hello JasonFan,
Regarding to your Question-1,
please assign key files to perform partial update with the flash script files.
or, you could enable no-flash option to generate signed files locally, and using dd command for remote update.
for example,
$ sudo ./flash.sh --no-flash -u <keyfile> -v <sbk_keyfile> -k <partition-id> jetson-xavier mmcblk0p1