My goal is to have a firmware that can be upgraded on-the-field via ethernet.I have already implemented code that can receive the binary, write it to the second code flash bank and boot from it.
My problem is that, if I understand correctly, what I implemented will only work as long as all future FW releases will never require a change in TrustZone secure/non-secure boundaries, and that I cannot guarantee.Changing the boundaries can only be achieved via SCI, but that requires physical access, which I want to avoid.
I have never worked on an MCU that features TrustZone, I do not need this feature at all.Would it be possible to make my code entirely "non-secure"?That way, I can just set the boundaries once via SCI and then I will never need to change them again.Or, is there any other way I can avoid this issue?