https://devzone.nordicsemi.com/f/nordic-q-a/72766/nrf5340-qspi-decryption-integrity-checkHi, Does the nrf5340 perform any integrity checking on the QSPI on-the-fly decryption? Are there any details available on the specific algorithm used? The datasheet only says AES-128. Am I correct in my understanding that secure boot is not reallyen-USTelligent Community 13Tue, 16 Mar 2021 10:49:37 GMThttps://devzone.nordicsemi.com/thread/300071?ContentTypeID=1Tue, 16 Mar 2021 10:49:37 GMT137ad170-7792-4731-bb38-c0d22fbe4515:822136fd-25e9-49dc-8661-ee4d2ac7f3eeKenneth<p>Hello,</p> <p>The supported stream cipher mode is AES-CTR using 128 bit key size and nounce. There is no support for authenticated XIP, only encryption. If QSPI XIP is used as part of secure boot, then time-of-check, time-of-use (TOCTOU) is an attack vector. The recommend way around this limitation is to partition external code in logical blocks which do not rely on branching to other external regions in flash, and which are signed with a key only available internally. These blocks can then be fetched using QSPI to internal RAM, verified and then executed directly from RAM.&nbsp;</p> <p>Hope that help,<br />Kenneth</p><div style="clear:both;"></div>