8
#define         BLT_EV_FLAG_GPIO_EARLY_WAKEUP                   9
#define         BLT_EV_FLAG_CHN_MAP_REQ                         10
#define         BLT_EV_FLAG_CONN_PARA_REQ                       11
#define         BLT_EV_FLAG_CHN_MAP_UPDATE                      12
#define         BLT_EV_FLAG_CONN_PARA_UPDATE                    13
#define         BLT_EV_FLAG_SUSPEND_ENTER                       14
#define         BLT_EV_FLAG_SUSPEND_EXIT                        15
#define         BLT_EV_FLAG_VERSION_IND_REV                     16
#define         BLT_EV_FLAG_SCAN_REQ                            17
#define         BLT_EV_FLAG_ADV_TX_EACH_CHANNEL                 18

Telink defined event is only triggered in BLE slave applications. There are two ways to implement callback of Telink defined event in BLE slave application.

(1) The first method, which is called “independent registration”, is to independently register callback function for each event.

Prototype of callback function is shown as below:

typedef void (*blt_event_callback_t)(u8 e, u8 *p, int n);

Where “e”: event number. “p”: It’s the pointer to the data transmitted from the bottom layer when callback function is executed, and it varies with the callback function. “n”: length of valid data pointed by pointer.

API to register callback function:

void    bls_app_registerEventCallback (u8 e, blt_event_callback_t p);

Whether each event will respond depends on whether corresponding callback function is registered in APP layer.

(2) The second method, which is called “shared event entry”, is that all event callback functions share the same entry. Whether each event will respond depends on whether its event mask is enabled. This method uses the same API as HCI event to register event callback:

typedef int (*hci_event_handler_t) (u32 h, u8 *para, int n);
void  blc_hci_registerControllerEventHandler(hci_event_handler_t  handler);

Although registered callback function of HCI event is shared, they are different in implementation. In HCI event callback function:

h = HCI_FLAG_EVENT_BT_STD  |  hci_event_code;

While in Telink defined event “shared event entry”:

h = HCI_FLAG_EVENT_TLK_MODULE  |  e;

Where “e” is event number of Telink defined event.

Telink defined event “shared event entry” is similar to mask of HCI event; the API below serves to set the mask to determine whether each event will be responded.

ble_sts_t   bls_hci_mod_setEventMask_cmd(u32 evtMask);

Relationship between evtMask and event number is：

evtMask = BIT(e);

The two methods for Telink defined event are exclusive to each other. The first method is recommended and is adopted by most demo code of the SDK; only “ble_ module” uses the “shared event entry” method.

For the use of Telink defined event, please refer to the demo code of project “b85m_module” for 2 “shared event entry”.

The following takes the connect and terminate event callbacks as examples to describe the code implementation methods of these two methods.

(1) The first method: “independent registration”

void    task_connect (u8 e, u8 *p, int n)
{
        // add connect callback code here
}

void    task_terminate (u8 e, u8 *p, int n)
{
        // add terminate callback code here
}
bls_app_registerEventCallback (BLT_EV_FLAG_CONNECT, &task_connect);
bls_app_registerEventCallback (BLT_EV_FLAG_TERMINATE, &task_terminate);

(2) The second method: “shared event entry”

int event_handler(u32 h, u8 *para, int n)
{
        if( (h&HCI_FLAG_EVENT_TLK_MODULE)!= 0 ) //module event
        {
            switch(event)
            {
                case BLT_EV_FLAG_CONNECT:
                {
                    // add connect callback code here
                }
                break;
                case BLT_EV_FLAG_TERMINATE:
                {
                    // add terminate callback code here
                }
            break;
                default:
            break;
            }
        }
}
blc_hci_registerControllerEventHandler(event_handler);  
bls_hci_mod_setEventMask_cmd( BIT(BLT_EV_FLAG_CONNECT) | BIT(BLT_EV_FLAG_TERMINATE) );

Following will introduce details about all events, event trigger condition and parameters of corresponding callback function for Controller.

(1) BLT_EV_FLAG_ADV

This event is not used in current SDK.

(2) BLT_EV_FLAG_ADV_DURATION_TIMEOUT

Event trigger condition: If the API “bls_ll_setAdvDuration” is invoked to set advertising duration, a timer will be started in BLE stack bottom layer. When the timer reaches the specified duration, advertising is stopped, and this event is triggered. In the callback function of this event, user can modify ADV event type, re-enable advertising, re-configure advertising duration, and etc.

Pointer p: null pointer.

Data length “n”: 0.

Note: This event is not triggered in “advertising in ConnSlaveRole” which is an extended state of Link Layer.

(3) BLT_EV_FLAG_SCAN_RSP

Event trigger condition: When Slave is in advertising state, this event will be triggered if Slave responds with scan response to the scan request from Master.

Pointer p: null pointer.

Data length “n”: 0.

(4) BLT_EV_FLAG_CONNECT

Event trigger condition: When Link Layer is in advertising state, this event will be triggered if it responds to connect request from Master and enters ConnSlaveRole role.

Data length “n”: 34.

Returned pointer p: p points to a RAM area of 34 bytes. Please refer to the definition of tlk_contr_evt_connect_t in controller.h.

typedef struct{
    u8  initA[6];           
    u8  advA[6];            
    u32 accessCode;         
    u8  crcinit[3];
    u8  winSize;
    u16 winOffset;
    u16 connReq_interval;   
    u16 connReq_latency;    
    u16 connReq_timeout;    
    u8  chm_map[5];         
    u8  hop_sca;            
}tlk_contr_evt_connect_t;

(5) BLT_EV_FLAG_TERMINATE

Event trigger condition: This event will be triggered when Link Layer state machine exits from ConnSlaveRole role in any of the three specific cases.

Returned pointer p: p points to a u8 type variable terminate_reason, which indicates the reason for the Link Layer disconnection. Please refer to the definition of tlk_contr_evt_terminate_t in controller.h.

typedef struct{
    u8  terminate_reason;
}tlk_contr_evt_terminate_t;

Data length “n”: 1.

Three cases to exit ConnSlaveRole and corresponding reasons are listed as below:

A. If Slave fails to receive packet from Master for a duration due to RF communication problem (e.g. bad RF or Master is powered off), and “connection supervision timeout” expires, this event will be triggered to terminate connection and return to disconnected state. The terminate reason is HCI_ERR_CONN_TIMEOUT (0x08).

B. If Master sends “terminate” command to actively terminate connection, after Slave responds to the command with an ack, this event will be triggered to terminate connection and return to disconnected state. The terminate reason is the Error Code in the “LL_TERMINATE_IND” control packet received in Slave Link Layer. The Error Code is determined by Master. Common Error Codes include HCI_ERR_REMOTE_USER_TERM_CONN (0x13), HCI_ERR_CONN_TERM_MIC_FAILURE (0x3D), and etc.

C. If Slave invokes the API “bls_ll_terminateConnection(u8 reason)” to actively terminate connection, this event will be triggered. The terminate reason is the actual parameter “reason” of this API.

(6) BLT_EV_FLAG_LL_REJECT_IND

Event trigger condition: When Master sends a “LL_ENC_REQ” (encryption request) in the Link Layer and it’s declared to use the pre-allocated LTK, if Slave fails to find corresponding LTK and responds with a “LL_REJECT_IND” (or “LL_REJECT_EXT_IND”), this event will be triggered.

Returned pointer p: p points to a u8 type variable which stores the transmitted command (LL_REJECT_IND or LL_REJECT_EXT_IND).

Data length “n”: 1.

For more information, please refer to Bluetooth Core Specification v5.3 [Vol 6] Part B, Section 2.4.2.

(7) BLT_EV_FLAG_RX_DATA_ABANDON

Event trigger condition: This event will be triggered when BLE RX fifo overflows (see section Link Layer TX fifo & RX fifo), or the number of More Data received in an interval exceeds the preset threshold (Note: User needs to invoke the API “blc_ll_init_max_md_nums” with non-zero parameter, so that SDK bottom layer will check the number of More Data.)

Pointer p: null pointer.

Data length “n”: 0.

(8) BLT_EV_FLAG_PHY_UPDATE

Event trigger condition: This event will be triggered after the update succeeds or fails when the slave or master proactively initiates LL_PHY_REQ; Or when the slave or master passively receives LL_PHY_REQ and meanwhile PHY is updated successfully, this event will be triggered.

Data length “n”: 1.

Pointer p: p points to an u8-type variable indicating the current connection of PHY mode.

typedef enum {
    BLE_PHY_1M          = 0x01,
    BLE_PHY_2M          = 0x02,
    BLE_PHY_CODED       = 0x03,
} le_phy_type_t;

(9) BLT_EV_FLAG_DATA_LENGTH_EXCHANGE

Event trigger condition: Triggered when Slave and Master exchange Link Layer maximum data length, i.e. one side sends LL_LENGTH_REQ and the other side replies with LL_LENGTH_RSP. If Slave initiates LL_LENGTH_REQ, it is triggered when LL_LENGTH_RSP is received; if Master initiates LL_LENGTH_REQ, it is triggered immediately after Slave replies with LL_LENGTH_RSP.

Data length “n”: 12.

Pointer p: Points to a memory area corresponding to the following structure.

typedef struct {
    u16     connEffectiveMaxRxOctets;   //effective maximum RX Octets
    u16     connEffectiveMaxTxOctets;   //effective maximum TX Octets
    u16     connMaxRxOctets;            //local maximum RX Octets
    u16     connMaxTxOctets;            //local maximum TX Octets
    u16     connRemoteMaxRxOctets;      //remote maximum RX Octets
    u16     connRemoteMaxTxOctets;      //remote maximum TX Octets
}tlk_contr_evt_dataLenExg_t;

The “connEffectiveMaxRxOctets” and “connEffectiveMaxTxOctets” are max RX and TX data length finally allowed in current connection; “connMaxRxOctets” and “connMaxTxOctets” are max RX and TX data length of the device; “connRemoteMaxRxOctets” and “connRemoteMaxTxOctets” are max RX and TX data length of peer device.

connEffectiveMaxRxOctets = min(supportedMaxRxOctets,connRemoteMaxTxOctets);

connEffectiveMaxTxOctets = min(supportedMaxTxOctets, connRemoteMaxRxOctets);

(10) BLT_EV_FLAG_GPIO_EARLY_WAKEUP

Event trigger condition: Before the BLE slave enters sleep (suspend or deepsleep retention), the next wake-up time is calculated. After entering sleep, the device wakes up when this time point is reached (implemented by a timer in the sleep state).

In this scenario, a potential issue arises: if the sleep duration is too long, user tasks can only be processed after waking up, which causes response latency issues for applications with real-time requirements.

For example, in keyboard scanning, user key presses can be very fast. To ensure no keystrokes are missed while handling debouncing, a scan interval of 10~20ms is preferred. However, if the sleep duration is long, such as 400ms or 1s (which can occur when the advertising interval is large or latency is enabled in the connection state), keystrokes will be missed.

Therefore, it is necessary to check the current sleep duration before the MCU enters sleep. If the duration is too long, the suspend/deepsleep retention mode should be configured to allow early wake-up by user key actions (this will be introduced in detail in the "PM module" section).

The event “BLT_EV_FLAG_GPIO_EARLY_WAKEUP” will be triggered if MCU is woke up from sleep (suspend or deepsleep) by GPIO in advance before wakeup timer expires.

Data length “n”: 1.

Pointer p: p points to a u8 type variable wakeup_status. This variable records which wake-up sources are effective in the current suspend state. Wake-up source status values are defined in drivers/8258(8278)/lib/include/pm.h, as shown below.

enum {
     WAKEUP_STATUS_COMPARATOR       = BIT(0),
     WAKEUP_STATUS_TIMER            = BIT(1),
     WAKEUP_STATUS_CORE             = BIT(2),
     WAKEUP_STATUS_PAD              = BIT(3),
     ......
     STATUS_GPIO_ERR_NO_ENTER_PM    = BIT(8),
     STATUS_ENTER_SUSPEND           = BIT(30),
};

For parameter definition above, please refer to “Power Management” section.

(11) BLT_EV_FLAG_CHN_MAP_REQ

Event trigger condition: When Slave is in ConnSlaveRole, if Master needs to update current connection channel list, it will send a “LL_CHANNEL_MAP_REQ” command to Slave; this event will be triggered after Slave receives this request from Master and has not processed the request yet.

Data length “n”: 5.

Pointer p: p points to the starting address of the following channel list array, as shown below.

typedef struct {
    u8      chn_map[5];     //old channel map before update take effect
}tlk_contr_evt_chnMapRequest_t;

Note: When the callback function executes, the chn_map[5] pointed to by p is the old channel map which has not yet been updated.

The chn_map uses 5 bytes to represent the current channel list. It employs a mapping method where each bit represents a channel:

Bit 0-7 of chn_map[0] represent channel 0-7 respectively.
Bit 0-7 of chn_map[1] represent channel 8-15 respectively.
Bit 0-7 of chn_map[2] represent channel 16-23 respectively.
Bit 0-7 of chn_map[3] represent channel 24-31 respectively.
Bit 0-4 of chn_map[4] represent channel 32-36 respectively.

(12) BLT_EV_FLAG_CHN_MAP_UPDATE

Event trigger condition: When Slave is in ConnSlaveRole state, this event will be triggered if Slave has updated channel map after it receives the “LL_CHANNEL_MAP_REQ” command from Master.

Returned pointer p: p points to the start address of chn_map[5], corresponding to the following structure. At this point, chn_map is the new map after update.

typedef struct {
    u8      chn_map[5];     //new channel map after update take effect
}tlk_contr_evt_chnMapUpdate_t;

Data length “n”: 5.

(13) BLT_EV_FLAG_CONN_PARA_REQ

Event trigger condition: When Slave is in ConnSlaveRole state (Conn state Slave role), if Master needs to update current connection parameters, it will send a “LL_CONNECTION_UPDATE_IND” command to Slave; this event will be triggered after Slave receives this request from Master and has not processed the request yet.

Data length “n”: 11.

Pointer p: p points to the PDU of the LL_CONNECTION_UPDATE_IND, as shown below

typedef struct {
    u8      winSize;
    u16     winOffset;
    u16     interval;
    u16     latency;
    u16     timeout;
    u16     instant;
}tlk_contr_evt_connParaReq_t;

(14) BLT_EV_FLAG_CONN_PARA_UPDATE

Event trigger condition: When Slave is in ConnSlaveRole state, this event will be triggered if Slave has updated connection parameters after it receives the “LL_CONNECTION_UPDATE_IND” from Master.

Data length “n”: 6.

Pointer p: p points to the new connection parameters after update, as shown below.

typedef struct {
    u16     conn_interval;  //new connection interval after update take effect, 1.25 mS unit
    u16     conn_latency;   //new connection latency after update take effect
    u16     conn_timeout;   //new connection timeout after update take effect, 10 mS unit
}tlk_contr_evt_connParaUpdate_t;

(15) BLT_EV_FLAG_SUSPEND_ENTER

Event trigger condition: Triggered before the slave enters sleep (suspend or deepsleep retention) while executing the "blt_sdk_main_loop" function.

Pointer p: Null pointer.

Data length “n”: 0.

(16) BLT_EV_FLAG_SUSPEND_EXIT

Event trigger condition: When Slave executes the function “blt_sdk_main_loop”, this event will be triggered after Slave is woke up from suspend.

Data length “n”: 1.

Pointer p: Points to a u8 type variable wakeup_status. The wakeup_status variable records which wake-up source statuses are effective in the current suspend state. Wake-up source status values are defined in drivers/8258(8278)/lib/include/pm.h, as shown below.

enum {
     WAKEUP_STATUS_COMPARATOR       = BIT(0),
     WAKEUP_STATUS_TIMER            = BIT(1),
     WAKEUP_STATUS_CORE             = BIT(2),
     WAKEUP_STATUS_PAD              = BIT(3),
     ......
     STATUS_GPIO_ERR_NO_ENTER_PM    = BIT(8),
     STATUS_ENTER_SUSPEND           = BIT(30),
};

Note

This callback is executed after SDK bottom layer executes “cpu_sleep_wakeup” and Slave is woke up, and this event will be triggered no matter whether the actual wakeup source is GPIO or timer. If the event “BLT_EV_FLAG_GPIO_EARLY_WAKEUP” occurs at the same time, for the sequence to execute the two events, please refer to pseudo code in “Power Management – PM Working Mechanism”.

