I'm trying to assess the feasibility of an application using nRF52840 in a module from either Minew or Raytac. In this application, the BLE radio works stricly in Central role and the network connection is cellular, via AT commands to a Quectel modem. That's how firmware updates will enter the system, not via BLE.
Security requirements are high, and therefore firmware packages will have to be downloaded and staged into internal flash, so we can reliably validate them. Our use case doesn't fit any of your predefined "transports" in your Secure Bootloader, though, as there is no BLE, UART or USB "push". It is strictly a "pull". Are there any examples?
Oh, one more thing: Can the ECDSA public key live somewhere in flash and not be hard-coded? We need to preserve the ability to update it via our own mechanism without a DFU cycle.
