Firmware encryption

we would like to encrypt the FOTA firmware image for distribution so it can be “safely” transmitted without FOTA Link Encryption (KB: Adding Bonding & Link Encryption to RSL10 FOTA).
The idea is to decrypt the firmware byte stream on the RSL10 before storing the recieved image bytes to flash.

This is different from the example we found provided by onsemi which decrypts the firmware before sending. We wish to distribute the firmware image encrypted and perform the decryption only on the target device as it is receiving the firmware.

Can You point to the best place in FOTA library to implement the decryption part? Any other pointers or tips?

Best regards

Hi @Karlis,

We discuss a high-level solution to this issue in the topic linked below:

Essentially, by adding Bonding and Encryption to both the master and slave of the FOTA update, and by updating the connection/update procedure, you should be able to make use of the standardized BLE Encryption to send the firmware over the DFU in an encrypted state, which the BLE Stack will automatically decrypt.