https://devzone.nordicsemi.com/f/nordic-q-a/86175/mcuboot-signature-validationHi, I am working on DFU-OTA example on BLE. my doubt here is once the controller copied the image into slot1 bootloader will immediately start to validate whether the image is valid or not . if it&#39;s valid then it will go for soft-reset. then controlen-USTelligent Community 13Wed, 30 Mar 2022 11:12:27 GMThttps://devzone.nordicsemi.com/thread/360781?ContentTypeID=1Wed, 30 Mar 2022 11:12:27 GMT137ad170-7792-4731-bb38-c0d22fbe4515:40ff9c09-3810-4585-8673-47091c0cff1cAmanda Hsieh<p>Hi,&nbsp;</p> <p>Sorry. I need to correct my answer after confirming with the team.&nbsp;</p> <p><span>There is no pre-validation before the mcuboot gets triggered in NCS.&nbsp;Real validation of the image (integrity check, authentication, decryption) is up to the secure bootloader. We can&#39;t do anything about that right now, only the bootloader has full knowledge and access to private keys. It is up to the application to verify whether the allowed remote actor provides the image and requests the update.</span></p> <p><span>-Amanda</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/360651?ContentTypeID=1Wed, 30 Mar 2022 05:32:53 GMT137ad170-7792-4731-bb38-c0d22fbe4515:77fe6834-8c68-4834-98e1-48460969dcdaShikamaru<p>thanks amanda,</p> <p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; In 1st validation , it will only check whether the dfu is triggered by the image or not . nothing else , all the security related things are done in booting phase by mcuboot. But how it is checking the <strong>triggering of the dfu in 1st validation part</strong> , that am not understanding can you please update on this.&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/359800?ContentTypeID=1Thu, 24 Mar 2022 12:32:19 GMT137ad170-7792-4731-bb38-c0d22fbe4515:105e83a9-bc32-41c2-a16d-a3405c3ceaecAmanda Hsieh<p>Hi,&nbsp;</p> <p>It doesn&#39;t verify&nbsp;security&nbsp;if the image sings with a key. The key will be verified while booting. See&nbsp;<a href="http://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/ug_fw_update.html#id5">Revoking private keys</a>.&nbsp;</p> <p>Regards,&nbsp;<br />Amanda</p><div style="clear:both;"></div>