I figured out up to some extent that when I initiate the pairing only then I can move to security level 2. I changed the alwaysPairable = true in the main.conf file and it triggered the pairing pop up when I initiate pairing it's choosing the passkey pairing mechanism instead of just works pairing. I don't have a monitor in my embedded device so I don't want MITM and I am trying to achieve only encryption. So, using the sniffer I checked the logs during the pairing process the MITM flag is true.

These are the btmon logs:
btmon logs:
< ACL Data TX: Handle 65 flags 0x00 dlen 6 #23 [hci0] 8.478479
SMP: Security Request (0x0b) len 1
Authentication requirement: Bonding, No MITM, SC, No Keypresses, CT2 (0x29)

ACL Data RX: Handle 65 flags 0x02 dlen 11 #24 [hci0] 8.534977
SMP: Pairing Request (0x01) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses, CT2 (0x29)
Max encryption key size: 16
Initiator key distribution: EncKey IdKey LinkKey (0x0b)
Responder key distribution: EncKey IdKey LinkKey (0x0b)
< ACL Data TX: Handle 65 flags 0x00 dlen 11 #25 [hci0] 8.535191
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses, CT2 (0x29)
Max encryption key size: 16
Initiator key distribution: EncKey IdKey LinkKey (0x0b)
Responder key distribution: EncKey LinkKey (0x09)
HCI Event: Number of Completed Packets (0x13) plen 5 #26 [hci0] 8.563570
Num handles: 1
Handle: 65
Count: 2
ACL Data RX: Handle 65 flags 0x02 dlen 69 #27 [hci0] 9.555690
SMP: Pairing Public Key (0x0c) len 64
X: 06a54ee20ca641b421f3df4cd33a37222a4cb3a84b16316e4e6d11a48446e763
Y: 170c2861e2e2388e33ab2fad5890ad0c15a05c573f80aad5b52233a172f35df9
< ACL Data TX: Handle 65 flags 0x00 dlen 69 #28 [hci0] 9.607590
SMP: Pairing Public Key (0x0c) len 64
X: 1fa0993253b974b23263bedb371d4a9fd5343b18e1b0806d5094b724d4284af1
Y: de166aca7c0f96f2e12adcb507b48cbbae759fea5659f66fe864dd43ecfcbf61
< ACL Data TX: Handle 65 flags 0x00 dlen 21 #29 [hci0] 9.607654
SMP: Pairing Confirm (0x03) len 16
Confim value: 034d4a61c026f45c4fbf3e78df2e255c
HCI Event: Number of Completed Packets (0x13) plen 5 #30 [hci0] 9.613620
Num handles: 1
Handle: 65
Count: 2
ACL Data RX: Handle 65 flags 0x02 dlen 21 #31 [hci0] 9.645383
SMP: Pairing Random (0x04) len 16
Random value: 99bf9154ccb40df104d219c2038a111e
@ MGMT Event: User Confirmation Request (0x000f) plen 12 {0x0001} [hci0] 9.645639
LE Address: 67:D8:B5:6D:10:52 (Resolvable)
Confirm hint: 0x01
Value: 0x0005346e
< ACL Data TX: Handle 65 flags 0x00 dlen 21 #32 [hci0] 9.645702
SMP: Pairing Random (0x04) len 16
Random value: a288581eb5b6067e4ce429f70d917d92
= bluetoothd: src/device.c:new_auth() No agent available for request type 2 9.649203
= bluetoothd: device_confirm_passkey: Operation not permitted [hci0] 9.649672
@ MGMT Command: User Confirmation Negative Reply (0x001d) plen 7 {0x0001} [hci0] 9.647185
LE Address: 67:D8:B5:6D:10:52 (Resolvable)
@ MGMT Event: Authentication Failed (0x0011) plen 8 {0x0001} [hci0] 9.647301
LE Address: 67:D8:B5:6D:10:52 (Resolvable)
Status: Authentication Failed (0x05)
@ MGMT Event: Command Complete (0x0001) plen 10 {0x0001} [hci0] 9.647346
User Confirmation Negative Reply (0x001d) plen 7

When I check in bluez 5.55 code i couldn't figure out how where the security level is set to high I believe because of that only it's initiating to security level 3 instead of level 2. How do I achieve just works pairing? How do I move to security level 2?

