I'm using the MCUmgr + MCUboot solution for BLE OTA FW updates (i.e. CONFIG_NCS_SAMPLE_MCUMGR_BT_OTA_DFU).
Is there any way to require pairing for firmware updates? I see that there's a CONFIG_MCUMGR_TRANSPORT_BT_AUTHEN flag that sets BT_GATT_PERM_READ/WRITE_AUTHEN on the SMP characteristics in smp_bt.c. I'm using Just Works pairing though, so I think I need these to be BT_GATT_PERM_READ/WRITE_ENCRYPT, and also I'd like to avoid modifying any NCS/Zephyr code.
I realize this doesn't add a ton of utility when FW updates are signed and encrypted, but it feels inconsistent for FW updates to work over unpaired connections when all the rest of the device's application-specific characteristics are set up to require pairing.
Also, would nRF Connect be able to perform DFU if pairing is required?
