Hello - I have the exact same question as proposed in this thread - I am wondering if there has been any change in the 3 last years since it was posted.
nRF52840 + NCS + MCUBoot, CC310-enabled image encryption?
In a nutshell, we want to encrypt our DFU images, such that they cannot be reverse engineered, as we store them on a mobile app and do OTA DFU via BLE.
As we understand, MCUboot supports encrypt/decryption of FW images BUT this does not support the HW accelerated CC310 crypto backend in nRF5 chips. A SW backend like Tinycrypt must be used. Only image-signing works with CC310 backend.
Nonetheless, we have got an encryption solution working by enabling the tinycrypt SW backend via CONFIG_BOOT_ECDSA_TINYCRYPT on MCUboot KConfig.
This does work but clearly image decryption is very slow, as it takes ~45 seconds to reset after sending MCUmgr test then reset command. So clearly the “on-the-fly” decryption it does at this point takes this long.
Will CC310 backend ever be supported for MCUboot encryption? The problem is we download our DFU file from the cloud, and store them in our mobile app, so without encryption, our image binary is basically stored in plain sight. We find it quite odd that NCS does not have much support for DFU image encryption.