I'm confused. Is this a Dice (Riot) design? (root-of-trust bootloader, shared secret, double hash, "signs/authorizes the update" sorta thing)? Or is this a "root-of-trust bootloader, symmetric key, hex is encrypted, flash image is stored encrypted and decrypts to ram, executes from ram, only...