Merge remote-tracking branch 'pitowers/master' into pios/bookworm

* pitowers/master:
  pieeprom-2025-05-16: 2711: Automatically set revoke_devkey if program_pubkey=1 (latest)
  imager: 2712: 2711: Update to the 2025-05-08 firmware

firmware-2711/release-notes.md

@@ -1,5 +1,20 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
+## 2025-05-16: 2711: Automatically set revoke_devkey if program_pubkey=1 (latest)
+
+* 2711: (recovery) Automatically set revoke_devkey if program_pubkey=1
+  Previously, on BCM2711 products it was possible to program the key
+  hash without revoking the development key. This can be useful for
+  testing but should never be used in production because it is possible
+  to an install an older version of the bootloader which doesn't
+  support secure-boot.  Since the secure-boot tools are stable and
+  have improved usability (RPi secure-boot provisioner) this test
+  feature not necessary and is just a security risk so the behaviour
+  is changed to always revoke the development key if program_pubkey=1.
+  This change is not relevant on BCM2712 because secure-boot requires
+  that the second stage bootloader is counter-signed with the customer's
+  private key.
+
 ## 2025-05-13: Promote 2025-05-08 to the default release (default)
 
 ## 2025-05-08: Implement TCP window for net boot (latest)

imager/make-imager-release

@@ -5,7 +5,7 @@ set -e
 script_dir=$(cd "$(dirname "$0")" && pwd)
 
 # Pi4, Pi400, CM4, CM4-S
-${script_dir}/make-release critical 2025-02-11 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
+${script_dir}/make-release critical 2025-05-08 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
 
 # Pi5
-${script_dir}/make-release critical 2025-02-12 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712
+${script_dir}/make-release critical 2025-05-08 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712