Is TFM-M currently able to verify the signature of the image downloaded by the ‘untrusted client’?

I mean, are there needed methods exposed to ‘untrusted app’? If so, what methods need to be used?

Kind regards,

Tomasz