Data Length Extension

The Bluetooth Core Specification v4.2 and above supports Data Length Extension (DLE).

Link Layer in this BLE SDK supports data length extension to max rf_len of 251 bytes per BLE Spec.

Please refer to Bluetooth Core Specification v5.3 [Vol 6] Part B, Section 2.4.2.21 LL_LENGTH_REQ and LL_LENGTH_RSP.

Following steps explains how to use data length extension.

Step 1 Configure suitable TX & RX fifo size

To receive and transmit long packet, bigger Tx & Rx fifo size is required and thus occupies large SRAM space. So be cautious when setting fifo size to avoid waste of SRAM space.

Tx fifo size should be increased to transmit long packet. Tx fifo size should be larger than Tx rf_len by 10, and should be aligned by 4 bytes.

#define     TLK_RF_TX_EXT_LEN       (10)    //10 = 4(DMA_len) + 2(BLE header) + 4(MIC)
#define     CAL_LL_ACL_TX_BUF_SIZE(maxTxOct)    (((maxTxOct + TLK_RF_TX_EXT_LEN) + 3) / 4 *4)

Receiving long packets requires increasing the RX FIFO size. The RX FIFO size should be at least 22 bytes larger than the RX rf_len, and it should be 16-byte aligned. Please refer to the following macro definition.

#define     TLK_RF_RX_EXT_LEN       (22)    //4(DMA_len) + 2(BLE header) + ISORxOct + 4(MIC) + 3(CRC) + 8(ExtraInfo)
#define     CAL_LL_ACL_RX_BUF_SIZE(maxRxOct)    (((maxRxOct + TLK_RF_RX_EXT_LEN) + 15) / 16 *16)

Note

When the 825x series chip acts as a Master, the RX FIFO size needs to be at least 29 bytes larger than the RX rf_len, and it should also be 16-byte aligned.

Step 2 Set proper MTU size

MTU, the maximum transmission unit, is used to set the size of the payload in a single packet of the L2CAP layer in BLE. THe att.h provides the API ble_sts_t blc_att_setRxMtuSize(u16 mtu_size). during the initialization of the BLE stack, users can directly use this function to pass the parameter to set the MTU. However, the MTU size effect is negotiated in the MTU exchange process, and valid value for MTU size is the minimum of MTU_A and MTU_B. MTU_A is the MTU size supported by device A, MTU_B is the MTU size supported by device B; in addition, only MTU size greater than the DLE length can make full use of the DLE to increase the link layer data throughput rate.

For the implementation of MTU size exchange, please refer to the detailed description in the "ATT & GATT" section of this document, or refer to the DLE demo in ble_feature_test.

#define MTU_SIZE_SETTING                    196
blc_att_setRxMtuSize(MTU_SIZE_SETTING);

For MTU greater than ATT_MTU_MAX_SDK_DFT_BUF, the user can register buffer with the following API.

ble_sts_t   blc_l2cap_initMtuBuffer(u8 *pMTU_rx_buff, u16 mtu_rx_size, u8 *pMTU_tx_buff, u16 mtu_tx_size);

Step 3 data length exchange

Before transfer of long packets, please make sure the “data length exchange” flow has already been completed. Data length exchange is an interactive process in Link Layer by LL_LENGTH_REQ and LL_LENGTH_RSP. Either master or slave can initiate the process by sending LL_LENGTH_REQ, while the peer responds with LL_LENGTH_RSP. Through this interaction, master and slave obtain the max Tx and Rx packet size from each other, and adopt the minimum of the two as the max Tx and Rx packet size in current connection.

Regardless of which side initiates the LL_LENGTH_REQ, upon completion of the data length exchange procedure, the SDK will generate a BLT_EV_FLAG_DATA_LENGTH_EXCHANGE event if the user has registered the corresponding callback. Please refer to the "Telink defined event" section for the meaning of each parameter in the event callback function.

The final max Tx and Rx packet size can be obtained from the BLT_EV_FLAG_DATA_LENGTH_EXCHANGE event callback function.

When B85m chip acts as slave device in actual applications, master may or may not initiate LL_LENGTH_REQ. If master does not initiate it, slave should initiate LL_LENGTH_REQ by the following API in the SDK:

ble_sts_t       blc_ll_exchangeDataLength (u8 opcode, u16 maxTxOct);

In the API, set the opcode to LL_LENGTH_REQ and maxTxOct to the maximum TX packet length supported by the current device. For example, when the maximum TX packet length is 200 bytes, set it as follows:

blc_ll_exchangeDataLength(LL_LENGTH_REQ , 200);

Since the slave device does not know whether the master will initiate LL_LENGTH_REQ, we recommend a method for your reference: register the BLT_EV_FLAG_DATA_LENGTH_EXCHANGE event callback, turn on a software timer to start timing when the connection is established (e.g. 2S), if this callback has not been triggered after 2s, it means that master has not initiated LL_LENGTH_REQ, at this time slave can calls API blc_ll_exchangeDataLength to initiate LL_LENGTH_REQ.

Step 4 MTU size exchange

In addition to data length exchange, MTU size exchange flow should also be executed to ensure configured MTU size takes effect, so that the peer can process long packet in BLE L2CAP layer. MTU size should be equal or larger than max packet size of Tx & Rx. Please refer to “ATT & GATT” section or the demo of the B85m_feature for the implementation of MTU size exchange.

Step 5 Transmission/Reception of long packet

Please refer to “ATT & GATT” section for illustration of Handle Value Notification, Handle Value Indication, Write request and Write Command.

Transmission and reception of long packet can start after correct completion of the steps above.

The APIs corresponding to “Handle Value Notification” and “Handle Value Indication” can be invoked in ATT layer to transmit long packet. As shown below, fill in the address and length of data to be sent to the parameters “*p” and “len”, respectively:

ble_sts_t   blc_gatt_pushHandleValueNotify(u16 connHandle, u16 attHandle, u8 *p, int len);
ble_sts_t   blc_gatt_pushHandleValueIndicate(u16 connHandle, u16 attHandle, u8 *p, int len);

To receive long packets, it is only needed to handle the write callback functions corresponding to Write Request and Write Command; inside the callback function, reference the data pointed to by the formal parameter pointer.

Controller API

Controller API Introduction

In the standard BLE protocol stack architecture shown in Section 3.1.1, the Application Layer cannot interact directly with the Link Layer of the Controller; data should be passed down through the Host, and ultimately, the Host transmits control commands to the Link Layer via HCI. All Controller control commands issued by the Host through the HCI interface are strictly defined in the Bluetooth Core Specification v5.3. For details, please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E Host Controller Interface Functional Specification.

Telink BLE SDK based on standard BLE architecture can serve as a Controller and work together with Host system. Therefore, all APIs to operate Link Layer strictly follow the data format of Host commands in the spec.

The detailed API descriptions below will provide the corresponding Host commands from the Spec. Users can refer to the specific explanations in the Spec for further understanding.

In BLE spec, all HCI commands to operate Controller have corresponding “HCI command complete event” or “HCI command status event” in response to Host layer. However, in Telink BLE SDK, it is handled case by case.

(1) For ble_hci class applications, Telink IC only acts as a BLE controller and needs to work with other MCU's running BLE hosts, a corresponding HCI command complete event or HCI command status event will be generated for each HCI command.

(2) For ble_master kma dongle application, both BLE Host and Controller are running on Telink IC, when Host calls API to send HCI command to Controller, all of them are received correctly by Controller and there is no loss, so the Controller no longer replies to the HCI command complete event or HCI command status event when processing the HCI command.

The Controller API is declared in the header files in the stack/ble/controller and stack/ble/hci directories, where the controller directory is classified according to Link Layer state machine functions into ll.h, ll_adv.h, ll_scan.h, ll_ext_adv.h, ll_pm.h, ll_whitelist.h, ll_init.h, ll_resolvlist.h, ll_conn.h, etc., the user can look for Link Layer functions accordingly, for example, the APIs for functions related to advertising are declared in ll_adv.h.

API Return Type ble_sts_t

An enum type “ble_sts_t” defined in the “stack/ble/ble_common.h” is used as return value type for most APIs in the SDK. When API invoking with right parameter setting is accepted by the protocol stack, it will return “0” to indicate BLE_SUCCESS; if any non-zero value is returned, it indicates a unique error type. All possible return values and corresponding error reason will be listed in the subsections below for each API.

The “ble_sts_t” applies to both APIs in Link Layer and some APIs in Host layer.

BLE MAC Address Initialization

In this document, “BLE MAC Address” includes both “public address” and “random static address”.

In this BLE SDK, the API below serves to obtain public address and random static address:

void blc_initMacAddress(int flash_addr, u8 *mac_public, u8 *mac_random_static);

The “flash_addr” is the flash address to store MAC Address. As explained earlier, this address in B85m chip 512KB flash is 0x76000. If random static address is not needed, set “mac_random_static” as “NULL”.

After the BLE public MAC Address has been successfully obtained, the API for Link Layer initialization is called and the MAC Address is passed into the BLE protocol stack.

blc_ll_initStandby_module(mac_public);

If you use the Advertising state or Scanning state in the Link Layer's state machine, you also need to pass in the MAC Address.

blc_ll_initAdvertising_module（mac_public）;
blc_ll_initScanning_module（mac_public）;

Link Layer state machine initialization

In conjunction with the previous detailed description of the Link Layer state machine, the following APIs are used to configure the initialisation of the individual modules when building the BLE state machine.

void        blc_ll_initBasicMCU (void)
void        blc_ll_initStandby_module (u8 *public_adr);
void        blc_ll_initAdvertising_module(u8 *public_adr);
void        blc_ll_initScanning_module(u8 *public_adr);
void        blc_ll_initInitiating_module(void);
void        blc_ll_initSlaveRole_module(void);
void        blc_ll_initMasterRoleSingleConn_module(void);

bls_ll_setAdvData

For details, please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.8.7 LE Set Advertising Data Command.

ADV Packet Format in BLE Stack

As shown above, an ADV packet in BLE stack contains 2-byte header, and Payload (PDU). The maximum length of Payload is 31 bytes.

The API below serves to set PDU data of ADV packet:

ble_sts_t   bls_ll_setAdvData(u8 *data, u8 len);

The “data” pointer points to the starting address of the PDU, while the “len” indicates data length.

The table below lists possible results for the return type “ble_sts_t”.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_INVALID_HCI_ CMD_PARAMS	0x12	Len exceeds the maximum length 31

This API can be invoked during initialization to set ADV data, or invoked in main_loop to modify ADV data when firmware is running.

The ADV PDU defined in the feature_backup project in this BLE SDK is as follows, for the specific meanings of the fields, please refer to the document Supplement to the Bluetooth Core Specification v12 Part A DATA TYPES SPECIFICATION.

const u8    tbl_advData[] = {
     0x08, DT_COMPLETE_LOCAL_NAME, 'f', 'e', 'a', 't', 'u', 'r', 'e',
     0x02, DT_FLAGS, 0x05,
     0x03, DT_APPEARANCE, 0x80, 0x01,
     0x05, DT_INCOMPLETE_LIST_16BIT_SERVICE_UUID, 0x12, 0x18, 0x0F, 0x18,
};

As shown in the ADV data above, the ADV device name is set as "feature".

bls_ll_setScanRspData

For details, please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.8.8 LE Set Scan response Data Command.

Similar to the ADV PDU setting above, the scan response PDU setting uses the following API:

ble_sts_t   bls_ll_setScanRspData(u8 *data, u8 len);

The "data" pointer points to the starting address of the PDU, while the “len” indicates data length.

The table below lists possible results for the return type "ble_sts_t".

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_INVALID_HCI_ CMD_PARAMS	0x12	Len exceeds the maximum length 31

Users can call this API during initialization to set Scan response data, or call this API at any time in the main_loop during runtime to modify Scan response data. The scan response data defined in the ble remote project in this BLE SDK is as follows, where the scan device name is "VRemote", for the specific meanings of the fields, please refer to the document Supplement to the Bluetooth Core Specification v12 Part A DATA TYPES SPECIFICATION.

const u8    tbl_scanRsp [] = { 0x08, 0x09, 'V', 'R', 'e', 'm', 'o', 't', 'e',};

Since the device name is set in both the advertising data and the scan response data above, and they are different, the device name actually displayed when the master device scans the Bluetooth device may differ:

a) Some devices only display the device name "feature" in the advertising packet;

b) Some devices send a scan request after scanning the advertisement, and read the scan response packet, so the displayed device name might be "VRemote".

The user can also write the same device name in these two packages, and two different names is not displayed when scanned.

In fact, after the device is connected by the master, when the master reads the Attribute Table of the device, it will obtain the gap device name of the device. After connecting to the device, it may also display the device name according to the gap device name.

bls_ll_setAdvParam

For details, please refer to Bluetooth Core Specification v5.3 [Vol 4] Part E, Section 7.8.5 LE Set Advertising Parameters Command.

Advertising Event in BLE Stack

The figure above shows Advertising Event (ADV Event in brief) in BLE stack. It indicates during each T_advEvent, Slave implements one advertising process, and sends one packet in three advertising channels (channel 37, 38 and 39) respectively.

The API below serves to set parameters related to ADV Event.

ble_sts_t   bls_ll_setAdvParam( u16 intervalMin,  u16 intervalMax,  adv_type_t advType,               own_addr_type_t ownAddrType, u8 peerAddrType, u8  *peerAddr,    adv_chn_map_t     adv_channelMap,   adv_fp_type_t   advFilterPolicy);

(1) intervalMin & intervalMax

The two parameters serve to set the range of advertising interval in integer multiples of 0.625ms. The valid range is from 20ms to 10.24s, and intervalMin should not exceed intervalMax.

As required by BLE spec, it’s not recommended to set ADV interval as fixed value; in Telink BLE SDK, the eventual ADV interval is random variable within the range of intervalMin ~ intervalMax. If intervalMin and intervalMax are set as same value, ADV interval will be fixed as the intervalMin.

ADV packet type has limits to the setting of intervalMin and intervalMax. For details, please refer to “Core 5.0” (Vol 6/Part B/ 4.4.2.2 “Advertising Events”).

If the user expects to set an interval of less than 20ms when not in ADV_TYPE_CONNECTABLE_DIRECTED_HIGH_DUTY, the interval check mechanism can be disabled via the following API.

void blc_ll_setAdvIntervalCheckEnable(u8 enable);

(2) advType

Refer to Bluetooth Core Specification v5.3, the five basic advertising types are as follows:

Five traditional BLE advertising types

In the figure above, ADV_IND is a Connectable and Scannable Undirected event, which allows Scan Requests and Connect Indications from other devices; ADV_DIRECT_IND is a Connectable Directed event, which only allows the corresponding initiator to initiate a Connect Indication; ADV_SCAN_IND is a Scannable Undirected event, which allows Scan Requests from other devices; ADV_NONCONN_IND is a Non-Connectable and Non-Scannable Undirected event, which does not allow responses from other devices.

Among the above five advertising types, ADV_DIRECT_IND is further divided into Low Duty Cycle Directed Advertising and High Duty Cycle Directed Advertising.

The advType is defined in the SDK as follows:

/* Advertisement Type */
typedef enum{
  ADV_TYPE_CONNECTABLE_UNDIRECTED             = 0x00,  // ADV_IND
  ADV_TYPE_CONNECTABLE_DIRECTED_HIGH_DUTY     = 0x01,  // ADV_INDIRECT_IND (high duty cycle)
  ADV_TYPE_SCANNABLE_UNDIRECTED               = 0x02 , // ADV_SCAN_IND
  ADV_TYPE_NONCONNECTABLE_UNDIRECTED          = 0x03 , // ADV_NONCONN_IND
  ADV_TYPE_CONNECTABLE_DIRECTED_LOW_DUTY      = 0x04,  // ADV_INDIRECT_IND (low duty cycle)
}adv_type_t;

By default, the most common ADV event type is “ADV_TYPE_CONNECTABLE_UNDIRECTED”.

