From eb3339fec3178f9f1ae425c6812cfe183060aaaa Mon Sep 17 00:00:00 2001
From: Sumeet Singh <sumeet.singh@espressif.com>
Date: Fri, 6 Jun 2025 15:22:06 +0530
Subject: [PATCH] feat(nimble): Added two GATT features:

1. Automatically initiate security if a GATT service request fails
2. Encryption, Authentication, and Authorization requirement on CCCD
---
 components/bt/host/nimble/Kconfig.in                    | 9 +++++++++
 components/bt/host/nimble/nimble                        | 2 +-
 components/bt/host/nimble/port/include/esp_nimble_cfg.h | 8 ++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/components/bt/host/nimble/Kconfig.in b/components/bt/host/nimble/Kconfig.in
index 09c1f00d1e..68153d8566 100644
--- a/components/bt/host/nimble/Kconfig.in
+++ b/components/bt/host/nimble/Kconfig.in
@@ -1218,6 +1218,15 @@ config BT_NIMBLE_GATTC_PROC_PREEMPTION_PROTECT
         can disrupt the GATT context,causing the service discovery callback to not be invoked.
         A temporary list is maintained to preserve the GATT context and use it in case of preemption.
 
+config BT_NIMBLE_GATTC_AUTO_PAIR
+    bool "Automatically pair upon receiving service request failure"
+    depends on BT_NIMBLE_ENABLED
+    default n
+    help
+        If enabled, when a service request (e.g. read, write) to a server fails, and the ATT
+        error suggests insufficient security, then the central will initiate pairing and retry
+        the service request.
+
 menu "Host-controller Transport"
     config BT_NIMBLE_TRANSPORT_UART
         bool "Enable Uart Transport"
diff --git a/components/bt/host/nimble/nimble b/components/bt/host/nimble/nimble
index f5f9a42c2d..f940397bce 160000
--- a/components/bt/host/nimble/nimble
+++ b/components/bt/host/nimble/nimble
@@ -1 +1 @@
-Subproject commit f5f9a42c2d42c472b7bdf01285eaca4c5c5acfd6
+Subproject commit f940397bcedd2974a8acd1abb359a3e2db741341
diff --git a/components/bt/host/nimble/port/include/esp_nimble_cfg.h b/components/bt/host/nimble/port/include/esp_nimble_cfg.h
index 1cecb90ca3..63ed22e523 100644
--- a/components/bt/host/nimble/port/include/esp_nimble_cfg.h
+++ b/components/bt/host/nimble/port/include/esp_nimble_cfg.h
@@ -1991,6 +1991,14 @@
 #endif
 #endif
 
+#ifndef MYNEWT_VAL_BLE_GATTC_AUTO_PAIR
+#ifdef CONFIG_BT_NIMBLE_GATTC_AUTO_PAIR
+#define MYNEWT_VAL_BLE_GATTC_AUTO_PAIR CONFIG_BT_NIMBLE_GATTC_AUTO_PAIR
+#else
+#define MYNEWT_VAL_BLE_GATTC_AUTO_PAIR (0)
+#endif
+#endif
+
 #ifndef MYNEWT_VAL_BLE_HOST_ALLOW_CONNECT_WITH_SCAN
 #ifdef CONFIG_BT_NIMBLE_HOST_ALLOW_CONNECT_WITH_SCAN
 #define MYNEWT_VAL_BLE_HOST_ALLOW_CONNECT_WITH_SCAN CONFIG_BT_NIMBLE_HOST_ALLOW_CONNECT_WITH_SCAN