I think you should implement a fail-safe bootloader whose functionlaity will be as below:
1. SPI Flash will have 2 images along with the second stage bootloader code, for implementing fail safe mechanism.
(So in total there will be three images in the SPI Flash)
2. When the firmware upgrade is done(meaning - upgrading the SPI Flash image), the older version among the 2 images
will be upgraded so that even if the upgrade corrupts the image, the other image will act as a backup. Second stage bootloader
should boot always the latest good image, among the 2 images.
3. Upon power on, FX3 will boot from SPI Flash, the second stage bootloader code.
4. Second stage bootloader code will check the validity of the firmwares image1 and image 2. If both are valid the second stage bootloader
will find the most recent one by comparing the FW headers read from the SPI flash and boots the image whose firmware version is greater. If
both firmware versions are equal, it will go for image 1.
5. If the booting of the selected image failed then the second stage bootloader will boot the other image. If both fails, FX3 will fall back
to USB boot.