From 0095bc4b7f27504aebb42d6e8759442021f66bb6 Mon Sep 17 00:00:00 2001
From: Rahul Tank <rahul.tank@espressif.com>
Date: Tue, 14 May 2024 15:58:17 +0530
Subject: [PATCH] fix(nimble): Fixed BLE security vulnerability when using
 fixed IRK

---
 components/bt/host/nimble/Kconfig.in                   | 10 ++++++++++
 components/bt/host/nimble/nimble                       |  2 +-
 .../bt/host/nimble/port/include/esp_nimble_cfg.h       |  8 ++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/components/bt/host/nimble/Kconfig.in b/components/bt/host/nimble/Kconfig.in
index 67b234c63f..d5ca3f8648 100644
--- a/components/bt/host/nimble/Kconfig.in
+++ b/components/bt/host/nimble/Kconfig.in
@@ -164,6 +164,16 @@ config BT_NIMBLE_NVS_PERSIST
     help
             Enable this flag to make bonding persistent across device reboots
 
+config BT_NIMBLE_SMP_ID_RESET
+    bool "Reset device identity when all bonding records are deleted"
+    default n
+    help
+        There are tracking risks associated with using a fixed or static IRK.
+        If enabled this option, Bluedroid will assign a new randomly-generated IRK
+        when all pairing and bonding records are deleted. This would decrease the ability
+        of a previously paired peer to be used to determine whether a device
+        with which it previously shared an IRK is within range.
+
 menuconfig BT_NIMBLE_SECURITY_ENABLE
     bool "Enable BLE SM feature"
     depends on BT_NIMBLE_ENABLED
diff --git a/components/bt/host/nimble/nimble b/components/bt/host/nimble/nimble
index 71e30945de..06e22e89dd 160000
--- a/components/bt/host/nimble/nimble
+++ b/components/bt/host/nimble/nimble
@@ -1 +1 @@
-Subproject commit 71e30945def0cfbc05e3e3a4a0a1ab8c065f10bc
+Subproject commit 06e22e89dd752714295eb835498cc6a7cdfcdf12
diff --git a/components/bt/host/nimble/port/include/esp_nimble_cfg.h b/components/bt/host/nimble/port/include/esp_nimble_cfg.h
index 6a47d90f1d..3ec76d0ea7 100644
--- a/components/bt/host/nimble/port/include/esp_nimble_cfg.h
+++ b/components/bt/host/nimble/port/include/esp_nimble_cfg.h
@@ -889,6 +889,14 @@
 #define MYNEWT_VAL_BLE_SM_THEIR_KEY_DIST (0)
 #endif
 
+#ifndef MYNEWT_VAL_BLE_SMP_ID_RESET
+#ifdef CONFIG_BT_NIMBLE_SMP_ID_RESET
+#define MYNEWT_VAL_BLE_SMP_ID_RESET CONFIG_BT_NIMBLE_SMP_ID_RESET
+#else
+#define MYNEWT_VAL_BLE_SMP_ID_RESET (0)
+#endif
+#endif
+
 #ifndef MYNEWT_VAL_BLE_CRYPTO_STACK_MBEDTLS
 #define MYNEWT_VAL_BLE_CRYPTO_STACK_MBEDTLS (CONFIG_BT_NIMBLE_CRYPTO_STACK_MBEDTLS)
 #endif