• In the use case you described it is not about encryption but about signed firmware updates or what is called 'secure boot' on PCs - system will not run unsigned kernel or drivers.

    Nordic dfu bootloader can do signed firmware updates but we have it turned off, also it can prevent modification of bootloader by setting some part of flash memory read only before the application is started. It can also verify the application at each reboot that it was not modified.

    If you would enable this you could sign your builds with your private key and only such signed builds could be uploaded to the device

  • good to know that,

    if nordic dfu could provide some "secure boot"function,
    then may be for processing sensitive information, i could handle it like
    the bangle app "2fa auth watch" and "pin lock"?

    then the situation just be similar to android before v4,
    that the OS is ensured to be authenic by the boot lock,
    and only the sensitive data is encrypted and handled by the app?



Avatar for fanoush @fanoush started