BLE Bonding UI
Currently the card10 always accepts a new Bluetooth bonding if Bluetooth is enabled.
It does request a pairing which has Man-in-the-middle protection and can be made using only two buttons. This effectively restricts it to the "Numeric Comparison" method. The card10 is supposed to display a 10 digit number and have the user confirm the number. Currently this confirmation is done automatically and the user is not informed about it.
We already have two tries to add a UI component:
- https://git.card10.badge.events.ccc.de/card10/firmware/-/merge_requests/274
- https://git.card10.badge.events.ccc.de/zlatko/firmware/-/commit/2b938749000e5b7e437f56cd22529d375e66773d
Both try to implement a UI inside Epicardium. After thinking about it I came to the conclusion that the UI should work a bit differently:
- Only allow to bond to the card10 if the UI for bonding/Bluetooth is open. This mimics how other devices handle this.
- Do not block the BLE stack. This is a shortcoming of https://git.card10.badge.events.ccc.de/card10/firmware/-/merge_requests/274. Blocking the stack will lead to a failed bonding attempt.
- Ideally offer an option to remove existing bondings
- Warn if an existing bonding would be overwritten. Alternatively prevent a new bonding in this case
I think it would be good to implement the whole thing in Python:
- We already have a Bluetooth app
- It does not block the BLE stack
- It does not have to force lock the display