I see in the documentation the details on setting up the secure boot, encrypting the various components and setting them into NAND, Flash, QSPI or wherever.
I also see the options of blowing the fuses or running RCW with SB_EN=0, or both.
However, what I don't see is how to re-flash the unit when the firmware changes - and it always changes.
Clearly blowing the fuses will brick the unit, so we need the internal switches to be set.
Question - with this device located on a hardwire Ethernet network, is there a way to reflash the unit once it's in secure boot mode? We can make the assumption that the connection to actually do the flashing is secure, but I don't see how to reset the switches to allow booting to the non-secure mode and from there reloading the encrypted packages.