Test LPC bootloader signed update and secure boot

[conorpp]

It would be great to evaluate the bootloader + signed updates using LPC55's ROM.

A good overview is given in AN12283.

I image successful (green) and failed (red) signed updates would follow these paths.

And the application can have the ability to jump to the ISP/bootloader-rom to start the update process. The answer to this forum post makes it look pretty simple.

There are a few not-so-trivial things to configure.

• The public key chain loaded into the bootloader ROM.
• Other bits in CMPA + CFPA pages.

To access the latest "elftosb" and "elftosb-gui" tools, you need to download an MCUXpresso kit and make sure you have mcu-boot option enabled.

I have some not-easy-to-find documents giving good documentation + examples of configuring LPC55 with elftosb. Message me on Keybase (conor1) and I will send to you.

It would be great to be able to:

• Create an example Rust program that can boot to bootloader ROM after receiving some event (like a USB command).
• Create a demo that configures that configures the bootloader ROM.
• Update the ROM with a signed update.
• Update the ROM with an unsigned update (fail).
• Maybe try revocation of a certificate?

Open to feedback!

(cc @jolo1581).