OK, it sounds like a sophisticated user could get access to our unencrypted binary, but they would only be able to load it on additional devices if they are knowledgeable enough to edit it to disable the code that checks the device ID. In other words: security through obscurity. Is that correct?
I am considering using Flasher Secure, but I haven't been able to learn enough to be convinced of its security. In the "UM08032 Flasher Secure User Guide & Reference Manual", it says that using it with ST devices, "The chip’s public key additionally is signed by ST, so the server can determine if the public key originates from a real device." This seems essential to protect the IP. Without it, a malicious custom device could do the necessary handshaking, provide a public key, accept the encrypte…