as Luis, we need to work with encrypted images, in two modes:
1) first programming (load image to QSPI, burn fuses/keys etc.)
2) on-the-fied upgrade (new firmware received via ETH).
According to your comment, we need USB or UART1 and the MFG tool.
On the other hand, the comment is four months old, so I would like to check.
Can you confirm that we cannot write an encrypted image via JTAG?
What if we just want a SIGNED image?
Moreover, what is the best method to execute the on-the-field upgrade?