You could try to glitch the bootloader. A common process is: After downloading the update and verifying the signature, a flag is set in the bootloader to copy the new software from the download to the working memory and the system is rebooted. When the new software is running correctly, the flag is reset. The flag-checking code could be glitched. This ensures that the copy is restarted when not completed, e.g. due to a power fail or reset. Erasing the update after a failed signature check is a bad idea, as it opens the door to flash wear-out attacks. Wim