You can write only one byte at a time.
But you can only erase a whole page.

There is no point to load anything to RAM.
The correct way is to use a streaming compressor e.g. zlib to pack the data and unpack it on the fly as it's transferred.
Using this technique you can reach much higher flashing speeds.

Also, I don't know how the Volvo ECU works but you should consider how to recover from a failed state as well when the key is cycled.

So the person who provided me with the SBL proved to me that the SBL can indeed write to the external memories. I can only assume that when you set up the SH7055 to be flashed, it also enables the internal circuitry to drive the CE,WE,OE pins high or low of the external memory and automatically sends the special unlock commands to the external flash chip. However this was not in the docs, or not presented in a way that made this clear.

I've also searched the byte patterns 0x555 and 0x2AA that are the special unlock commands that need to be sent to the 29LV chip and they don't exist in the ROM or SBL and are not even mentioned in the SH7055 hardware manual but they are required by the chip to unlock programming.

Very nice indeed. My test ecu is a 02 or 03, but my car is a 05+ with 500kbps CAN speed.

And there are all the files I could find which are 05+. Just to clarify, I found these files online, I didn't dump them.

That was my question before where you said I could write byte by byte. I took that to mean that I do not need to erase the page/sector. So even if I change one byte, I still have to erase a whole page/sector?

Thanks for the clarification. An erase is a must then. I also have to look into the checksum, although that would be when I am actually able to write data.

I did some more experiments and soldered a wire to the WE pin of the 29LV flash. It is connected to pin 226 of the MCU(or 35), however the pin is multiplexed and I could not find a way to make it work. I used the pin function controller to change the pin to general IO, and then made it output. But after attempting to write a logic low I could not make the pin change states, at least not at the 29LV WE pin. But we know that the SBL can erase/write this chip which means that at some point the logic low/high states can affect this WE pin.

If this was not the correct pin, the next candidate is pin 35 at Port F. Progress is slow, because my gf is playing LoL on my PC all day, if she isn't she is playing the guitar, when she's not doing that, she wants to go out for a walk.  

Addition: I had to bust out my multimeter and was able to trace the pin to Port J 9 aka Pin 186. This wasn't easy btw. The traces come out of the other side in a resistor to come back out the other. And resistors are tiny. Further tracing revealed that there is an AND gate chip connected to the WE enable pin of the 29LV chip, that seems to drive it high constantly. I am tracing that chip as well.

Addition 2: I accidentally broke the WE pin of the 29LV chip as well the trace it was connected to. So either I manage to fix it or I get another test ECU.

we're here working in the background

Is the A7 command the same as B4 in ECM, but A7 for TCM?

I had bench ECU, whenever I did 0x7A<command> it all gets executed there. But this was bootloader commands. However there is also a mysterious chip next to the SH7055 which I have no idea what it is, and only a few russians know what it does.

Going down to the car to test my VIDA proxy. Excited but also well prepared for various bugs.
Well first bug was..my mobile hotspot network had an addition space inserted in the name, and I had configured the rpi to connect to the network manually, and I wondered why it wasn't connecting. now back to the car I go.

Ok, so here is what happened. I plugged in the cable, set up everything and could see the CAN bus communication going on, however!!! After sending command 0xFF86000000000000, the whole car restarts, this unfortunately stops power to my RPI, restarting it as well. And the only thing that can do this is the CEM, so perhaps the CEM doesn't like this command?