Hi Nordic team,
I’m working with nRF54H20DK on nRF Connect SDK v3.2.2 and using MCUboot as the bootloader.
From the current documentation and samples, my understanding is:
On nRF54H20, the boot sequence is Secure-Domain based and cannot be disabled.
NSIB / B0-style immutable bootloaders are not supported on nRF54H20
SUIT was previously used bootloader updates, but from NCS 3.1.0 and later it appears deprecated / removed
Current DFU guidance focuses on MCUboot-based application updates only
MCUboot itself cannot safely update itself and there is no exposed A/B or rollback mechanism for the bootloader
This leads me to conclude that, in NCS ≥ 3.1, MCUboot is effectively treated as immutable in the field, and can only be updated via SWD / service access.
My questions are:
Is there currently any supported way to field-update MCUboot on nRF54H20
(e.g. over USB/OTA, with rollback protection), using public NCS tooling?
If not, is this a deliberate long-term design decision, or are there plans to expose a Secure-Domain–managed mechanism (or alternative to SUIT) for safe MCUboot updates in the future?
Best regards,
Mads