(3) ownAddrType

There are four optional values for “ownAddrType” to specify ADV address type.

/* Own Address Type */
typedef enum{
    OWN_ADDRESS_PUBLIC = 0,
    OWN_ADDRESS_RANDOM = 1,
    OWN_ADDRESS_RESOLVE_PRIVATE_PUBLIC = 2,
    OWN_ADDRESS_RESOLVE_PRIVATE_RANDOM = 3,
}own_addr_type_t;

First two parameters are explained herein.

The "OWN_ADDRESS_PUBLIC" indicates that public MAC address is used during advertising. Actual address is the setting from the API “blc_ll_initAdvertising_module(u8 *public_adr)” during MAC address initialization.

The "OWN_ADDRESS_RANDOM" indicates random static MAC address is used during advertising, and the address comes from the setting of the API below:

ble_sts_t   blc_ll_setRandomAddr(u8 *randomAddr);

"OWN_ADDRESS_RESOLVE_PRIVATE_PUBLIC": Indicates that during advertising, the Controller generates a Resolvable Private Address (RPA) based on the local IRK in the resolving list. If no matching entry is found in the resolving list, the Public MAC Address is used.

"OWN_ADDRESS_RESOLVE_PRIVATE_RANDOM": Indicates that during advertising, the Controller generates a Resolvable Private Address (RPA) based on the local IRK in the resolving list. If no matching entry is found in the resolving list, the Random Static MAC Address is used.

(4) peerAddrType & *peerAddr

When "ownAddrType" is 2 or 3, the "*peerAddr" parameter contains the peer's "Identity Address", and the "peerAddrType" parameter is the peer's "Identity Type" (i.e. 0x00 or 0x01). These parameters are used to locate the corresponding "local IRK" in the "resolving list"; this "IRK" is used to generate the own address used in advertising. Detailed introduction in the subsequent "Whitelist & Resolving list" chapter.

When "advType" is set to directed advertising packet type "directed adv" ("ADV_TYPE_CONNECTABLE_DIRECTED_HIGH_DUTY" or "ADV_TYPE_CONNECTABLE_DIRECTED_LOW_DUTY"), "peerAddrType" and "*peerAddr" are used to specify the type and address of the "peer device MAC Address".

In other cases, the values of "peerAddrType" and "*peerAddr" are invalid, can be set to 0 and "NULL".

(5) adv_channelMap

The “adv_channelMap” serves to set advertising channel. It can be selectable from channel 37, 38, 39 or combination.

typedef enum{
    BLT_ENABLE_ADV_37   =       BIT(0),
    BLT_ENABLE_ADV_38   =       BIT(1),
    BLT_ENABLE_ADV_39   =       BIT(2),
    BLT_ENABLE_ADV_ALL  =       (BLT_ENABLE_ADV_37 | BLT_ENABLE_ADV_38 | BLT_ENABLE_ADV_39),
}adv_chn_map_t;

(6) advFilterPolicy

The “advFilterPolicy” serves to set filtering policy for scan request/connect request from other device when ADV packet is transmitted. Address to be filtered needs to be pre-loaded in whitelist.

Filtering type options are shown as below. The “ADV_FP_NONE” can be selected if whitelist filter is not needed.

typedef enum {
    ADV_FP_ALLOW_SCAN_ANY_ALLOW_CONN_ANY        =   0x00,  
    ADV_FP_ALLOW_SCAN_WL_ALLOW_CONN_ANY         =   0x01,
    ADV_FP_ALLOW_SCAN_ANY_ALLOW_CONN_WL         =   0x02, 
    ADV_FP_ALLOW_SCAN_WL_ALLOW_CONN_WL          =   0x03, 
    ADV_FP_NONE =   ADV_FP_ALLOW_SCAN_ANY_ALLOW_CONN_ANY, 
} adv_fp_type_t; //adv_filterPolicy_type_t

The table below lists possible values and reasons for the return value “bls_ll_setAdvParam”.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_UNSUPPORTED_FEATURE_PARAM_VALUE	0x11	"interval" or "ownAddrType" does not conform to the BLE protocol regulations.

According to Host command design in HCI part of BLE spec, eight parameters are configured simultaneously by the “bls_ll_setAdvParam” API. This setting also takes some coupling parameters into consideration. For example, the “advType” has limits to the setting of intervalMin and intervalMax, and range check depends on the advType; if advType and advInterval are set in two APIs, the range check is uncontrollable.

However, considering that the user may modify some common parameters frequently and does not want to call bls_ll_setAdvParam every time to set 8 parameters at the same time, the SDK wraps 4 of the parameters that are not coupled with other parameters separately to facilitate the use of the user. The three separately wrapped APIs are as follows.

ble_sts_t   bls_ll_setAdvInterval(u16 intervalMin, u16 intervalMax);
ble_sts_t   bls_ll_setAdvChannelMap(u8 adv_channelMap);
ble_sts_t   bls_ll_setAdvFilterPolicy(u8 advFilterPolicy);

These 3 API parameters are the same as in bls_ll_setAdvParam.

Return value ble_sts_t：

1) bls_ll_setAdvChannelMap and bls_ll_setAdvFilterPolicy will return BLE_SUCCESS unconditionally.

2) bls_ll_setAdvInterval will return BLE_SUCCESS or HCI_ERR_INVALID_HCI_CMD_PARAMS.

bls_ll_setAdvEnable

Please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.9 LE Set Advertising Enable Command.

ble_sts_t   bls_ll_setAdvEnable(int en);

en”: BLC_ADV_ENABLE - Enable Advertising; BLC_ADV_DISABLE - Disable Advertising.

a) In Idle state, by enabling Advertising, Link Layer will enter Advertising state.

b) In Advertising state, by disabling Advertising, Link Layer will enter Idle state.

c) In other states, Link Layer state is not influenced by enabling or disabling Advertising.

Note：

- Note that at any time this function is called, ble_sts_t unconditionally returns BLE_SUCCESS, which means that the ADV-related parameters will be turned on or off internally, but only if they are in idle or ADV state.

bls_ll_setAdvDuration

ble_sts_t   bls_ll_setAdvDuration (u32 duration_us, u8 duration_en);

After the “bls_ll_setAdvParam” is invoked to set all ADV parameters successfully, and the “bls_ll_setAdvEnable(BLC_ADV_ENABLE)” is invoked to start advertising, the API “bls_ll_setAdvDuration” can be invoked to set duration of ADV event, so that advertising will be automatically disabled after this duration.

“duration_en”: 1-enable timing function; 0-disable timing function. “duration_us”: The “duration_us” is valid only when the “duration_en” is set as 1, and it indicates the advertising duration in unit of us.

The program starts timing from the set time point, once exceeding the preset time, stops advertising, advertising enable becomes invalid, in "Advertising state", switches to "Idle State", at this time triggers "Link Layer" event "BLT_EV_FLAG_ADV_DURATION_TIMEOUT".

As specified in BLE spec, for the ADV type “ADV_TYPE_CONNECTABLE_DIRECTED_HIGH_DUTY”, the duration time is fixed as 1.28s, i.e. advertising will be stopped after the 1.28s duration. Therefore, for this ADV type, the setting of “bls_ll_setAdvDuration” does not take effect.

The return value “ble_sts_t” is shown as below.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_INVALID_HCI_ CMD_PARAMS	0x12	Duration Time cannot be configured for “ADV_TYPE_CONNECTABLE_DIRECTED_HIGH_DUTY” type.

When ADV Duration Time expires, advertising is stopped, if user needs to re-configure ADV parameters (such as AdvType, AdvInterval, AdvChannelMap), first the parameters should be set in the callback function of the event “BLT_EV_FLAG_ADV_DURATION_TIMEOUT”, then the “bls_ll_setAdvEnable (1)” should be invoked to start new advertising.

To trigger the “BLT_EV_FLAG_ADV_DURATION_TIMEOUT”, a special case should be noted:

Suppose the “duration_us” is set as “2000000” (i.e. 2s).

If Slave stays in advertising state, when ADV time reaches the preset 2s timeout, the “BLT_EV_FLAG_ADV_ DURATION_TIMEOUT” will be triggered to execute corresponding callback function.

If Slave is connected with Master when ADV time is less than the 2s timeout (suppose ADV time is 0.5s), the timeout timing is not cleared but cached in bottom layer. When Slave stays in connection state for 1.5s (i.e. the preset 2s timeout moment is reached), since Slave does not check ADV event timeout in connection state, the callback of “BLT_EV_FLAG_ADV_DURATION_TIMEOUT” is not triggered.

blc_ll_setAdvCustomedChannel

The API below serves to customize special advertising channel/scanning channel, and it only applies some special applications such as BLE mesh. It’s not recommended to use this API for other conventional application cases.

void  blc_ll_setAdvCustomedChannel (u8 chn0, u8 chn1, u8 chn2);

chn0/chn1/chn2: customized channel. Default standard channel is 37/38/39. For example, to set three advertising channels as 2420MHz, 2430MHz and 2450MHz, the API below should be invoked:

blc_ll_setAdvCustomedChannel (8, 12, 22);

bls_ll_continue_adv_after_scan_req

The following API is used to set whether to continue sending advertising packets when receiving a scan request within the current "advertising interval".

void bls_ll_continue_adv_after_scan_req(u8 enable);

By default, assuming a "SCAN REQ" is received on channel 37, subsequent channel 38 and channel 39 advertising packets are not sent, if the user wishes to continue sending, can call "bls_ll_continue_adv_after_scan_req(1)" to enable.

bls_set_advertise_prepare

The following API is used to register a callback function before the start of the current advertising, used to determine whether to send advertising packets.

void bls_set_advertise_prepare (void *p);

The prototype of function pointer p is as follows.

typedef int (*advertise_prepare_handler_t) (rf_packet_adv_t * p);

If the user wishes to process some tasks before each advertising transmission or stop a specific advertising transmission, implement it by registering this callback function. When the return value of the callback function is 0, it stops the transmission of this advertising. When the return value of the callback function is non-zero, this advertising transmits normally.

rf_set_power_level_index

This BLE SDK provides the API to set output power for BLE RF packet, as shown below.

void rf_set_power_level_index (RF_PowerTypeDef level)

The setting of the "level" value refers to the enumeration variable "RF_PowerTypeDef" defined in "drivers/8258(8278)/lib/include/rf_drv.h".

The Tx power configured by this API will take effect for both ADV packet and conn packet, and it can be set freely in firmware. The actual Tx power will be determined by the latest setting. Please note that the “rf_set_power_level_index” configures registers related to MCU RF. Once MCU enters sleep (suspend/deepsleep retention), these registers’ values will be lost, so they should be reconfigured after each wakeup. For example, SDK demo employs the event callback “BLT_EV_FLAG_SUSPEND_EXIT” to guarantee RF power is recovered after wakeup from sleep.

_attribute_ram_code_ void    task_suspend_exit (u8 e, u8 *p, int n)
{
    rf_set_power_level_index (MY_RF_POWER_INDEX);
}

bls_app_registerEventCallback (BLT_EV_FLAG_SUSPEND_EXIT, &task_suspend_exit);

blc_ll_setScanParameter

Please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.10 LE Set Scan Parameters Command.

ble_sts_t   blc_ll_setScanParameter (u8 scan_type, 
u16 scan_interval, u16 scan_window, 
own_addr_type_t ownAddrType, 
scan_fp_type_t scanFilter_policy);

Parameter analysis:

(1) scan_type

The user can select "passive scan" and "active scan", the difference is that "active scan" sends "SCAN_REQ" when receiving "ADV packet" to acquire more information of device "SCAN_RSP", the received "SCAN_RSP" packet is also transmitted to "BLE Host" through "ADV report event"; while "passive scan" does not send "SCAN_REQ".

/* LE_Scan_Type */
typedef enum {
    SCAN_TYPE_PASSIVE = 0x00,
    SCAN_TYPE_ACTIVE  = 0x01,
} scan_type_t;

(2) scan_interval/scan_window

"scan_interval" sets the frequency switching time in "Scanning state", the unit is 0.625ms, "scan_window" is temporarily not processed in this "BLE SDK", the actual "scan window" is set to "scan_interval".

(3) ownAddrType

When specifying the SCAN_REQ packet address type, the 4 optional values for ownAddrType are as follows.

typedef enum{
    OWN_ADDRESS_PUBLIC = 0,
    OWN_ADDRESS_RANDOM = 1,
    OWN_ADDRESS_RESOLVE_PRIVATE_PUBLIC = 2,
    OWN_ADDRESS_RESOLVE_PRIVATE_RANDOM = 3,
}own_addr_type_t;

OWN_ADDRESS_PUBLIC means that the public MAC Address is used for Scan, the actual address comes from the settings during the MAC Address initialisation API blc_initMacAddress(flash_sector_mac_address, mac_public, mac_ random_static).

OWN_ADDRESS_RANDOM indicates that a random static MAC Address is used for Scan, which is derived from the value set by the following API.

ble_sts_t   blc_ll_setRandomAddr(u8 *randomAddr);

OWN_ADDRESS_RESOLVE_PRIVATE_PUBLIC means that the Controller generates a Resolvable Private Address based on the local IRK in the resolving list for Scan. If no matching entry is found in the resolving list, the public MAC Address is used.

OWN_ADDRESS_RESOLVE_PRIVATE_RANDOM indicates that the Controller generates a Resolvable Private Address based on the local IRK in the resolving list for Scan. If no matching entry is found in the resolving list, the random static MAC Address is used.

(4) scan filter policy

The current supported scan filter policy are as follows:

typedef enum {
    SCAN_FP_ALLOW_ADV_ANY                       =       0x00,
    SCAN_FP_ALLOW_ADV_WL                        =       0x01,
    SCAN_FP_ALLOW_UNDIRECTED_ADV                =       0x02,
    SCAN_FP_ALLOW_ADV_WL_DIRECT_ADV_MATCH       =       0x03,
} scan_fp_type_t;

SCAN_FP_ALLOW_ADV_ANY means that the Link Layer does not filter the ADV packets from scan and reports them directly to the BLE Host.

SCAN_FP_ALLOW_ADV_WL requires that the ADV packets scanned should be in the whitelist before they are reported to the BLE Host.

When using the above two "scan filter policy" modes, unless the following conditions are met, "directed advertising PDU" will be ignored:

The "TargetA" field is the same as the scanning device address, or
The "TargetA" field is "RPA", address resolution is enabled, and address resolution is successful.

"SCAN_FP_ALLOW_UNDIRECTED_ADV" is basically the same as "SCAN_FP_ALLOW_ADV_ANY", "SCAN_FP_ALLOW_ADV_WL_DIRECT_ADV_MATCH" is basically the same as "SCAN_FP_ALLOW_ADV_WL", except for the conditions for ignoring "directed advertising PDU".

When using "SCAN_FP_ALLOW_UNDIRECTED_ADV" or "SCAN_FP_ALLOW_ADV_WL_DIRECT_ADV_MATCH" modes, unless the following conditions are met, "directed advertising PDU" will be ignored:

The "TargetA" field is the same as the scanning device address, or
The "TargetA" field is "RPA".

The return value of "blc_ll_setScanParameter" is always "BLE_SUCCESS"; as the "API" does not perform parameter validity checks, the "user" should ensure the validity of the parameters.

blc_ll_setScanEnable

Please refer to "Bluetooth Core Specification v5.3" [Vol 2] Part E, Section 7.8.11 LE Set Scan Enable Command.

ble_sts_t   blc_ll_setScanEnable (scan_en_t scan_enable, dupFilter_en_t filter_duplicate);

The scan_enable parameter type has the following 2 optional values.

typedef enum {
    BLC_SCAN_DISABLE = 0x00,
    BLC_SCAN_ENABLE  = 0x01,
} scan_en_t;

When scan_enable is BLC_SCAN_ENABLE, Enable Scanning; when scan_enable is BLC_SCAN_DISABLE, Disable Scanning.

