Hi
At the company I work for (Ztove ApS) we have expanded the capacity of nrfutil (https://github.com/NordicSemiconductor/pc-nrfutil)
to include a option for AES (CBC mode) encrypting the binaries send over the air.
We are aware that this isn't 100% bullet proof, as you can decap the chip and probe the flash to obtain the decryption key.
(https://devzone.nordicsemi.com/f/nordic-q-a/23043/dfu-uicr-security-concern/90668#90668)
However the same can be said for enabling read back protection.
At least it will provide an additional barrier against trivial copying a product using the DFU .zip file.
The enhancements to nrfutil is only half the part of the solution, as one also needs to modify the DFU request handler slightly in the firmware.
The current state of the code is sightly rough around the edges (prints a bit of additional debug notices and such)
However is anyone interested in the changes, maybe even an official merge into nrfutil?
Regards Visti Andresen
