Bonding is typically once in a lifetime event. After you bond LE stack saves the generated keys. When you start security next time around bonding will not happen, but encryption will be set. When you flash new FW the EEPROM/SFLASH is erased so bonding info is not saved.
Thanks, Victor. That explains it.
How can we erase this section of flash, to reset it?
Every time our board powers up, we want to reset these states that are stored in flash -- to reduce risk; so that when we reset or power up board, we know we are in the exact same reset state.
There is a call lesmpkeys_removeAllBondInfo to do that. Meanwhile I strongly recommend against using that technique. That will make your solution very insecure with an easy way to break.