(1) In Idle state, Enable Scanning, Link Layer enters Scanning state.

(2) In Scanning state, Disable Scanning, Link layer enters Idle state.

The filter_duplicate parameter type has 2 optional values as follows.

typedef enum {
    DUP_FILTER_DISABLE      = 0x00,
    DUP_FILTER_ENABLE       = 0x01,
} dupFilter_en_t;

When filter_duplicate is DUP_FILTER_ENABLE, duplicate packet filtering is enabled, and the Controller will only report the ADV report event to the Host once for each different ADV packet; when filter_duplicate is DUP_FILTER_DISABLE, duplicate packet filtering is not enabled, and the ADV packet scanned to the Host will will always be reported to the Host.

The return value ble_sts_t is as below.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CURRENT_STATE_ NOT_SUPPORTED_THIS_CMD	0x83	"Link Layer" is in "BLS_LINK_STATE_ADV"/"BLS_LINK_STATE_CONN" state
LL_ERR_INVALID_ PARAMETER	0x84	"Link Layer" has not initialized "SCAN" module

When "scan_type" is set to "active scan", after "Enable Scanning", for each device, reads "SCAN_RSP" only once and reports to "Host". Because after each "Enable Scanning", the "Controller" records "SCAN_RSP" of different devices, stores them into "SCAN_RSP" list, ensures not to send "SCAN_REQ" to this device again later.

If the "user" needs to report "SCAN_RSP" of the same device multiple times, can set whether to enable the filter policy of sending "SCAN_REQ" through "API" "blc_ll_scanReq_filter_en". When calling "blc_ll_scanReq_filter_en(0)", for scannable advertising conforming to "scan filter policy", regardless of whether "SCAN_REQ" has been sent to this advertising, actively sends "SCAN_REQ", and reports "SCAN_RSP".

blc_ll_createConnection

Please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.12 LE Create Connection Command.

ble_sts_t   blc_ll_createConnection( scan_inter_t scanInter, scan_wind_t scanWindow, init_fp_t initiator_fp, u8 peerAdrType, u8 *peerAddr, own_addr_type_t ownAdrType, conn_inter_t conn_min,  conn_inter_t conn_max,  u16 conn_latency, conn_tm_t timeout, u16 ce_min,   u16 ce_max );

(1) scan_interval/scan window

scanInter sets the Scan frequency switching time in the Initiating state, in 0.625ms.

scanWindow is not handled in the Telink BLE SDK at the moment, the actual scan window is set to scanInter.

(2) initiator_fp

Specify the policy for the currently connected device, either of the following two options.

typedef enum {
    INITIATE_FP_ADV_SPECIFY = 0x00,  //connect ADV specified by host
    INITIATE_FP_ADV_WL = 0x01,  //connect ADV in whiteList
} init_fp_type_t;

"INITIATE_FP_ADV_SPECIFY" indicates the connected device address is the following "peerAdrType"/"peerAddr";

"INITIATE_FP_ADV_WL" indicates connecting to the devices in the "whitelist"; at this time, "peerAdrType"/"peerAddr" are meaningless.

(3) peerAdrType/peerAddr

When "initiator_filter_policy" is "INITIATE_FP_ADV_SPECIFY", a connection is established to the device whose address type is "peerAdrType" and address is "peerAddr".

(4) ownAdrType

Specifies the MAC Address type used by the Master role to establish a connection; the available values are as follows.

typedef enum{
    OWN_ADDRESS_PUBLIC = 0,
    OWN_ADDRESS_RANDOM = 1,
    OWN_ADDRESS_RESOLVE_PRIVATE_PUBLIC = 2,
    OWN_ADDRESS_RESOLVE_PRIVATE_RANDOM = 3,
}own_addr_type_t;

OWN_ADDRESS_PUBLIC means that a public MAC address is used when connecting, the actual address is from the API blc_ll_initStandby_module (u8 *public_adr) set during MAC address initialization.

OWN_ADDRESS_RANDOM indicates that a random static MAC address is used when connecting, which is derived from the value set by the following API.

ble_sts_t   blc_ll_setRandomAddr(u8 *randomAddr);

"OWN_ADDRESS_RESOLVE_PRIVATE_PUBLIC" means that the "Controller" generates a "Resolvable Private Address" based on the "local IRK" in the "resolving list" for connection. If no matching entry is found in the "resolving list", the "public MAC Address" is used.

"OWN_ADDRESS_RESOLVE_PRIVATE_RANDOM" indicates that the "Controller" generates a "Resolvable Private Address" based on the "local IRK" in the "resolving list" for connection. If no matching entry is found in the "resolving list", the "random static MAC Address" is used.

(5) conn_min/conn_max/conn_latency/timeout

These 4 parameters specify the connection parameters for the Master role once the connection is established, and these parameters are also sent to the Slave via the connection request, which will also have the same connection parameters.

conn_min/conn_max specifies the range of conn interval. The Telink BLE SDK for Master role Single Connection uses the value of conn_min directly. "conn_max" is not used. The unit is 0.625ms.

conn_latency specifies the connection latency, usually set to 0. timeout specifies the connection supervision timeout, in 10ms.

(6) ce_min/ce_max

The SDK does not handle ce_min/ce_max yet.

The return value table of "blc_ll_createConnection" is as below.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_CMD_DISALLOWED	0x0C	The "Link Layer" is already in the "Initiating state" and does not accept a new "create connection" command
HCI_ERR_INVALID_HCI _CMD_PARAMS	0x12	"Own address type" is "OWN_ADDRESS_RANDOM", but "random static MAC Address" is not initialized
HCI_ERR_CONTROLLER _BUSY	0x3A	"Link Layer" is in "Advertising state" or "Connection state"

blc_ll_setCreateConnectionTimeout

ble_sts_t   blc_ll_setCreateConnectionTimeout (u32 timeout_ms);

The return value is BLE_SUCCESS and the timeout_ms unit is ms.

According to the Link Layer state machine, when blc_ll_createConnection triggers the Idle state/Scanning state to enter the Initiating state, if the connection cannot be established for a long time, it will trigger Initiate timeout and exit the Initiating state.

Each time blc_ll_createConnection is called, the SDK defaults to the current Initiate timeout time of connection supervision timeout *2. If the User does not want to use the SDK default timeout, they can call blc_ll_createConnection immediately after the blc_ll_setCreateConnectionTimeout immediately after createConnection to set the desired Initiate timeout.

blc_ll_createConnectionCancel

Please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.13 LE Create Connection Cancel command.

ble_sts_t   blc_ll_createConnectionCancel (void);

According to the introduction in the "Link Layer" state machine, when "blc_ll_createConnection" triggers the transition from the "Idle state"/"Scanning state" to the "Initiating state", if the "user" wishes to cancel the connection, the "API" "blc_ll_createConnectionCancel" can be used.

List of return values for "blc_ll_createConnectionCancel":

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_CMD_DISALLOWED	0x0C	The "Link Layer" is already in the "Connection state" and cannot be cancelled

blm_ll_updateConnection

Please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.18 LE Connection Update Command.

ble_sts_t blm_ll_updateConnection (u16 connHandle,
                u16 conn_min, u16 conn_max, u16 conn_latency, u16 timeout,
                              u16 ce_min, u16 ce_max);

(1) connection handle

Specify the connection whose parameters need to be updated.

(2) conn_min/ conn_max/ conn_latency/ timeout

Specify the connection parameter to be updated. Master role single connection currently uses conn_min directly as the new interval.

(3) ce_min/ce_max

Not currently processed.

The return value ble_sts_t is only BLE_SUCCESS, the API does not check the reasonableness of the parameters, the user needs to pay attention to the reasonableness of the set parameters.

bls_ll_terminateConnection

ble_sts_t   bls_ll_terminateConnection (u8 reason);

This API is used for BLE Slave device, and it only applies to Connection state Slave role.

In order to actively terminate connection, this API can be invoked by APP Layer to send a “Terminate” to Master in Link Layer. “reason” indicates reason for disconnection. Please refer to “Core_v5.0” (Vol 2/Part D/2 “Error Code Descriptions”).

If connection is not terminated due to system operation abnormity, generally APP layer specifies the “reason” as:

HCI_ERR_REMOTE_USER_TERM_CONN  = 0x13
bls_ll_terminateConnection(HCI_ERR_REMOTE_USER_TERM_CONN);

In bottom-layer stack of Telink BLE SDK, this API is invoked only in one case to actively terminate connection: When data packets from peer device are decrypted, if an authentication data MIC error is detected, the “bls_ll_terminateConnection(HCI_ERR_CONN_TERM_MIC_FAILURE)” will be invoked to inform the peer device of the decryption error, and connection is terminated.

After Slave invokes this API to actively initiate disconnection, the event “BLT_EV_FLAG_TERMINATE” is triggered.

In Connection state Slave role, generally connection will be terminated successfully by invoking this API; however, in some special cases, the API may fail to terminate connection, and the error reason will be indicated by the return value. It’s recommended to check whether the return value is “BLE_SUCCESS” when this API is invoked by APP layer.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_CONN_NOT_ ESTABLISH	0x3E	Link Layer is not in Connection state
HCI_ERR_CONTROLLER _BUSY	0x3A	Controller busy (mass data are being transferred), this command cannot be accepted for the moment.

blm_ll_disconnect

ble_sts_t  blm_ll_disconnect (u16 handle, u8 reason);

This API is used for BLE Master devices and is only available for the Connection Master role.

This function is identical to the "Slave role" "API" "bls_ll_terminateConnection", except for the inclusion of an additional "conn handle" parameter. As the "Master role" in this "BLE SDK" is designed to maintain at most a single connection, the "handle" should be specified as "BLM_CONN_HANDLE".

The API returns the following values.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_UNKNOWN_CONN_ID	0x02	"Handle" error; the corresponding "connection" cannot be found

Get Connection Parameters

The following APIs serves to obtain current connection paramters including Connection Interval, Connection Latency and Connection Timeout (only apply to Slave role).

u16         bls_ll_getConnectionInterval(void); 
u16         bls_ll_getConnectionLatency(void);
u16         bls_ll_getConnectionTimeout(void);

a) If the "Link Layer" is currently in a non-connected state, meaning there are no connection parameters, the return value from calling the above "API" is 0.

b) If the "Link Layer" is currently in a connected state, the return value represents the parameter value:

Actual conn interval divided by 1.25ms will be returned by the API “bls_ll_getConnectionInterval”. Suppose current conn interval is 10ms, the return value should be 10ms/1.25ms=8.
Actual Latency value will be returned by the API “bls_ll_getConnectionLatency”.
Actual conn timeout divided by 10ms will be returned by the API “bls_ll_getConnectionTimeout”. Suppose current conn timeout is 1000ms, the return value would be 1000ms/10ms=100.

blc_ll_getCurrentState

The API below serves to obtain current Link Layer state.

u8  blc_ll_getCurrentState(void);

The user determines the current state at the application level, e.g.

if(blc_ll_getCurrentState() == BLS_LINK_STATE_ADV)
if(blc_ll_getCurrentState() == BLS_LINK_STATE_CONN)

blc_ll_getLatestAvgRSSI

The API serves to obtain latest average RSSI of connected peer device after Link Layer enters Slave role or Master role.

u8      blc_ll_getLatestAvgRSSI(void)

The return value is u8-type rssi_raw, and the real RSSI should be: rssi_real = rssi_raw- 110. Suppose the return value is 50, rssi = -60 dB.

Whitelist & Resolving list

As mentioned earlier, the "filter_policy" in the "Advertising"/"Scanning"/"Initiating state" involves the "Whitelist" and "Resolving list"; corresponding operations are performed based on the devices in the "Whitelist" and "Resolving list".

User can check whether address type of peer device is RPA (Resolvable Private Address) via “peer_addr_type” and “peer_addr”. The API below can be invoked directly.

#define IS_NON_RESOLVABLE_PRIVATE_ADDR(type, addr)  ( (type)==BLE_ADDR_RANDOM && (addr[5] & 0xC0) == 0x00 )
#define IS_RESOLVABLE_PRIVATE_ADDR(Type, Addr)  ( (Type)==BLE_ADDR_RANDOM && (Addr[5] & 0xC0) == 0x40 )

Only non-RPA address can be stored in whitelist. In current SDK, whitelist can store up to four devices.

The introduction to the "Whitelist"-related "APIs" is as follows.

(1) blc_ll_clearWhiteList

ble_sts_t blc_ll_clearWhiteList(void);

The return value of reset whitelist is “BLE_SUCCESS”.

(2) blc_ll_addDeviceToWhiteList

ble_sts_t blc_ll_removeDeviceFromWhiteList(u8 type, u8 *addr);

Add a device into whitelist, the return value is shown as below.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_MEM_CAP_EXCEEDED	0x07	Whitelist is already full, add failure
HCI_ERR_INVALID_HCI _CMD_PARAMS	0x12	"Address type" is "RPA", which is an invalid parameter

(3)blc_ll_removeDeviceFromWhiteList

ble_sts_t blc_ll_removeDeviceFromWhiteList(u8 type, u8 *addr);

Delete a device from whitelist, the return value is “BLE_SUCCESS”.

RPA (Resolvable Private Address) device needs to use Resolving list. To save RAM space, “Resolving list” can store up to two devices in current SDK.

The introduction to the "Resolving list"-related "APIs" is as follows.

blc_ll_clearResolvingList：

ble_sts_t  blc_ll_clearResolvingList(void);

Reset Resolving list, the return value is “BLE_SUCCESS”.

blc_ll_setAddressResolutionEnable:

ble_sts_t  blc_ll_setAddressResolutionEnable (u8 resolutionEn);

To use the "Resolving list" for address resolution, address resolution should be enabled. It can be disabled when resolution is not required.

blc_ll_addDeviceToResolvingList:

ble_sts_t  blc_ll_addDeviceToResolvingList(u8 peerIdAddrType, u8 *peerIdAddr, 
u8 *peer_irk, u8 *local_irk);

To add a device using an "RPA", "peerIdAddrType", "peerIdAddr", and "peer_irk" should be populated with the "identity address type", "identity address", and "IRK" distributed by the "peer device", respectively. This information is stored in "Flash" during the pairing and encryption process; the "user" can find the "APIs" to obtain this information in the "SMP" introduction section.

When the "local device" needs to use an "RPA", "local_irk" needs to be populated with the "IRK" distributed by the "local device". This information is stored in "Flash" during the pairing and encryption process; the "user" can find the "APIs" to obtain this information in the "SMP" introduction section.

blc_ll_removeDeviceFromResolvingList:

ble_sts_t  blc_ll_removeDeviceFromResolvingList(u8 peerIdAddrType, u8 *peerIdAddr);

This API serves to delete a RPA device from Resolvinglist.

blc_ll_setResolvablePrivateAddressTimeout:

ble_sts_t   blc_ll_setResolvablePrivateAddressTimeout (u16 rpa_timeout_s);

Used to set the time interval for "RPA" updates in the "Controller"; the current default value is 900s. When the device uses a "Local RPA" and the timeout expires, the "controller" updates the "RPA". For specific details, please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.45 LE Set Resolvable Private Address Timeout command.

List of return values:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
HCI_ERR_INVALID_HCI _CMD_PARAMS	0x12	Invalid timeout value

For the usage of "Whitelist"/"Resolving list" to implement address filtering, please refer to "TEST_WHITELIST" in the "SDK feature test demo".

For the usage of "Resolving list" to implement "peer device" "RPA" resolution, please refer to the "ble sample" or "ble remote" in the "SDK".

For the usage of "Resolving list" to implement "local device" "RPA" generation, please refer to "TEST_LL_PRIVACY_SLAVE" and "TEST_LL_PRIVACY_MASTER" in the "SDK feature test demo".

