It would be nice to set the write protection bits on the bootloader and user image to make it a little harder for the FPGA to accidentally erase or overwrite the bootloader if the user image is trying to write to SPI flash. This would require a state machine in the spiflash bridge to unlock the flash when handling the first block, and to re-lock it when returning to the dfuIDLE state.
It would be nice to set the write protection bits on the bootloader and user image to make it a little harder for the FPGA to accidentally erase or overwrite the bootloader if the user image is trying to write to SPI flash. This would require a state machine in the spiflash bridge to unlock the flash when handling the first block, and to re-lock it when returning to the dfuIDLE state.