I have a nrf5340 board which I'm trying to finalize the bootloader process on.
From what I understand, the TF-M architecture uses a secure bootloader version of MCUBoot in the NCS v2.3.0. We can provide custom keys to this to ensure only images signed with a valid key will run on the device (I've tested this and it's working). What I don't understand is with the app_update.bin file I'm using as the firmware upgrade, does it contain both the secure and nonsecure images for the application core (I've selected the NS architecture for build configuration)? At the moment, when I've received an image on the mounted storage location, I upload the image to slot1_ns_partition and when the device restarts it tests and flashes the valid images. If the secure and non-secure images are not merged in the app_update.bin file, when and how do I need to update the secure partitions (I'm assuming I would use slot1_partition to upload the new version)?
I'm assuming to update the network core, I just do the flash upgrade to the network flash map locations. How do I specify which named flash area to write to? I've got a slot0 secure and ns, and a slot1 secure and non secure in the app configs. In the cpunet config Kconfig files I've got a slot0 secure and nonsecure, and slot 1 secure and nonsecure, with additional storage scratch and boot partitions). The flash maps are taken directly from the development kit dts files. How can I specify which flash directory (network or app) I want to upload the firmware to?
How do I upload new firmware for the network core, how can I figure out which fixed partition ID to use for the network firmware?
Thank you for your patience with this! Our goal is to be able to upload firmware through both BLE SMP interface and a custom built USB MSC firmware update.
