[DFU + UICR] security concern

Question

DFU & UICR works well. However, concerning sw protection, we found that the binary file in the ZIP package of DFU is open to access. That is a security breach. Is any solution or method available for customers to protect sw?

Hung Bui · Accepted Answer

Hi Louis, 
 You are correct, the firmware image is not encrypted. We don't implement any encryption because there is no safe way of storing keys on the chip. An attacker can always decap the chip and read flash to find the hardcoded key on the chip. 
 But if you can accept that risk, you can follow this thread where we discussed about how to implement encryption on the bootloader.