Coded PHY/2M PHY

Coded PHY/2M PHY Introduction

"Coded PHY" and "2M PHY" are new "Features" added in "Bluetooth Core Specification v5.0", significantly expanding the application scenarios of "BLE". "Coded PHY" includes "S2" (500 kb/s) and "S8" (125 kb/s) to accommodate longer-range applications, while "2M PHY" (2 Mb/s) greatly improves "BLE" bandwidth. "2M PHY"/"Coded PHY" can be used in "advertising channels" and also in "data channels" in the "connected state". The usage method in the "connected state" is introduced in this section, while the usage method in "advertising channels" is introduced in the "Extended Advertising" chapter.

Coded PHY/2M PHY Demo Introduction

In the "B85 BLE SDK" provided by "Telink", "Coded PHY"/"2M PHY" are disabled by default to save "SRAM". If the "user" chooses to use this "Feature", it can be enabled manually. For the method to enable it, please refer to the "Demo" provided by the "BLE SDK".

For the "Slave" side, please refer to "TEST_2M_CODED_PHY_CONNECTION" in the "SDK feature test demo".

Define the macro in vendor/ble_feature_test/feature_config.h

#define FEATURE_TEST_MODE   TEST_2M_CODED_PHY_CONNECTION

Master end reference Demo “ble_master_kma_dongle”

Users can also choose to use other manufacturers' devices, as long as they support Coded PHY/2M PHY, they can interconnect with Telink's Slave devices.

If using Telink's SDK, Coded PHY and 2M PHY are also disabled by default on the Master end and need to be enabled by the following method.

Add API to the function void user_init(void) in vendor/ble_master_kma_dongle/app.c (disabled by default in SDK).

blc_ll_init2MPhyCodedPhy_feature();

Coded PHY/2M PHY API Introduction

(1) API

void blc_ll_init2MPhyCodedPhy_feature(void)

is used to enable Code PHY and 2M PHY.

(2) A new event - BLT_EV_FLAG_PHY_UPDATE is introduced to Telink Defined Event in order to support Coded and 2M PHY, the detail implementation could refer to section “Controller Event”.

(3) API:

ble_sts_t  blc_ll_setPhy (u16 connHandle,le_phy_prefer_mask_t all_phys, le_phy_prefer_type_t tx_phys, le_phy_prefer_type_t rx_phys, le_ci_prefer_t phy_options);

This is a standard "BLE Spec" interface. Please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.49 LE Set PHY Command for details.

connHandle：slave mode: it should set to BLS_CONN_HANDLE; master mode: it should set to BLM_CONN_HANDLE.

For other parameters, please refer to Spec’s definition along with SDK’s enumeration definition.

(4) API blc_ll_setDefaultConnCodingIndication()

ble_sts_t   blc_ll_setDefaultConnCodingIndication(le_ci_prefer_t prefer_CI);

This is not a standard "BLE Spec" interface. When the "Peer Device" actively initiates a "PHY_Req" using the "API" blc_ll_setPhy(), the recipient can use this "API" to set the "preferred Encode Mode" ("S2"/"S8") of the "local device".

Channel Selection Algorithm #2

"Channel Selection Algorithm #2" is a new "Feature" added in "Bluetooth Core Specification v5.0" that provides improved interference resilience. For specific details regarding the algorithm, please refer to "Bluetooth Core Specification v5.3" [Vol 6] Part B, Section 4.5.8.3 Channel Selection Algorithm #2.

The corresponding demo reference in BLE SDK.

For the Slave side, please refer to TEST_CSA2 in the SDK feature test demo.

Define macro in vendor/ble_feature_test/feature_config.h as below:

#define FEATURE_TEST_MODE           TEST_CSA2

a) If "Legacy Advertising" is used, "Channel Selection Algorithm #2" is optional and is disabled by default in the "SDK". If the "user" chooses to use "Channel Selection Algorithm #2", it should be enabled by calling the following "API".

 void blc_ll_initChannelSelectionAlgorithm_2_feature(void)

b) If "Extended Advertising" is used and a connection needs to be initiated via "Extended Advertising", "Channel Selection Algorithm #2" should be enabled using the above "API". This is a requirement in the "Spec", as connections initiated via "Extended Adv" default to using "Channel Selection Algorithm #2" upon successful connection. If only the "Advertising" function is used, it is recommended not to enable "Channel Selection Algorithm #2" to save "SRAM".

For the "Master" side, please refer to the "Demo" "ble_master_kma_dongle".

By default the master end frequency hopping algorithm #2 is also disabled, if needed the same API has to be enabled manually in the user_init() call.

void blc_ll_initChannelSelectionAlgorithm_2_feature(void)；

Extended Advertising

Extended Advertising Introdcution

"Extended Advertising" is a new "Feature" added in "Bluetooth Core Specification v5.0".

Due to the expansion of the "Advertising" section in "Bluetooth Core Specification v5.0", several new "APIs" have been added to the "SDK" to implement "Legacy Advertising" and "Extended Advertising" functions. However, the three "APIs" introduced in the "Controller API" chapter—bls_ll_setAdvData(), bls_ll_setScanRspData(), and bls_ll_setAdvParam()—can only implement "Legacy Advertising" and cannot implement "Extended Advertising" functions.

The main features of "Extended Advertising" are as follows:

(1) Increased the maximum data length of "Advertising PDUs" from the "Legacy Advertising PDU" maximum length of 37 bytes in "Bluetooth Core Specification v4.2" to the "Extended Advertising PDU" maximum length of 255 bytes (length of a single "PDU" packet) in "Bluetooth Core Specification v5.0". If the "Advertising Data" length exceeds the "ADV PDU", it will be automatically fragmented into multiple "Advertising PDUs" for distribution.

(2) Allows for the flexible selection of different "PHYs" (1Mb/s, 2Mb/s, 125kb/s, 500kb/s) depending on the application scenario.

Extended Advertising Demo

For the "Extended Advertising Demo", please refer to "TEST_EXTENDED_ADVERTISING" in the "SDK feature test demo".

Enable the corresponding macro according to the type of packet intended to be sent. The "Demo" can cover all advertising packet types supported by "Bluetooth Core Specification v5.0", as shown below.

/* Advertising Event Properties type*/
typedef enum{
  ADV_EVT_PROP_LEGACY_CONNECTABLE_SCANNABLE_UNDIRECTED              = 0x0013,
  ADV_EVT_PROP_LEGACY_CONNECTABLE_DIRECTED_LOW_DUTY                 = 0x0015,
  ADV_EVT_PROP_LEGACY_CONNECTABLE_DIRECTED_HIGH_DUTY                = 0x001D,
  ADV_EVT_PROP_LEGACY_SCANNABLE_UNDIRECTED                          = 0x0012,
  ADV_EVT_PROP_LEGACY_NON_CONNECTABLE_NON_SCANNABLE_UNDIRECTED      = 0x0010,
  ADV_EVT_PROP_EXTENDED_NON_CONNECTABLE_NON_SCANNABLE_UNDIRECTED    = 0x0000,
  ADV_EVT_PROP_EXTENDED_CONNECTABLE_UNDIRECTED                      = 0x0001,
  ADV_EVT_PROP_EXTENDED_SCANNABLE_UNDIRECTED                        = 0x0002,
  ADV_EVT_PROP_EXTENDED_NON_CONNECTABLE_NON_SCANNABLE_DIRECTED      = 0x0004,
  ADV_EVT_PROP_EXTENDED_CONNECTABLE_DIRECTED                        = 0x0005,
  ADV_EVT_PROP_EXTENDED_SCANNABLE_DIRECTED                          = 0x0006,
  ADV_EVT_PROP_EXTENDED_MASK_ANONYMOUS_ADV                          = 0x0020,
  ADV_EVT_PROP_EXTENDED_MASK_TX_POWER_INCLUDE                       = 0x0040,
}advEvtProp_type_t;

The "Extended Advertising" section adopts a modular design. Additionally, considering the uncertainty of the "ADV data length"/"scan response data" length, it is necessary to support data lengths of over 1000 bytes. However, we do not want fixed buffers in the underlying layer to cause "SRAM" waste, as most customers may use very short data lengths. Therefore, all "SRAM" required by the underlying layer is left to the "user layer" to define.

Current SDK only support one Advertising set, but with the design that has flexibility to support multiple ADV set for future as well. So you could see the APIs’ parameters are all designed in the way to support multiple ADV sets for future.

With that design, following are the APIs.

(1) Initialization stage, you would need to call the following APIs to allocate the SRAM.

blc_ll_initExtendedAdvertising_module(app_adv_set_param, app_primary_adv_pkt, APP_ADV_SETS_NUMBER);
blc_ll_initExtSecondaryAdvPacketBuffer(app_secondary_adv_pkt, MAX_LENGTH_SECOND_ADV_PKT);
blc_ll_initExtAdvDataBuffer(app_advData, APP_MAX_LENGTH_ADV_DATA);
blc_ll_initExtScanRspDataBuffer(app_scanRspData, APP_MAX_LENGTH_SCAN_RESPONSE_DATA);

According to above API, the memory allocation is shown as below:

Extended Advertising Initialize Memory Allocation

APP_MAX_LENGTH_ADV_DATA：Advertising Set length, developer could adjust the macro to define the size based on the needs in order to save the DeepRetention space.
APP_MAX_LENGTH_SCAN_RESPONSE_DATA: Scan response data length, developer could adjust the macro to define the size based on the needs in order to save the DeepRetention space.
app_primary_adv_pkt：Primary Advertising PDU data length, the size is allocated as 44 bytes, user layer can’t change it.
app_secondary_adv_pkt：Secondary Advertising PDU data length, the size is allocated as 264 bytes, user layer can’t change it.

In the demo of "ble_feature_test", (vendor/ble_feature_test/feature_extend_adv/app.c), users can use the following macro to allocate the SRAM based on your requirement in order to best use the SRAM.

#define APP_ADV_SETS_NUMBER                     1           
#define APP_MAX_LENGTH_ADV_DATA                1024     
#define APP_MAX_LENGTH_SCAN_RESPONSE_DATA       31

(2) API blc_ll_setExtAdvParam:

ble_sts_t   blc_ll_setExtAdvParam(……);

This is a standard "BLE Spec" interface used to set advertising parameters. For details, please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.53 LE Set Extended Advertising Parameters Command, and understand it in conjunction with the "enum" type definitions and "demo" usage in the "SDK".

Note

The parameter adv_tx_pow does not support the selection of the send power value at the moment, you need to call the API void rf_set_power_level_index (rf_power_level_index_e level) separately to configure the send power.

(3) API blc_ll_setExtScanRspData:

ble_sts_t   blc_ll_setExtScanRspData(u8 advHandle, data_oper_t operation, data_fragment_t fragment_prefer, u8 scanRsp_dataLen, u8 *scanRspData);

This is a standard "BLE Spec" interface used to set "Scan Response Data". For details, please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.55 LE Set Extended Scan Response Command, and understand it in conjunction with the "enum" type definitions and "demo" usage in the "SDK".

(4) API blc_ll_setExtAdvEnable:

Currently, the "SDK" supports only one "ADV Set". Based on "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.56 LE Set Extended Advertising Enable Command, the "Telink SDK" provides a simplified "API" to enable/disable one "ADV Set" with higher execution efficiency. The simplified "API" is shown below; its "input parameters" and "return values" are identical to the standard, but it is used to set only a single "ADV Set".

ble_sts_t   blc_ll_setExtAdvEnable_1(u32 extAdv_en, u8 sets_num, u8 advHandle,   u16 duration,    u8 max_extAdvEvt);

(5) API blc_ll_setAdvRandomAddr()

ble_sts_t   blc_ll_setAdvRandomAddr(u8 advHandle, u8* rand_addr);

This is a standard "BLE Spec" interface used to set the "Random address" of the device. For details, please refer to "Bluetooth Core Specification v5.3" [Vol 4] Part E, Section 7.8.4 LE Set Random Address Command, and understand it in conjunction with the "enum" type definitions and "demo" usage in the "SDK".

(6) API blc_ll_setDefaultExtAdvCodingIndication:

void   blc_ll_setDefaultExtAdvCodingIndication(u8 advHandle, le_ci_prefer_t prefer_CI);

This is a Non-BLE Spec standard interface, when setting advertising parameters with BLE standard API blc_ll_setExtAdvParam(), if set to Coded PHY (contains S2 and S8) but does not specify which Encode mode, SDK defaults to S2, to facilitate user selection, this API is defined to select preferred Encode mode(S2/S8).

The user can pass a reference via prefer_CI for S2/S8 mode selection, as enumerated below.

typedef enum {
    CODED_PHY_PREFER_NONE   = 0,
    CODED_PHY_PREFER_S2     = 1,
    CODED_PHY_PREFER_S8     = 2,
} le_ci_prefer_t;   //LE coding indication prefer

(7) API blc_ll_setAuxAdvChnIdxByCustomers:

void   blc_ll_setAuxAdvChnIdxByCustomers(u8 aux_chn);

This is a Non-BLE Spec standard interface, the user can set the channel value of the Auxiliary Advertising channel through this function, commonly used for debug, if the user does not call this function to define, the Auxiliary Advertising channel value will be generated randomly.

(8) API blc_ll_setMaxAdvDelay_for_AdvEvent:

void   blc_ll_setMaxAdvDelay_for_AdvEvent(u8 max_delay_ms);

This is a non BLE Spec standard interface，used to configure the AdvDelay timing based on the ADV Interval, the input range is from 0, 1, 2, 4, 8 in the unit of ms.

advDelay(unit: us) = Random()  %  (max_delay_ms*1000);
T_advEvent = advInterval + advDelay

If max_delay_ms = 0, T_advEvent is accurate on the advInterval timing;

If max_delay_ms = 8, T_advEvent is based on the advInterval with a random offset in between 0-8ms.

BLE Host

BLE Host Introduction

BLE Host consists of L2CAP, ATT, SMP, GATT and GAP，etc. User-layer applications are implemented on the basis of the Host layer.

L2CAP

The "Logical Link Control and Adaptation Protocol", commonly abbreviated as "L2CAP", connects to the upper "APP layer" and the lower "Controller layer". By acting as an adaptor between the Host and the Controller, the L2CAP makes data processing details of the Controller become negligible to the upper-layer application operations.

The L2CAP layer of BLE is a simplified version of classical Bluetooth. In basic mode, it does not implement segmentation and re-assembly, has no involvement of flow control and re-transmission, and only uses fixed channels for communication. The figure below shows simple L2CAP structure: Data of the APP layer are sent in packets to the BLE Controller. The BLE Controller assembles the received data into different CID data and report them to the Host layer.

BLE L2CAP Structure and ATT Packet Assembly Model

As specified in BLE Spec, L2CAP is mainly used for data transfer between Controller and Host. Most work are finished in stack bottom layer with little involvement of user. User only needs to invoke the following APIs to set correspondingly.

Register L2CAP Data Processing Function

In the BLE SDK architecture, the Controller's data is interfaced with the Host via the HCI, and the data from the HCI to the Host is first processed at the L2CAP layer, using the following API to register this processing function.

void    blc_l2cap_register_handler (void *p);

In BLE Slave applications such as ble_remote/ble_module, the functions in the SDK L2CAP layer that process Controller data are:

int     blc_l2cap_packet_receive (u16 connHandle, u8 * p);

This function has been implemented in the protocol stack and it will parse the received data and transmit it upwards to ATT, SMP or L2CAP Signaling.

Initialization:

blc_l2cap_register_handler (blc_l2cap_packet_receive);

In the ble_master kma dongle, the application layer contains the BLE Host function with the following processing functions, the source code of which is provided for user reference.

int app_l2cap_handler (u16 conn_handle, u8 *raw_pkt);

Initialization:

blc_l2cap_register_handler (app_l2cap_handler);

In the ble HCI, only the slave controller is implemented. The blc_hci_sendACLData2Host function transmits the controller data to the BLE Host device via a hardware interface such as UART/USB.

int blc_hci_sendACLData2Host (u16 handle, u8 *p)

Initialization:

blc_l2cap_register_handler (blc_hci_sendACLData2Host);

Update connection parameters

(1) Slave requests for connection parameter update

In BLE stack, Slave can actively apply for a new set of connection parameters by sending a “CONNECTION PARAMETER UPDATE REQUEST” command to Master in L2CAP layer. The figure below shows the command format. For details, please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part A, Section 4.20 L2CAP_CONNECTION_PARAMETER_UPDATE_REQ (CODE 0x12).

