I just want to get some opinions from a high level point of view on a small project I am working on. So, what we are doing is creating a small bootloader to run on an ATmega1280 that will load an application file in intel hex format from an SPI based flash chip (IS25LD040). The main point of contention between my colleagues and is the fact that the method to load the firmware to the SPI flash is through the uC we are updating. So if at any point data is corrupted via poor firmware or emi issues, the chain is completely broken. I think it is fine because any redundancy checks in the "egg" firmware should minimize the risk of bad data getting pushed to the flash, so long as the bootloader has no serious bugs, the resulting "chicken" firmware should be loaded correctly. For this reason I really do not understand the argument. Attached is a flowchart for our bootloader and I will post up an ip-free version of the bootloader on here when it is done.
Any thoughts on our argument or the structure of the bootloader?https://www.lucidchart.com/documents/embeddedchart/56b67f8f-3e17-4f38-a93a-673bb6203162