Hi. A bit of an update.
1) We have been contacted by Kelly and their engineering manager. Last week, forwarded a laundry list of questions to them to better understand the design of this box.
2) This weekend, received a dump of the v2.01 firmware that is stored inside the flash memory device (8 pin device) shown on the PCB somewhere in this forum. The clean idea is to replace this IC with another that contains this corrected firmware. However, this requires the use of hot air surface mount tools + opening the box. If practical, consider to do so with your local electronic repair shop. The memory device is very common and the programming is straight forward (QSPI flash memory @ 4Mb).
3) This v2.01 firmware is reported to contain the fixed bootloader & the latest firmware for your M500 box. That is, with this firmware, future upgrades will not face this quirk.
4) Waiting on the answers for our many questions but know that the XMOS document raised (my first post here on this forum) is the root cause. One of the questions is how to properly open the box.
5) We do not own this M500 box but trying to understand and simulate the environment with our assorted XMOS tools in the lab. The upgrade mechanism is also very restrictive on what can and cannot be done with the upgrades.
6) Just now forwarded an email with a potential idea to SMSL (see below). IF you have not performed an upgrade, do not do so unless you are confident that your box has the corrected FACTORY IMAGE with the corrected bootloader. Only SMSL can validate which boxes or firmware offer this corrected firmware. Have emailed them to ask at which firmware version was this code corrected.
If your box contains the buggy bootloader and an older factory image AND you have not performed any upgrades then in theory, it should be possible to fix the box using only software.
It should also be possible to fix such field units using software as follows:
create an UPGRADE image that will boot -> remove the write protect bits of the flash -> erase the factory supplied (old) bootloader + erase the Image "0" (aka factory image) -> write the contents of the 2.01 firmware as the factory image - all in a single pass.
This must be all done without a power failure else the unit will brick. Then only a hardware fix of replacing the flash will work.
So the concept is that this single time upgrade can be used as a mechanism to fix the factory firmware so that the issue is fixed by the end consumer. This is a very solid potential solution.
We are confident that the firmware is encrypted so this demands that SMSL must encrypt this special firmware so that upon boot, the secret keys inside the XMOS CPU can decrypt the upgrade image during runtime to perform this task. Unless the secret keys are used, the code will not boot.
Not clear if other SMSL widgets are impacted by this field upgrade bug. If it makes business sense, will consider to purchase a M500 to review this case and then resell afterwards. Ironically then would prefer an older (buggy) firmware unit.
Back to research...
Sorry - forgot to note that SMSL has noted that the M500 is NOT EOL in the last email.