Connection Para Update Req Format in BLE Stack

The BLE SDK provides an API for slaves to actively apply to update connection parameters on the L2CAP layer to send the above CONNECTION PARAMETER UPDATE REQUEST command to the master.

void  bls_l2cap_requestConnParamUpdate (u16 min_interval, u16 max_interval, u16 latency, u16 timeout);

The four parameters of this API correspond to the parameters in the “data” field of the “CONNECTION PARAMETER UPDATE REQUEST”. The “min_interval” and “max_interval” are the actual interval time divided by 1.25ms (e.g. for 7.5ms connection interval, the value should be 6); the “timeout” is actual supervision timeout divided by 10ms (e.g. for 1s timeout, the value should be 100).

Application example: Slave requests for new connection parameters when connection is established.

void    task_connect (u8 e, u8 *p, int n)
    {
        bls_l2cap_requestConnParamUpdate (6, 6, 99, 400);  
        bls_l2cap_setMinimalUpdateReqSendingTime_after_connCreate(1000);
    }

BLE Sniffer Packet Sample Conn Para Update Request and Response

The API:

void bls_l2cap_setMinimalUpdateReqSendingTime_after_connCreate(int time_ms)

serves to make the Slave wait for time_ms milliseconds after connection is established, and then invoke the API “bls_l2cap_requestConnParamUpdate” to update connection parameters. After connection is established, if user only invokes the “bls_l2cap_requestConnParamUpdate”, the Slave will wait for 1s to execute this request command.

In the "slave application", the "SDK" provides an interface to register a callback function to obtain the "L2CAP_CONNECTION_PARAMETER_UPDATE_RSP" result, used to notify the "user" whether the connection parameter request initiated by the "slave" was rejected or accepted by the "master". As shown in the figure above, the "master" accepted the "slave's" "L2CAP_CONNECTION_PARAMETER_UPDATE_REQ".

void blc_l2cap_registerConnUpdateRspCb(l2cap_conn_update_rsp_callback_t cb);

Please refer to the use case of Slave initialization:

blc_l2cap_registerConnUpdateRspCb(app_conn_param_update_response)

Following shows the reference for the callback function "app_conn_param_update_response".

int app_conn_param_update_response(u8 id, u16  result)
{
    if(result == CONN_PARAM_UPDATE_ACCEPT){
        //the LE master Host has accepted the connection parameters
    }
    else if(result == CONN_PARAM_UPDATE_REJECT){
        //the LE master Host has rejected the connection parameter
    }
    return 0;
}

Note

The "master" accepting the "slave's" "L2CAP_CONNECTION_PARAMETER_UPDATE_REQ" does not imply that the "connection parameters" will be updated immediately. The specific update timing is determined by the "LL_CONNECTION_UPDATE_IND" sent by the "master".

(2) Master responds to connection parameter update request

After Master receives the “CONNECTION PARAMETER UPDATE REQUEST” command from Slave, it will respond with a “CONNECTION PARAMETER UPDATE RESPONSE” command. For details, please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part A, Section 4.21 L2CAP_CONNECTION_PARAMETER_UPDATE_RSP (CODE 0x13).

The figure below shows the command format: if “result” is “0x0000”, it indicates the request command is accepted; if “result” is “0x0001”, it indicates the request command is rejected.

Whether actual Android/iOS device will accept or reject the connection parameter update request is determined by corresponding BLE Master. User can refer to Master compatibility test.

Conn Para Update RSP Format in BLE Stack

Telink's ble_master kma dongle handles the connection parameter update demo code for slave as follows.

"Demo code of ble master kma dongle"

After “L2CAP_CMD_CONN_UPD_PARA_REQ” is received in “L2CAP_CID_SIG_CHANNEL”, it will read interval_min (used as eventual interval), supervision timeout and long suspend time (interval * (latency +1)), and check the rationality of these data. If interval < 200ms, long suspend time<20s and supervision timeout >= 2* long suspend time, this request will be accepted; otherwise this request will be rejected. User can modify as needed based on this simple demo design.

No matter whether parameter request of Slave is accepted, the API below can be invoked to respond to this request.

void    blc_l2cap_SendConnParamUpdateResponse( u16 connHandle, u8 req_id, conn_para_up_rsp result);

“connHandle” indicates current connection ID. “result” has two options to indicate “accept” and “reject”, respectively.

typedef enum{
    CONN_PARAM_UPDATE_ACCEPT = 0x0000,
    CONN_PARAM_UPDATE_REJECT = 0x0001,
}conn_para_up_rsp;

If the ble_master kma dongle accepts the Slave's request, it should send an update cmd to the Controller via API blm_ll_updateConnection within a certain amount of time, using host_update_conn_param_req on the demo code as a flag and initiates this update after a 50ms delay in the main_loop.

Demo code of b85m master kma dongle

(3) Master updates connection parameters in Link Layer

After Master responds with “conn para update rsp” to accept the “conn para update req” from Slave, Master will send a “LL_CONNECTION_UPDATE_IND” command in Link Layer.

Packet capture showing LL_CONNECTION_UPDATE_IND

Slave will mark the final parameter as the instant value of Master after it receives the update request. When the instant value of Slave reaches this value, connection parameters are updated, and the callback of the event “BLT_EV_FLAG_CONN_PARA_UPDATE” is triggered.

The “instant” indicates connection event count value maintained by Master and Slave, and it ranges from 0x0000 to 0xffff. During a connection, Master and Slave should always have consistent “instant” value. When Master sends “conn_req” and establishes connection with Slave, Master switches state from scanning to connection, and clears the “instant” of Master to “0”. When Slave receives the “conn_req”, it switches state from advertising to connection, and clears the instant of Slave to “0”. Each connection packet of Master and Slave is a connection event. For the first connection event after the “conn_req”, the instant value is “1”; for the second connection event, the instant value is 2, and so on.

When Master sends a “LL_CONNECTION_UPDATE_IND”, the final parameter “instant” indicates during the connection event marked with “instant”, Master will use the values corresponding to the former connection parameters of the “LL_CONNECTION_UPDATE_IND” packet. After the “LL_CONNECTION_UPDATE_IND” is received, the new connection parameters will be used during the connection event when the instant of Slave equals the declared instant of Master, thus Slave and Master can finish switch of connection parameters synchronously.

ATT & GATT

GATT basic unit “Attribute”

GATT defines two roles: Server and Client. In this BLE SDK, Slave is Server, and corresponding Android/iOS device is Client. Server needs to supply multiple Services for Client to access.

Each Service of GATT consists of multiple Attributes, and each Attribute contains certain information. When multiple Attributes of different kinds are combined together, they can reflect a basic service.

GATT Service Containing Attributes

The basic contents of Attribute are shown as below:

(1) Attribute Type: UUID

The UUID is used to identify Attribute type, and its total length is 16 bytes. In BLE standard protocol, the UUID length is defined as two bytes, since Master devices follow the same method to transform 2-byte UUID into 16 bytes.

When standard 2-byte UUID is directly used, Master should know device types indicated by various UUIDs. 8x5x BLE stack defines some standard UUIDs in “stack/service/hids.h” and “stack/ble /uuid.h”.

Telink proprietary profiles (OTA, MIC, SPEAKER, and etc.) are not supported in standard Bluetooth. The 16-byte proprietary device UUIDs are defined in “stack/ble/uuid.h”.

(2) Attribute Handle

Slave supports multiple Attributes which compose an Attribute Table. In Attribute Table, each Attribute is identified by an Attribute Handle value. After connection is established, Master will analyze and obtain the Attribute Table of Slave via “Service Discovery” process, then it can identify Attribute data via the Attribute Handle during data transfer.

(3) Attribute Value

Attribute Value corresponding to each Attribute is used as request, response, notification and indication data. In 8x5x BLE stack, Attribute Value is indicated by one pointer and the length of the area pointed by the pointer.

Attribute and ATT Table

To implement GATT Service on Slave, an Attribute Table is defined in this BLE SDK and it consists of multiple basic Attributes. Attribute definition is shown as below.

typedef struct attribute
    {
        u16 attNum;
        u8   perm;
        u8   uuidLen;
        u32  attrLen;
        u8*  uuid;
        u8*  pAttrValue;
        att_readwrite_callback_t  w;
        att_readwrite_callback_t  r;
    } attribute_t;

Below is Attribute Table given by the BLE SDK to illustrate the meaning of the above items. See app_att.c for the Attribute Table code, as shown below:

static const attribute_t my_Attributes[] = {
    {ATT_END_H - 1, 0,0,0,0,0}, // total num of attribute
    // 0001 - 0007  gap
    {7,ATT_PERMISSIONS_READ,2,2,(u8*)(&my_primaryServiceUUID),  (u8*)(&my_gapServiceUUID), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof(my_devNameCharVal),(u8*)(&my_characterUUID), (u8*)(my_devNameCharVal), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof(my_devName), (u8*)(&my_devNameUUID), (u8*)(my_devName), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof(my_appearanceCharVal),(u8*)(&my_characterUUID), (u8*)(my_appearanceCharVal), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof (my_appearance), (u8*)(&my_appearanceUUID),    (u8*)(&my_appearance), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof(my_periConnParamCharVal),(u8*)(&my_characterUUID), (u8*)(my_periConnParamCharVal), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof (my_periConnParameters),(u8*)(&my_periConnParamUUID),  (u8*)(&my_periConnParameters), 0},
    // 0008 - 000b gatt
    {4,ATT_PERMISSIONS_READ,2,2,(u8*)(&my_primaryServiceUUID),  (u8*)(&my_gattServiceUUID), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof(my_serviceChangeCharVal),(u8*)(&my_characterUUID),         (u8*)(my_serviceChangeCharVal), 0},
    {0,ATT_PERMISSIONS_READ,2,sizeof (serviceChangeVal), (u8*)(&serviceChangeUUID),     (u8*)(&serviceChangeVal), 0},
    {0,ATT_PERMISSIONS_RDWR,2,sizeof (serviceChangeCCC),(u8*)(&clientCharacterCfgUUID), (u8*)(serviceChangeCCC), 0},
};

Note: The key word “const” is added before Attribute Table definition:

const attribute_t my_Attributes[] = { ... };

By adding the “const”, the compiler will store the array data to flash rather than RAM, while all contents of the Attribute Table defined in flash are read only and not modifiable.

(1) attNum

The “attNum” supports two functions.

The “attNum” can be used to indicate the number of valid Attributes in current Attribute Table, i.e. the maximum Attribute Handle value. This number is only used in the invalid Attribute item 0 of Attribute Table array.

{ATT_END_H - 1,0,0,0,0,0},

"attNum = ATT_END_H - 1" indicates that there are a total of "ATT_END_H - 1" "Attributes" in the current "Attribute Table".

In BLE, Attribute Handle value starts from 0x0001 with increment step of 1, while the array index starts from 0. When this virtual Attribute is added to the Attribute Table, each Attribute index equals its Attribute Handle value. After the Attribute Table is defined, Attribute Handle value of an Attribute can be obtained by counting its index in current Attribute Table array.

Traversing through all "Attributes" in the "Attribute Table" to the last one yields the number of valid "Attributes" in the current "Attribute Table", "attNum", which is "ATT_END_H - 1". If the user adds or deletes an "Attribute", "attNum" will automatically change along with "ATT_END_H".

The “attNum” can also be used to specify Attributes constituting current Service.

The UUID of the first Attribute for each Service should be “GATT_UUID_PRIMARY_SERVICE(0x2800)”; the first Attribute of a Service sets “attNum” and it indicates following “attNum” Attributes constitute current Service.

As shown in code above, for the gap service, the Attribute with UUID of “GATT_UUID_PRIMARY_SERVICE” sets the “attNum” as 7, it indicates the seven Attributes from Attribute Handle 1 to Attribute Handle 7 constitute the gap service.

Except for Attribute item 0 and the first Attribute of each Service, attNum values of all Attributes should be set as 0.

(2) perm

The “perm” is the simplified form of “permission” and it serves to specify access permission of current Attribute by Client.

The “perm” of each Attribute should be configured as one or combination of following 10 values.

#define ATT_PERMISSIONS_READ                 0x01 
#define ATT_PERMISSIONS_WRITE                0x02 
#define ATT_PERMISSIONS_AUTHEN_READ          0x61 
#define ATT_PERMISSIONS_AUTHEN_WRITE         0x62
#define ATT_PERMISSIONS_SECURE_CONN_READ     0xE1
#define ATT_PERMISSIONS_SECURE_CONN_WRITE    0xE2
#define ATT_PERMISSIONS_AUTHOR_READ          0x11 
#define ATT_PERMISSIONS_AUTHOR_WRITE         0x12
#define ATT_PERMISSIONS_ENCRYPT_READ         0x21
#define ATT_PERMISSIONS_ENCRYPT_WRITE        0x22

Note: Current SDK version does not support PERMISSION READ and PERMISSION WRITE yet.

(3) uuid and uuidLen

As introduced above, UUID supports two types: BLE standard 2-byte UUID, and Telink proprietary 16-byte UUID. The “uuid” and “uuidLen” can be used to describe the two UUID types simultaneously.

The “uuid” is an u8-type pointer, and “uuidLen” specifies current UUID length, i.e. the uuidLen bytes starting from the pointer are current UUID. Since Attribute Table and all UUIDs are stored in flash, the “uuid” is a pointer pointing to flash.

a) BLE standard 2-byte UUID：

For example, the Attribute “devNameCharacter” with Attribute Handle of 2, related code is shown as below:

#define GATT_UUID_CHARACTER              0x2803
static const u16 my_characterUUID = GATT_UUID_CHARACTER;
static const u8 my_devNameCharVal[5] = {
    CHAR_PROP_READ,
    U16_LO(GenericAccess_DeviceName_DP_H), U16_HI(GenericAccess_DeviceName_DP_H),
    U16_LO(GATT_UUID_DEVICE_NAME), U16_HI(GATT_UUID_DEVICE_NAME)
};
{0,ATT_PERMISSIONS_READ,2,sizeof(my_devNameCharVal),(u8*)(&my_characterUUID), (u8*)(my_devNameCharVal), 0, 0},

“UUID=0x2803” indicates “character” in BLE and the “uuid” points to the address of “my_devNameCharVal” in flash. The “uuidLen” is 2. When Master reads this Attribute, the UUID would be “0x2803”.

b) Telink proprietary 16-byte UUID：

For example, the Attribute MIC of audio, related code is shown as below:

#define TELINK_MIC_DATA {0x18,0x2B,0x0d,0x0c,0x0b,0x0a,0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x0}
const u8 my_MicUUID[16]     = TELINK_MIC_DATA;
static u8 my_MicData        = 0x80;
{0,1,16,1,(u8*)(&my_MicUUID), (u8*)(&my_MicData), 0},

The “uuid” points to the address of “my_MicData” in flash, and the “uuidLen” is 16. When Master reads this Attribute, the UUID would be “0x000102030405060708090a0b0c0d2b18”.

(4) pAttrValue and attrLen

Each Attribute corresponds to an Attribute Value. The “pAttrValue” is an u8-type pointer which points to starting address of Attribute Value in RAM/Flash, while the “attrLen” specifies the data length. When Master reads the Attribute Value of certain Attribute from Slave, the “attrLen” bytes of data starting from the area (RAM/Flash) pointed by the “pAttrValue” will be read by this BLE SDK to Master.

Since UUID is read only, the “uuid” is a pointer pointing to flash; while Attribute Value may involve write operation into RAM, so the “pAttrValue” may points to RAM or flash.

For example, HID Information's Attribute, relevant code:

const u8 hidInformation[] =
{
    U16_LO(0x0111), U16_HI(0x0111),   // bcdHID (USB HID version)
    0x00,                           // bCountryCode
    0x01                           // Flags
};
{0,ATT_PERMISSIONS_READ,2, sizeof(hidInformation),(u8*)(&hidInformationUUID),   (u8*)(hidInformation), 0, 0},

In actual application, the key word “const” can be used to store the read-only 4-byte hid information “0x01 0x00 0x01 0x11” into flash. The “pAttrValue” points to the starting address of hidInformation in flash, while the “attrLen” is the actual length of hidInformation. When Master reads this Attribute, “0x01000111” will be returned to Master correspondingly.

