Setting sysbuild encryption of DFU images

Hello,

Please browse the build/<application name>/zephyr folder to see if you have a file named zephyr.signed.encrypted.bin. This should be the encrypted and signed variant of the image. The other file named zephyr.signed.bin is the file that becomes included in the dfu_application.zip. Creation of the the zip file is a nRF Connect SDK specific feature which is not tested with encrypted images (encrypted DFU is not officially supported in our SDK).

Best regards,

Vidar

Indeed, I do have the ...encrypted.bin file. Thanks for the helpful response.

Regarding the post you linked, it notes that the solution does not use secure key storage.  Is it possible to use secure key storage on the nrf52840?  If not, is this a limitation of hardware?

It cannot be guaranteed that the key stored in the bootloader or firmware images on this device cannot be extracted through a physical attack, such as decapping the chip. Additionally, the key may be leaked by exploiting an undiscovered vulnerabilities in the code, as the key must be accessible to the CPU during decryption.

That said, the bootloader can use the ACL through the FPROTECT module to lock the bootloader flash area from read and write access before branching to the main application. This will limit the window where the key in flash can be accessed internally by the CPU.

It is also important to use silicon revision 3 as this revision introduced changes to mitigate a known fault injection technique to bypass the readback protection: https://docs.nordicsemi.com/bundle/IN/resource/in_141_v1.1.pdf 

It cannot be guaranteed that the key stored in the bootloader or firmware images on this device cannot be extracted through a physical attack, such as decapping the chip. Additionally, the key may be leaked by exploiting an undiscovered vulnerabilities in the code, as the key must be accessible to the CPU during decryption.

That said, the bootloader can use the ACL through the FPROTECT module to lock the bootloader flash area from read and write access before branching to the main application. This will limit the window where the key in flash can be accessed internally by the CPU.

It is also important to use silicon revision 3 as this revision introduced changes to mitigate a known fault injection technique to bypass the readback protection: https://docs.nordicsemi.com/bundle/IN/resource/in_141_v1.1.pdf