Page 1 of 1

Z-Way: Unsecure Inclusion Issue

Posted: 16 Mar 2021 17:52
by N2641D
Hi,
I'm currently investigating the Z-Way Expert UI software. There is something where I would need some help to understand Z-Way's functionality.

When performing an inclusion of a ZGM130S based always on slave, the full interview session works very fine when using the Network->Control->Device Management: "Force unsecure inclusion" switch. When not using that switch, however, selecting an unsecure inclusion (see attached screen shot) the Z-Way controller still seeks for a "KEX Get" response.

16.03.2021 14:43:16 1 58 100 kbps -75 dBm - - KEX Get

which, of course, will not be answered by the Silicon Labs ZGM130S Z-Wave stack and therefore will result as a "unfinished interview". There are no issues with any of the other options (S0, S2 unauthenticated, S2 authenticated) for inclusion which do finish 100%. Just the one way of inclusion finishes with an "unfinished interview" for command class SECURITY_2.

Any advice? Thanks for your help!.



Screen Shot 2021-03-16 at 14.52.03.png
Screen Shot 2021-03-16 at 14.52.03.png (62.46 KiB) Viewed 3247 times
-----------------------------------------------------------------
For Information:


/**
* Please see the description of app_node_information_t.
*/
static uint8_t cmdClassListNonSecureNotIncluded[] =
{
COMMAND_CLASS_ZWAVEPLUS_INFO, // Z-Wave Plus v2 root device MUST
COMMAND_CLASS_ASSOCIATION,
COMMAND_CLASS_MULTI_CHANNEL_ASSOCIATION_V2,
COMMAND_CLASS_ASSOCIATION_GRP_INFO,
COMMAND_CLASS_TRANSPORT_SERVICE_V2,
COMMAND_CLASS_VERSION,
COMMAND_CLASS_MANUFACTURER_SPECIFIC,
COMMAND_CLASS_DEVICE_RESET_LOCALLY,
COMMAND_CLASS_INDICATOR,
COMMAND_CLASS_POWERLEVEL,
COMMAND_CLASS_SECURITY_2,
COMMAND_CLASS_SUPERVISION,
COMMAND_CLASS_FIRMWARE_UPDATE_MD_V5,

COMMAND_CLASS_CONFIGURATION_V4, // root device optional
COMMAND_CLASS_NOTIFICATION_V4,
COMMAND_CLASS_SENSOR_BINARY_V2,
COMMAND_CLASS_SENSOR_MULTILEVEL_V11,
COMMAND_CLASS_MULTI_CMD
};

/**
* Please see the description of app_node_information_t.
*/
static uint8_t cmdClassListNonSecureIncludedSecure[] =
{
COMMAND_CLASS_ZWAVEPLUS_INFO,
COMMAND_CLASS_TRANSPORT_SERVICE_V2,
COMMAND_CLASS_SECURITY_2,
COMMAND_CLASS_SUPERVISION,

COMMAND_CLASS_CONFIGURATION_V4, // root device optional
};

/**
* Please see the description of app_node_information_t.
*/
static uint8_t cmdClassListSecure[] =
{
COMMAND_CLASS_VERSION,
COMMAND_CLASS_ASSOCIATION,
COMMAND_CLASS_MULTI_CHANNEL_ASSOCIATION_V2,
COMMAND_CLASS_ASSOCIATION_GRP_INFO,
COMMAND_CLASS_MANUFACTURER_SPECIFIC,
COMMAND_CLASS_DEVICE_RESET_LOCALLY,
COMMAND_CLASS_INDICATOR,
COMMAND_CLASS_POWERLEVEL,
COMMAND_CLASS_FIRMWARE_UPDATE_MD_V5,

COMMAND_CLASS_NOTIFICATION_V4,
COMMAND_CLASS_SENSOR_BINARY_V2,
COMMAND_CLASS_SENSOR_MULTILEVEL_V11,
COMMAND_CLASS_MULTI_CMD
};

Re: Z-Way: Unsecure Inclusion Issue

Posted: 21 Mar 2021 13:24
by PoltoS
If you don't want to grant any key, use unsecure inclusion. Otherwise the interview will fail for an obvious reason.

Re: Z-Way: Unsecure Inclusion Issue

Posted: 21 Mar 2021 14:17
by N2641D
Thank you for your information. However, I lack the logic that Z-Way itself wouldn't use insecure inclusion if none of the security options were selected. But my thought might be too philosophical :-)

Re: Z-Way: Unsecure Inclusion Issue

Posted: 23 Mar 2021 01:58
by PoltoS
May be you are right. We should think about it.