Hi Team,
I am planning to implement a secure boot mechanism on the nRF5340 for one of our products and would like to ensure the design is robust, scalable, and production-ready.
Could you provide detailed guidance on best practices for secure boot implementation, particularly around cryptographic key management—covering key generation, secure storage, provisioning, rotation strategies, and protection against unauthorized access? I am also interested in understanding critical do’s and don’ts that help avoid architectural or security flaws in the boot chain.
In addition, I would appreciate recommendations for implementing a reliable and secure firmware update mechanism over BLE FOTA. Specifically, I am looking for insights into image signing, verification workflows, anti-rollback protection, firmware versioning strategies, secure upgrade flows (including dual-bank or swap-based updates), and robust failure recovery mechanisms (e.g., power loss, interrupted updates, or invalid images).
It would also be helpful to understand common pitfalls observed in real-world deployments, including issues encountered during development, testing, and large-scale production rollouts. Please include considerations around manufacturing and provisioning flows (e.g., injecting keys, handling UICR, factory programming), as well as debugging restrictions and strategies once security features such as readback protection or debug locking are enabled.
Finally, I would like to know about any hardware-specific constraints or limitations of the platform, along with lessons learned or known challenges from similar products in the field—especially those impacting reliability, maintainability, or long-term security of the device lifecycle.
