I enjoyed reading your blog about the ESP booloading internals, very informative.
In your blog entry "DECOMPILING THE ESP8266 BOOT LOADER V1.3(B3)" you write:
Why does it need 3 x 4kb sectors of the eeprom to store only a handful of bytes of config? I can’t see a good reason for that.
I'm quite sure the reason for that is that the memory used is of flash type (and not eeprom like you say in the blog). The difference being that you need to erase a whole sector before changing the data (any 0 to an 1). So to make sure you won't end up without any bootable software if the upgrade is interrupted during a flash erase or write they store the different data at different known flash positions. This way you should always at least be able to run the last code before the update.
Sorry if this is already old news for you.
A suggestion to make your code more reliable (and still simpler and more versatile then espressifs) is to add a checksum (could be as simple as xor of data (with start seed other than 0 or 0xff)) to your data structure (containing data about the roms flash storage points and sizes) and write it to 2 sectors (wait until first write is done until starting erase of second sector). This way when you boot you check the checksum of the first sector, if it's ok you use the data from it, if not you should have ok (yet older) data in the second sector. MAGIC can also be used instead of checksum (but doesn't feel as safe for me, I'm a bit paranoid )
I've used this method in the field for a number of projects over the years and it's never failed.
If this, or something similar, is implemented to make the the bootloader a bit more failsafe I'm also voting for including this in the Sming framwork (if it's ok with you rab).
Nice work!