Figure below shows a packet example captured by BLE sniffer when Master reads this Attribute. Master uses the “ATT_Read_Req” command to set the target AttHandle as 0x23 (35), corresponding to the hid information in Attribute Table of SDK.

BLE Sniffer Packet Sample when Master Reads hidInformation

For the Attribute “battery value” with Attribute Handle of 40, related code is as shown below:

u8  my_batVal[1]    = {99};
{0,ATT_PERMISSIONS_READ,2,sizeof(my_batVal),(u8*)(&my_batCharUUID),     (u8*)(my_batVal), 0, 0},

In actual application, the “my_batVal” indicates current battery level and it will be updated according to ADC sampling result; then Slave will actively notify or Master will actively read to transfer the “my_batVal” to Master. The starting address of the “my_batVal” stored in RAM will be pointed by the “pAttrValue”.

(5) Callback function w

The callback function w is write function with prototype as below:

typedef int (*att_readwrite_callback_t)(void* p);

User should follow the format above to define callback write function. The callback function w is optional, i.e. for an Attribute, user can select whether to set the callback write function as needed (null pointer indicates not setting callback write function).

The trigger condition for callback function w is: When Slave receives any Attribute PDU with Attribute Opcode as shown below, Slave will check whether the callback function w is set.

opcode = 0x12, Write Request.
opcode = 0x52, Write Command.
opcode = 0x18, Execute Write Request.

After Slave receives a write command above, if the callback function w is not set, Slave will automatically write the area pointed by the “pAttrValue” with the value sent from Master, and the data length equals the “l2capLen” in Master packet format minus 3; if the callback function w is set, Slave will execute user-defined callback function w after it receives the write command, rather than writing data into the area pointed by the “pAttrValue”. Note: Only one of the two write operations is allowed to take effect.

By setting the callback function w, user can process Write Request, Write Command, and Execute Write Request in ATT layer of Master. If the callback function w is not set, user needs to evaluate whether the area pointed by the “pAttrValue” can process the command (e.g. If the “pAttrValue” points to flash, write operation is not allowed; or if the “attrLen” is not long enough for Master write operation, some data will be modified unexpectedly.)

Write Request in BLE Stack

Write Command in BLE Stack

Execute Write Request in BLE Stack

The void-type pointer p of the callback function w points to the value of Master write command. Actually p points to a memory area, the value of which is shown as the following structure.

typedef struct{          
    u8  type;
    u8  rf_len;
    u16 l2cap;
    u16 chanid;
    u8  att;
    u16 handle;
    u8  dat[20];
}rf_packet_att_data_t;

p points to "type", valid length of data is l2cap minus 3, and the first valid data is pw->dat[0].

Note

The maximum length of 'dat' in this structure potentially exceeds 20 and depends on the effective MTU length, so the '20' in the structure holds no practical significance. The actual accessible data length is 'l2cap - 3', as shown below.

int my_WriteCallback (void *p)
{
    rf_packet_att_data_t *pw = (rf_packet_att_data_t *)p;
    int len = pw->l2cap - 3;
    //add your code
    //valid data is pw->dat[0] ~ pw->dat[len-1]
    return 1;
}

The structure “rf_packet_att_data_t” above is available in the “stack/ble/ble_format.h”.

The return value of the callback function 'w' is not processed by the protocol stack by default and requires handling by the user at the upper layer. If the user requires the protocol stack to process the return value, the following API is available to enable this, where a return value of 0 indicates execution success, and other return values indicate execution failure (For Error Code details, refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.1.1 ATT_ERROR_RSP).

void blc_att_enableWriteReqReject (u8 WriteReqReject_en);

(6) Callback function r

The callback function r is read function with prototype as below:

typedef int (*att_readwrite_callback_t)(void* p);

If the user defines a callback read function, the format above should be followed. The callback function 'r' is optional. For a specific 'Attribute', the user sets a callback read function or leaves it unset (indicated by the null pointer '0' when no callback is set).

The trigger condition for callback function r is: When Slave receives any Attribute PDU with Attribute Opcode as shown below, Slave will check whether the callback function r is set.

opcode = 0x0A, Read Request.
opcode = 0x0C, Read Blob Request.

After Slave receives a read command above,

a) If the callback read function is set, Slave will execute this function, and determine whether to respond with “Read Response/Read Blob Response” according to the return value of this function.

If the return value is 1, Slave does not respond with “Read Response/Read Blob Response” to Master.
If the return value is not 1, Slave will automatically read “attrLen” bytes of data from the area pointed by the “pAttrValue”, and the data will be responded to Master via “Read Response/Read Blob Response”.

If the user requires the protocol stack to process the return value, the following API is available to enable this. When the return value is 0, the slave does not reply with a 'Read Response'; for other return values, it replies with an 'Error Response' (for 'Error Code' details, refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.1.1 ATT_ERROR_RSP).

void blc_att_enableReadReqReject (u8 ReadReqReject_en);

b) If the user does not set a callback read function, the slave reads 'attrLen' values from the area pointed to by the 'pAttrValue' pointer and replies to the master with a 'Read Response'/'Read Blob Response'.

If the user intends to modify the content of the 'Read Response'/'Read Blob Response' to be sent after receiving a 'Read Request'/'Read Blob Request' from the master, the user registers the corresponding callback function 'r' and modifies the content of the RAM pointed to by the 'pAttrValue' pointer inside the callback function.

(7) Attribute Table layout

Figure below shows Service/Attribute layout based on Attribute Table. The “attnum” of the first Attribute indicates the number of valid Attributes in current ATT Table; the remaining Attributes are assigned to different Services, the first Attribute of each Service is the “declaration”, and the following “attnum” Attributes constitute current Service. Actually the first item of each Service is a Primary Service.

#define GATT_UUID_PRIMARY_SERVICE                    0x2800  
const u16 my_primaryServiceUUID = GATT_UUID_PRIMARY_SERVICE;

Service Attribute Layout

(8) ATT table Initialization

GATT & ATT initialization only needs to transfer the pointer of Attribute Table in APP layer to protocol stack, and the API below is supplied:

void        bls_att_setAttributeTable (u8 *p);

p is the pointer of Attribute Table.

Attribute PDU and GATT API

As required by BLE spec, the following Attribute PDU types are supported in current SDK.

Requests：Data request sent from Client to Server.
Responses：Data response sent by Server after it receives request from Client.
Commands：Command sent from Client to Server.
Notifications：Data sent from Server to Client.
Indications：Data sent from Server to Client.
Confirmations：Confirmation sent from Client after it receives data from Server.

The following is an analysis of all ATT PDUs at the ATT layer in conjunction with the Attribute structure and Attribute Table structure described previously.

(1) Read by Group Type Request, Read by Group Type Response

Please refer to “Core_v5.0” (Vol 3/Part F/3.4.4.9 and 3.4.4.10) for details about the “Read by Group Type Request” and “Read by Group Type Response” commands.

The “Read by Group Type Request” command sent by Master specifies starting and ending attHandle, as well as attGroupType. After the request is received, Slave will check through current Attribute Table according to the specified starting and ending attHandle, and find the Attribute Group that matches the specified attGroupType. Then Slave will respond to Master with Attribute Group information via the “Read by Group Type Response” command.

Read by Group Type Request Read by Group Type Response

As shown above, Master requests from Slave for Attribute Group information of the “primaryServiceUUID” with UUID of 0x2800.

#define GATT_UUID_PRIMARY_SERVICE        0x2800
const u16 my_primaryServiceUUID = GATT_UUID_PRIMARY_SERVICE;

The following groups in Slave Attribute Table meet the requirement according to current demo code.

a) Attribute Group with attHandle from 0x0001 to 0x0007,

Attribute Value is SERVICE_UUID_GENERIC_ACCESS (0x1800).

b) Attribute Group with attHandle from 0x0008 to 0x000a,

Attribute Value is SERVICE_UUID_DEVICE_INFORMATION (0x180A).

c) Attribute Group with attHandle from 0x000B to 0x0025,

Attribute Value is SERVICE_UUID_HUMAN_INTERFACE_DEVICE (0x1812).

d) Attribute Group with attHandle from 0x0026 to 0x0028,

Attribute Value is SERVICE_UUID_BATTERY (0x180F).

e) Attribute Group with attHandle from 0x0029 to 0x0032,

Attribute Value is TELINK_AUDIO_UUID_SERVICE(0x11,0x19,0x0d,0x0c,0x0b,0x0a,0x09,0x08,0x07,0x06, 0x05,0x04,0x03,0x02,0x01,0x00).

Slave responds to Master with the attHandle and attValue information of the five Groups above via the “Read by Group Type Response” command. The final ATT_Error_Response indicates end of response. When Master receives this packet, it will stop sending “Read by Group Type Request”.

(2) Find by Type Value Request, Find by Type Value Response

Please refer to "Core_v5.0" (Vol 3/Part F/3.4.3.3 and 3.4.3.4) for details on 'Find by Type Value Request' and 'Find by Type Value Response'.

The “Find by Type Value Request” command sent by Master specifies starting and ending attHandle, as well as AttributeType and Attribute Value. After the request is received, Slave will check through current Attribute Table according to the specified starting and ending attHandle, and find the Attribute that matches the specified AttributeType and Attribute Value. Then Slave will respond to Master with the Attribute via the “Find by Type Value Response” command.

Find by Type Value Request Find by Type Value Response

(3) Read by Type Request, Read by Type Response

Please refer to "Core_v5.0" (Vol 3/Part F/3.4.4.1 and 3.4.4.2) for details on 'Read by Type Request' and 'Read by Type Response'.

The “Read by Type Request” command sent by Master specifies starting and ending attHandle, as well as AttributeType. After the request is received, Slave will check through current Attribute Table according to the specified starting and ending attHandle, and find the Attribute that matches the specified AttributeType. Then Slave will respond to Master with the Attribute via the “Read by Type Response”.

Read by Type Value Request Find by Type Value Response

As shown above, Master reads the Attribute with attType of 0x2A00, i.e. the Attribute with Attribute Handle of 00 03 in Slave.

const u8    my_devName [] = {'t', 'S', 'e', 'l', 'f', 'i'};
#define GATT_UUID_DEVICE_NAME            0x2a00
const u16 my_devNameUUID = GATT_UUID_DEVICE_NAME;
{0,1,2, sizeof (my_devName),(u8*)(&my_devNameUUID),(u8*)(my_devName), 0},

In the “Read by Type response”, attData length is 8, the first two bytes are current attHandle “0003”, followed by 6-byte Attribute Value.

(4) Find information Request, Find information Response

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.3.1 and 3.4.3.2 for details on 'Find Information Request' and 'Find Information Response'.

The master sends a "Find information request", specifying the starting and ending attHandle. After receiving the command, the slave replies to the master through "Find information response" the UUIDs of all the starting and ending attHandle corresponding Attributes. As shown in the figure below, the master requires information of three Attributes with attHandle of 0x0016~0x0018, and Slave responds with corresponding UUIDs.

Find Information Request Find Information Response

(5) Read Request, Read Response

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.4.3 and 3.4.4.4 for details on 'Read Request' and 'Read Response'.

The “Read Request” command sent by Master specifies certain attHandle. After the request is received, Slave will respond to Master with the Attribute Value of the specified Attribute via the “Read Response” command (If the callback function r is set, this function will be executed), as shown below.

Read Request Read Response

(6) Read Blob Request, Read Blob Response

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.4.5 and 3.4.4.6 for details on 'Read Blob Request' and 'Read Blob Response'.

If some Slave Attribute corresponds to Attribute Value with length exceeding MTU_SIZE (It’s set as 23 in current SDK), Master needs to read the Attribute Value via the “Read Blob Request” command, so that the Attribute Value can be sent in packets. This command specifies the attHandle and ValueOffset. After the request is received, Slave will find corresponding Attribute, and respond to Master with the Attribute Value via the “Read Blob Response” command according to the specified ValueOffset. (If the callback function r is set, this function will be executed.)

As shown below, when Master needs the HID report map of Slave (report map length largely exceeds 23), first Master sends “Read Request”, then Slave responds to Master with part of the report map data via “Read response”; Master sends “Read Blob Request”, and then Slave responds to Master with data via “Read Blob Response”.

Read Blob Request Read Blob Response

(7) Exchange MTU Request, Exchange MTU Response

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.2.1 and 3.4.2.2 for details on 'Exchange MTU Request' and 'Exchange MTU Response'.

As shown below, Master and Slave obtain MTU size of each other via the “Exchange MTU Request” and “Exchange MTU Response” commands.

Exchange MTU Request Exchange MTU Response

During data access process of Telink BLE Slave GATT layer, if there’s data exceeding a RF packet length, which involves packet assembly and disassembly in GATT layer, Slave and Master need to exchange RX MTU size of each other in advance. Transfer of long packet data in GATT layer can be implemented via MTU size exchange.

a) User can register callback of GAP event and enable the eventMask “GAP_EVT_MASK_ATT_EXCHANGE_MTU” to obtain EffectiveRxMTU.

EffectiveRxMTU=min(ClientRxMTU, ServerRxMTU)。

The “GAP event” section of this document will introduce GAP event in detail.

b) Processing of long Rx packet data in Slave GATT layer

In this SDK, the Slave 'ServerRxMTU' defaults to 23, but the actual maximum 'ServerRxMTU' supports up to 'ATT_MTU_MAX_SDK_DFT_BUF' by default, meaning that fragmented data of 'ATT_MTU_MAX_SDK_DFT_BUF' bytes from the master correctly completes packet reassembly on the Slave side. When the application requires the use of packet reassembly from the master, use the following API to modify the Slave's RX size first:

ble_sts_t   blc_att_setRxMtuSize(u16 mtu_size);

The return value is shown as below:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
ATT_ERR_INVALID_PARAMETER	0xB0	'mtu_size' unavailable

When Master GATT layer needs to send long packet data to Slave, Master will actively initiate “ATT_Exchange_MTU_REQ”, and Slave will respond with “ATT_Exchange_MTU_RSP”. “ServerRxMTU” is the configured value of the API “blc_att_setRxMtuSize”. If user has registered GAP event and enabled the eventMask “GAP_EVT_MASK_ATT_EXCHANGE_MTU”, “EffectiveRxMTU” and “ClientRxMTU” of Master can be obtained in the callback function of GAP event.

c) Processing of long Tx packet data in Slave GATT layer

When Slave needs to send long packet data in GATT layer, it should obtain Client RxMTU of Master first, and the eventual data length should not exceed ClientRxMTU.

First Slave should invoke the API “blc_att_setRxMtuSize” to set its ServerRxMTU. Suppose it’s set as 158.

blc_att_setRxMtuSize（158）;

Then the API below should be invoked to actively initiate an “ATT_EXCHANGE_MTU_REQ”.

ble_sts_t    blc_att_requestMtuSizeExchange (u16 connHandle, u16 mtu_size);

“connHandle” is ID of Slave connection, i.e. “BLS_CONN_HANDLE”, while “mtu_size” is ServerRxMTU.

blc_att_requestMtuSizeExchange(BLS_CONN_HANDLE,  158);

After the “ATT_EXCHANGE_MTU_REQ” is received, Master will respond with “ATT_EXCHANGE_MTU_RSP”. After receiving the response, the SDK will calculate EffectiveRxMTU. If user has registered GAP event and enabled the eventMask “GAP_EVT_MASK_ATT_EXCHANGE_MTU”, “EffectiveRxMTU” and “ClientRxMTU” will be reported to user.

(8) Write Request, Write Response

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.5.1 and 3.4.5.2 for details on 'Write Request' and 'Write Response'.

The “Write Request” command sent by Master specifies certain attHandle and attaches related data. After the request is received, Slave will find the specified Attribute, determine whether to process the data by using the callback function w or directly write the data into corresponding Attribute Value depending on whether the callback function w is set by user. Finally Slave will respond to Master via “Write Response”.

