ECC DFU in SDK12 - Possible to on flash decrypt application data?

Question

I think similar to but not exactly this question: devzone.nordicsemi.com/.../ 
 Can I get a quick clarification here.... 
 I'd like to encrypt the zip data / application code on a DFU. I have sensitive data in my application that can not be sent out in the clear even compiled and zipped. 
 The only way that can work is if I were to change the bootloader code to know to take the zip data / app code and decrypt it before writing to ROM.... Right? 
 So the method for unzipping, and signature checking is already there in the new secure DFU - but in order to do what I want I'll need to add that extra decrypt-the-data step into the bootloader. Can I do that? Seems fairly easy to add that step before writing, but I'm not sure, do I even have access to the bootloader code? 
 Or am I looking at coding a secondary bootloader to do this work? 
 Thanks!

bjorn-spockeli · Accepted Answer

If you use LE Secure Connections you already have ECC encryption at the Link layer, but this requires both sides to support LE Secure Connections and this might not always be the case, at least not yet. 
 So yes, you have to add a ECC decryption step before writing the received firmware image to flash. Modifying the existing bootloader to do this extra step should not be a problem. 
 You can find the Secure DFU bootloader example in the SDK under examples/dfu/bootloader_secure which you may modify as you see fit. 
 -Bjørn

ECC DFU in SDK12 - Possible to on flash decrypt application data?

Top Replies