Looks like the WRITE_ONCE flag can be overwritten when using SST. The SST Regression Test cases 2002 and 1002 ideally should fail when run the second time on Musca-B1 but it doesn't fail. This means that the WRITE_ONCE could be successfully updated which is a bug.
This is an issue with the way the tests are done:
Using test NV counters causes protected storage to be invalid after reboot
When the regression tests are built, the SST_TEST_NV_COUNTERS flag is ON by default. This replaces the platform NV counters implementation with a test one that permits setting the NV counter values to arbitrary values, which is used to test the behaviour of SST in various rollback scenarios.
One other difference with the test NV counters is that they are not persistent, so they reset to zero when the device reboots. This causes verification of the secure storage to fail during initialisation, because the NV counter values do not match the ones in storage. As the SST_CREATE_FLASH_LAYOUT flag is ON, SST deals with this by wiping the storage and creating a new empty filesystem.
Ideally, it should be possible to use the test NV counters and still be able to have the storage persist across reboots, to be able to test reboot scenarios.
It is not a requirement for test data to persist across reboots, and there is no impact on release code, so this would be a nice-to-have improvement to the tests rather than an issue that needs fixing with any priority.