In message 586f5d00606020556s1940cd23seb0a8e7d67dc32a6@mail.gmail.com you wrote:
The bootcmd envrionment variable shall "cp the-boot-script-image from flash to RAM" and "bootm the-boot-script-image". The boot script image is not compressed.
This is redundand. "bootm" includes loading the image to the load address. No extra copy is needed here.
Case 1: If the boot-bit flag is set, the boot-script shall copy the image to RAM and check the signed/encrypted image for authenticity and integrity (how this is done is yet to be identified)
You can check the image in flash before running "bootm".
Case 2: If the boot flag is not set the boot-loader shall copy the new firmware image to a given address in RAM via kermit protocol
Copy from flash to RAM with kermit protocol? Either you omitted some vital information here, or this is fundamentally broken.
erase the old kernel image at the given address copy the new image from RAM to flash finally save env so the new firmware is writable set the boot-bit to boot from the new firmware
You are aware that this is not really secure in any way, as it leaves many ways to run random unsigned images, too?
Best regards,
Wolfgang Denk