As shown in below, by sending “Write Request”, Master writes Attribute Value of 0x0001 to the Slave Attribute with the attHandle of 0x0016. Then Slave will execute the write operation and respond to Master via “Write Response”.

Write Request Write Response

(9) Write Command

Please refer to “Core_v5.0” (Vol 3/Part F/3.4.5.3) for details about the “Write Command”.

The “Write Command” sent by Master specifies certain attHandle and attaches related data. After the command is received, Slave will find the specified Attribute, determine whether to process the data by using the callback function w or directly write the data into corresponding Attribute Value depending on whether the callback function w is set by user. Slave does not respond to Master with any information.

(10) Queued Writes

Queued Writes include ATT protocols such as Prepare Write Request/Response and Execute Write Request/Response. Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.5.3 for details on 'Write Command'.

“Prepare Write Request” and “Execute Write Request” can implement the two functions below.

a) Provide write function for long attribute value.

b) Allow to write multiple values in an atomic operation that is executed separately.

Similar to “Read_Blob_Req/Rsp”, “Prepare Write Request” contains AttHandle, ValueOffset and PartAttValue. That means Client can prepare multiple attribute values or various parts of a long attribute value in the queue. Thus, before executing the prepared queue indeed, Client can confirm that all parts of some attribute can be written into Server.

Note: Current SDK version only supports the write function of long attribute value with the maximum length not exceeding 244 bytes. If the length is greater than 244 bytes, the following API interface needs to be called to make changes to the prepare write buffer and its length.

void  blc_att_setPrepareWriteBuffer(u8 *p, u16 len)

The figure below shows the case when Master writes a long character string “I am not sure what a new song” (byte number is far more than 23, and use the default MTU) into certain characteristic of Slave. First Master sends a “Prepare Write Request” with offset of 0x0000, to write the data “I am not sure what” into Slave, and Slave responds to Master with a “Prepare Write Response”. Then Master sends a “Prepare Write Request” with offset of 0x12, to write the data “ a new song” into Slave, and Slave responds to Master with a “Prepare Write Response”. After the write operation of the long attribute value is finished, Master sends an “Execute Write Request” to Slave. “Flags=1” indicates write result takes effect immediately. Then Slave responds with an “Execute Write Response” to complete the whole Prepare Write process.

As we can see, “Prepare Write Response” also contains AttHandle, ValueOffsetand PartAttValue in the request, so as to ensure reliable data transfer. Client can compare field value of Response with that of Request, to ensure correct reception of the prepared data.

Example for Write Long Characteristic Values

(11) Handle Value Notification

Please refer to “Core_v5.0” (Vol 3/Part F/3.4.7.1).

Handle Value Notification in BLE Spec

The figure above shows the format of “Handle Value Notification” in BLE Spec.

This BLE SDK provides an API for 'Handle Value Notification' of a specific 'Attribute', callable by both the master and the slave. The user calls this API to push the data requiring notification to the underlying BLE software FIFO. The protocol stack pushes the data from the software FIFO to the hardware FIFO during the nearest packet transmission/reception interval, and finally transmits it via RF.

ble_sts_t   blc_gatt_pushHandleValueNotify (u16 handle, u8 *p, int len);

'handle' corresponds to the 'attHandle' of the specific 'Attribute', 'p' serves as the head pointer to the continuous memory data to be sent, and 'len' specifies the byte count of the data to send. This API supports automatic packet fragmentation, using min('EffectiveMaxTxOctets', 'EffectiveRxMTU') as the minimum unit for fragmentation. It splits very long data into multiple BLE RF packets for transmission; therefore, 'len' supports large values.

When Link Layer is in Conn state, generally data will be successfully pushed into bottom-layer software FIFO by invoking this API; however, some special cases may result in invoking failure, and the return value “ble_sts_t” will indicate the corresponding error reason.

When this API is invoked in APP layer, it’s recommended to check whether the return value is “BLE_SUCCESS”. If the return value is not “BLE_SUCCESS”, a delay is needed to re-push the data.

The return value is shown as below:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
GATT_ERR_DATA_PENDING_DUE_TO_SERVICE_DISCOVERY_BUSY	0xC4	Service discovery phase active, cannot send data
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data
GATT_ERR_DATA_LENGTH_EXCEED_MTU_SIZE	0xC5	Data length exceeds effective MTU size

Note

The API "bls_att_pushNotifyData" in the old version is deprecated, and the user is recommended to use the above API.

(12) Handle Value Indication

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.7.2 for details on "Handle Value Indication".

Handle Value Indication in BLE Spec

The figure above shows the format of "Handle Value Indication" in the BLE Spec.

This BLE SDK provides an API for "Handle Value Indication" of a specific "Attribute", callable by both the "master" and the "slave". The user calls this API to push the data requiring indication to the underlying BLE software FIFO. The protocol stack pushes the data from the software FIFO to the hardware FIFO during the nearest packet transmission/reception interval, and finally transmits it via RF.

ble_sts_t  blc_gatt_pushHandleValueIndicate (u16 connHandle, u16 attHandle, u8 *p, int len);

"handle" corresponds to the "attHandle" of the corresponding "Attribute", "p" serves as the head pointer to the continuous memory data to be sent, and "len" specifies the byte count of the data to send. This API supports automatic packet fragmentation, using min("EffectiveMaxTxOctets", "EffectiveRxMTU") as the minimum unit for fragmentation. It splits very long data into multiple BLE RF packets for transmission; therefore, "len" supports large values.

The BLE Spec stipulates that each indicated datum waits for the Master's confirmation to be considered successful, and the next indicate data is not sent until then.

When the Link Layer is in the "Conn state", calling this API directly generally successfully pushes data to the underlying software FIFO, but special circumstances cause API failure. The return value "ble_sts_t" indicates the corresponding error reason. It is recommended that the application layer check whether the return value is "BLE_SUCCESS" when calling this API. If not "BLE_SUCCESS", it requires waiting for a period before pushing again. The return value list follows:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
GATT_ERR_DATA_PENDING_DUE_TO_SERVICE_DISCOVERY_BUSY	0xC4	Service discovery phase active, cannot send data
GATT_ERR_PREVIOUS_INDICATE_DATA_HAS_NOT_CONFIRMED	0xC1	Previous indicate data has not been confirmed by the master
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data
GATT_ERR_DATA_LENGTH_EXCEED_MTU_SIZE	0xC5	Data length exceeds effective MTU size

Note

The API "bls_att_pushIndicateData" in the old version is deprecated, and the user is recommended to use the above API.

(13) Handle Value Confirmation

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.7.3 for details on "Handle Value Confirmation".

Each time the application layer calls "blc_gatt_pushHandleValueIndicate" to send "indicate" data to the "master", the "master" replies with a "confirm", indicating confirmation of this data; only then can the "slave" proceed to send the next "indicate" data.

Handle Value Confirmation in BLE Spec

As seen in the figure above, the "Confirmation" does not specify which specific "handle" it confirms; instead, a single "Confirmation" is uniformly replied for "indicate" data on all different "handles".

To allow the application layer to know whether the transmitted "indicate data" has been "Confirmed", users can register a "GAP event" callback and enable the corresponding "eventMask": "GAP_EVT_GATT_HANDLE_VALUE_CONFIRM" to obtain the "Confirm" event. The "GAP event" section of this document provides a detailed introduction to "GAP events".

Additionally, this BLE SDK provides an API for "Handle Value Confirmation" of a specific "Attribute", callable by both the "master" and the "slave". The user calls this API to push the required "Confirm" to the underlying BLE software FIFO. The protocol stack pushes the data from the software FIFO to the hardware FIFO during the nearest packet transmission/reception interval, and finally transmits it via RF.

ble_sts_t   blc_gatt_pushConfirm(u16 connHandle);

When the "Link Layer" is in the "Conn state", generally calling this API directly can successfully push data to the underlying software FIFO, but special circumstances may cause this API call to fail. The corresponding error reason can be understood based on the return value "ble_sts_t". It is recommended that the application layer check whether the return value is "BLE_SUCCESS" when calling this API. If it is not "BLE_SUCCESS", it is necessary to wait for a period before pushing again.

The return value list follows:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data

(14) Multiple Handle Value Notification

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.7.4 for details on "Multiple Handle Value Notification".

Multiple Handle Value Notification in BLE Spec

The figure above shows the format of "Multiple Handle Value Notification" in the "BLE Spec".

This "BLE SDK" provides an API for "Multiple Handle Value Notification", callable by both the "master" and the "slave". The user calls this API to push the data requiring notification to the underlying "BLE" software FIFO. The protocol stack pushes the data from the software FIFO to the hardware FIFO during the nearest packet transmission/reception interval, and finally transmits it via "RF".

ble_sts_t   blc_gatt_pushMultiHandleValueNotify  (u16 connHandle, atts_mulHandleNtf_t* lists, u8 listNum);

"lists" is a list composed of "Handle Length Value Tuples" for each notified "Attribute", and "listNum" is the number of elements in the list. The structure of the "Handle Length Value Tuple" is shown below.

typedef struct {
    u16 handle;
    u16 length;
    u8* value;
} atts_mulHandleNtf_t;

Here, "handle" corresponds to the "attHandle" of the corresponding "Attribute", "value" serves as the head pointer to the memory data to be sent, and "length" specifies the byte count of the data to send.

This API supports automatic packet fragmentation, using min("EffectiveMaxTxOctets", "EffectiveRxMTU") as the minimum unit for fragmentation. It splits very long data into multiple "BLE RF packets" for transmission; therefore, "len" supports large values. When the "Link Layer" is in the "Conn state", generally calling this API directly can successfully push data to the underlying software FIFO, but special circumstances may cause this API call to fail. The corresponding error reason can be understood based on the return value "ble_sts_t".

It is recommended that the application layer check whether the return value is "BLE_SUCCESS" when calling this API. If it is not "BLE_SUCCESS", it is necessary to wait for a period before pushing again.

The return value list follows.

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
GATT_ERR_DATA_PENDING_DUE_TO_SERVICE_DISCOVERY_BUSY	0xC4	Service discovery phase active, cannot send data
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data
GATT_ERR_DATA_LENGTH_EXCEED_MTU_SIZE	0xC5	Data length exceeds effective MTU size

(15) Error Response

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.1.1 for details on "Error Response".

Error Response in BLE Spec

As seen in the figure above, the "Error Response" is used to state that a specific request cannot be executed and to provide the reason.

This "BLE SDK" provides an API for the "Error Response" of a specific "Request", callable by both the "master" and the "slave". The user calls this API to push the required "Error Response" to the underlying "BLE" software FIFO. The protocol stack pushes the data from the software FIFO to the hardware FIFO during the nearest packet transmission/reception interval, and finally transmits it via "RF".

ble_sts_t   blc_gatt_pushErrResponse(u16 connHandle, u8 reqOpcode, u16 attHdlInErr, u8 ErrorCode);

Here, the "reqOpcode" parameter should be set to the "Opcode" that generated this error request.

The "attHdlInErr" parameter should be set to the "attribute handle" in the original request that generated this error. If the original request has no "attribute handle", or if the request is not supported, the value of this field should be 0x0000.

For the "ErrorCode" parameter, please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.1.1.

When the "Link Layer" is in the "Conn state", generally calling this API directly can successfully push data to the underlying software FIFO, but special circumstances may cause this API call to fail. The corresponding error reason can be understood based on the return value "ble_sts_t". It is recommended that the application layer check whether the return value is "BLE_SUCCESS" when calling this API. If it is not "BLE_SUCCESS", it is necessary to wait for a period before pushing again.

The return value list follows:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data

blc_att_setServerDataPendingTime_upon_ClientCmd

When the "Client" performs "SDP" immediately after connecting to the device, the discovered "Server" needs to reply promptly based on its service table upon receiving relevant query functions. At this time, the "TX buffer" is under heavy load. Therefore, if the user attempts to send data at this moment, the operation is likely to fail because the "RF tx_buffer" is full.

Consequently, we recommend using a controllable "pending" time to avoid this issue. The transmission of relevant data will be executed after "SDP" completion; until then, the data is suspended. The time can be modified via the API "blc_att_setServerDataPendingTime_upon_ClientCmd(u8 num_10ms)", where the parameter "step" is 10ms.

GATT Service Security

Before reading “GATT Service Security”, user can refer to section 3.3.4 SMP to learn basic knowledge related to SMP including LE pairing method, security level, and etc.

The figure below shows the mapping relationship between "GATT" service security levels and service requests provided by the "BLE spec". For details, please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part C, Section 10.3 "AUTHENTICATION PROCEDURE".

Mapping Diagram for Service Request and Response

As shown in the figure above:

The first column marks whether currently connected Slave device is in encryption state;
The second column (local Device’s Access Requirement for service) is related to Permission Access setting for attributes in ATT table;
The third column includes four sub-columns corresponding to four levels of LE secuiry mode1 for current device pairing state:

a) No authentication and no encryption

b) Unauthenticated pairing with encryption

c) Authenticated pairing with encryption

d) Authenticated LE Secure Connections

ATT Permission Definition

The final implementation of GATT Service Security is related to parameter settings during SMP initialization, including the highest security level, permission access of attributes in ATT table. It is also related to Master, for example, suppose Slave sets the highest security level supported by SMP as “Authenticated pairing with encryption”, but the highest level supported by Master is “Unauthenticated pairing with encryption”; if the permission for some write attribute in ATT table is “ATT_PERMISSIONS_AUTHEN_WRITE”, when Master writes this attribute, an error will be responded to indicate “encryption level is not enough”.

User can set permission of attributes in ATT table to implement the application below:

Suppose the highest security level supported by Slave is “Unauthenticated pairing with encryption”, but it’s not hoped to trigger Master pairing by sending “Security Request” after connection, user can set the permission for CCC (Client Characteristic Configuration) attribute with nofity attribute as “ATT_PERMISSIONS_ENCRYPT_WRITE”. Only when Master writes the CCC, will Slave respond that security level is not enough and trigger Master to start pairing encryption.

Note：

- Security level set by user only indicates the highest security level supported by device, and GATT Service Secuiry can be used to realize control as long as ATT Permission does not exceed the highest level that takes effect indeed. For LE security mode1 level 4, if use only sets the level “Authenticated LE Secure Connections”, the setting supports LE Secure Connections only.

For the example of GATT security level, please refer to "b85m_feature_test/ feature_gatt_security/app.c".

ble master GATT

In the ble_master kma dongle, the following GATT API is provided for doing simple service discovery or other data access functions.

(1) Find Information Request

ble_sts_t   blc_gatt_pushFindInformationRequest(u16 connHandle, u16 start_attHandle, u16 end_attHandle);

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.3.1 for details.

The return value list follows:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data

(2) Find By Type Value Request

ble_sts_t   blc_gatt_pushFindByTypeValueRequest (u16 connHandle, u16 start_attHandle, u16 end_attHandle, u16 uuid, u8* attr_value, int len);

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.3.3 for details.

The return value list follows:

ble_sts_t	Value	ERR Reason
BLE_SUCCESS	0	Success
LL_ERR_CONNECTION_NOT_ESTABLISH	0x80	Link Layer is in a non-connected state
LL_ERR_ENCRYPTION_BUSY	0x82	Encryption phase active, cannot send data
LL_ERR_TX_FIFO_NOT_ENOUGH	0x81	Large data task running, software Tx FIFO insufficient
SMP_ERR_PAIRING_BUSY	0xA1	Pairing phase active, cannot send data
GATT_ERR_INVALID_PARAMETER	0xC0	"attr_value" or "len" is 0, invalid
GATT_ERR_DATA_LENGTH_EXCEED_MTU_SIZE	0xC5	Data length exceeds effective MTU size

(3) Read By Type Request

ble_sts_t   blc_gatt_pushReadByTypeRequest (u16 connHandle, u16 start_attHandle, u16 end_attHandle, u8 *uuid, int uuid_len);

Please refer to "Bluetooth Core Specification v5.3" [Vol 3] Part F, Section 3.4.4.1.