DFU firmware encryption

I don't see any problem with this.

And you are correct, .bin file is the pure image, and .data is the init packet.

If you going to encrypt the .bin file and decrypt it after you receive it on the bootloader, you need to modify the bootloader so that hash and signature is only validated after the image is decrypted.

Thanks for the confirmation, I've figured I had to change the CRC computation, so far I've failed, but I'll keep trying! (If I got it right, CRC is computed on the flight as data is received, I've tried to change to "compute CRC on decrypted data", but getting glitches)

CRC is calculated and checked after each object is received. Have a look here. You can consider to check CRC for the encrypted packet instead of decrypted packet. This is to ensure the object is received properly over the air. Also, doing this you don't have to modify the bootloader on that part.

You can use the hash of the decrypted image to do the final validation of the image integrity.

Thank you very much for the suggestion! I'm now looking at changing the CRC in my update package, but something puzzles me... I can't find the CRC inside the DAT file. I was under the impression it would follow struct dfu_init_command_t (or dfu-cc.proto). The first 16 bytes are 12 84 01 0A 3E 08 01 12 3A 08 01 10 33 1A 02 87, 87 could match with SD requirement, but 12 (first one) certainly doesn't look like a boolean!

The bootloader uses the hash from the init packet to verify the authenticity and integrity of the FW image in the post validation step, while the checksum values (sent upon request) are only used by the dfu controller to verify that the data is received correctly during the transfer. For instance, to verify that a data object is valid before issuing the EXECUTE command. In other words, the bootloader must compute the CRC on encrypted data.