Nice!
I managed to dump what I needed to dump by now. I glitched out 2 blocks of plaintext firmware and was then able to perform an XOR keystream recovery using the plaintext and the update file contents and craft a custom update file with some guesswork on the CRC and a few other fields in the update file to dump the magic bootloader that performs the firmware decryption etc. Luckily the update file contents ween’t authenticated in any way. I got everything I need now 
I think I am going to revisit the glitching at some point though, because I am still mad at that erasure stuff. It almost feels like a countermeasure tbh, because it behaves so weirdly: Once it starts erasing itself, it doesn’t react on nRST anymore. It takes a while until it responds again at all. I tried detecting this behaviour and turned off its power in this case, but I was too slow and the flash already contained zeros all over the place. I suspect that the countermeasure starts flipping all bits in flash pages to zero, because that happens relatively fast and then starts erasing the pages. This is where I switched off its power.
I ran into all kinds of weirdnesses though, no matter if I used my own glitcher or the Chipwhisperer. I glitched and once I reached a certain block, no glitches would hit anymore. I left it run for hours and nothing happened. When I skipped to the next 256 byte block, it started glitching again. Then the erasures all the time, my own glitcher managed to cause glitches more often than the Chipwhisperer etc. There are just so many variables that make all this so hard to reproduce, it’s exhausting…
I think I am going to build myself a target board that allows for very quick power cycling of the target chip using a MOSFET so that I can kill it quickly like you do and just loose the first sector when the countermeasure trips. But all this is more of an academic interest by now.
