The issue is, that you should be aware of the value of the lockbit(s). There is little point in preventing extraction of the hexfile from even a mildly encrypted file, if it can be easily and readily read out off the chip itself.

Some (most?) of the commercially available microcontrollers have little or no protection against low-cost intrusions (a.k.a. unlocking), although the manufacturers do embed such into other microcontroller-based chips such as smartcards.

Of course perfect security does not exist; the trouble is, that there is no concise information on how the readily available microcontrollers perform or fail in this respect. There is a lot of buzz on the net, but little usable information.

---
However, once you are happy with the physical security the chip provides for the firmware, you shouldn't be concerned about the security of the bootloader - it's about the same value (unless you use the same bootloader and/or key for multiple products) and the effort to rip it off the chip is exactly the same. Remeber, every security is only as strong as its weakest link.

Unless you make some elementary error in encrypting the hexfile, there is little concern about this - standard block ciphers are certainly much safer than the rest of the system. From what I have seen, these schemes very often failed on something else than the technicalities - human factor, most of the time...

JW


PS. XTEA...