The default Kconfig option for the MCUBoot swap algorithm is CONFIG_BOOT_SWAP_USING_MOVE, which corresponds to:
This algorithm requires a free sector (4KB) in the primary partition in order to perform the swap. However the default MCUBoot pm.yml configures the secondary partition to be the same size as the primary partition.
https://github.com/nrfconnect/sdk-mcuboot/blob/main/boot/zephyr/pm.yml#L20
In my case the size of each of these partitions is 448KB. So Zephyr will let me build an application up to 448KB, but if I were to actually load an application >=444KB into my primary partition I wouldn't be able to upgrade it via this MCUBoot config. I didn't test it, but I assume that MCUBoot would gladly take that image initially, meaning that you could OTA yourself into a corner.