= bluetoothd: src/device.c:new_auth() No agent available for request type 2 9.649203
= bluetoothd: device_confirm_passkey: Operation not permitted

Well this explain it already, you don't have any agent registered to authorize the pairing, note that authorization != authentication, so even if just works method is used you still will need an agent to authorize the pairing to proceed, you can use bluetoothctl -a auto if you want to automatically authorize pairing.

I have registered an agent now and it's set to default agent I could see that pairing process is going good and it's moving to security level2 also. I wont be able to use bluetoothctl because that's disabled for me, currently I am doing it through c programming with sd-bus.h library which runs in linux platform. I have one api to register an agent and make that default and another api to authenticate the request.

busctl monitor logs from org.bluez:

Type=method_call Endian=l Flags=0 Version=1 Priority=0 Cookie=138
Sender=:1.227 Destination=:1.229 Path=/org/bluez/justworks Interface=org.bluez.Agent1 Member=RequestAuthorization
UniqueName=:1.227
MESSAGE "o" {
OBJECT_PATH "/org/bluez/hci0/dev_46_2B_BE_30_7F_6D";
};

Type=method_return Endian=l Flags=1 Version=1 Priority=0 Cookie=23 ReplyCookie=138
Sender=:1.229 Destination=:1.227
UniqueName=:1.229
MESSAGE "" {
};

Type=error Endian=l Flags=1 Version=1 Priority=0 Cookie=24 ReplyCookie=138
Sender=:1.229 Destination=:1.227
ErrorName=org.freedesktop.DBus.Error.UnknownMethod ErrorMessage="Unknown method RequestAuthorization or interface org.bluez.Agent1."
UniqueName=:1.229
MESSAGE "s" {
STRING "Unknown method RequestAuthorization or interface org.bluez.Agent1.";
};

Once the device is Paired and Bonded the properties are changing to true but once pairing is successful the services resolved property is also toggling from True to false. Why is that happening? @Vudentz please provide your inputs to resolve this issue?

When I just register agent alone and don't perform my custom request authentication it returns with this error

daemon logs:
bluetoothd[979]: ../bluez-5.65/src/adapter.c:user_confirm_request_callback() hci0 8C:88:2B:05:67:33 confirm_hint 1
bluetoothd[979]: ../bluez-5.65/src/device.c:new_auth() Requesting agent authentication for 8C:88:2B:05:67:33
bluetoothd[979]: ../bluez-5.65/src/agent.c:agent_ref() 0x24e3468: ref=2
bluetoothd[979]: ../bluez-5.65/src/agent.c:agent_request_authorization() Calling Agent.RequestAuthorization: name=:1.253, path=/org/bluez/justworks
bluetoothd[979]: ../bluez-5.65/src/agent.c:agent_ref() 0x24e3468: ref=3
bluetoothd[979]: ../bluez-5.65/src/agent.c:simple_agent_reply() agent error reply: org.freedesktop.DBus.Error.UnknownObject, Unknown object '/org/bluez/justworks'.
bluetoothd[979]: ../bluez-5.65/src/adapter.c:btd_adapter_confirm_reply() hci0 addr 8C:88:2B:05:67:33 success 0
bluetoothd[979]: ../bluez-5.65/src/agent.c:agent_unref() 0x24e3468: ref=2
bluetoothd[979]: ../bluez-5.65/src/agent.c:agent_unref() 0x24e3468: ref=1

I tried this way to get rid of the services resolved issue but doesn't happen. I went through this page where Request authorization method is inbuilt available how to use that I am using sd-bus.h library and trying to check after registering the agent. Should I do any additional step?

I have moved to bluez 5.65 now