As you know PSoC 5LP family do not support hardware cryptography. The latest PSoC 6 MCU portfolio supports hardware cryptographic block. You can go through the code example, CE222802 - PSoC 6 MCU Encrypted Bootloader which demonstrates UART based bootloading with signing and encryption.
Thank you for the answer. Yes, I have heard this for PSOC6 and I have not analysed if this would be portable to PSOC5 with firmware decryption. What is needed is to have boot-loader for PSOC5 which is capable additionally to firmware checksum verification to decrypt and flash scrambled firmware. Hardware acceleration is not available on PSOC5 but some algorithms are running well with software decryption too. The transfer speed is not critical, as the purpose for the boot-loader is to reduce product ownership risks. The feature will be used for on-field repair if it might be needed at all. Another use-case would be post production upload / upgrade when the programming pins are no longer accessible due to moulding.