diff --git a/firmware-2711/latest/pieeprom-2025-05-16.bin b/firmware-2711/latest/pieeprom-2025-05-16.bin
new file mode 100644
index 0000000..09ed04d
Binary files /dev/null and b/firmware-2711/latest/pieeprom-2025-05-16.bin differ
diff --git a/firmware-2711/latest/recovery.bin b/firmware-2711/latest/recovery.bin
index 880bcd6..f32f6cc 100644
Binary files a/firmware-2711/latest/recovery.bin and b/firmware-2711/latest/recovery.bin differ
diff --git a/firmware-2711/release-notes.md b/firmware-2711/release-notes.md
index 57e0a8b..2e1ec1d 100644
--- a/firmware-2711/release-notes.md
+++ b/firmware-2711/release-notes.md
@@ -1,5 +1,20 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
+## 2025-05-16: 2711: Automatically set revoke_devkey if program_pubkey=1 (latest)
+
+* 2711: (recovery) Automatically set revoke_devkey if program_pubkey=1
+  Previously, on BCM2711 products it was possible to program the key
+  hash without revoking the development key. This can be useful for
+  testing but should never be used in production because it is possible
+  to an install an older version of the bootloader which doesn't
+  support secure-boot.  Since the secure-boot tools are stable and
+  have improved usability (RPi secure-boot provisioner) this test
+  feature not necessary and is just a security risk so the behaviour
+  is changed to always revoke the development key if program_pubkey=1.
+  This change is not relevant on BCM2712 because secure-boot requires
+  that the second stage bootloader is counter-signed with the customer's
+  private key.
+
 ## 2025-05-13: Promote 2025-05-08 to the default release (default)
 
 ## 2025-05-08: Implement TCP window for net boot (latest)
diff --git a/imager/make-imager-release b/imager/make-imager-release
index c37f9e6..8985716 100755
--- a/imager/make-imager-release
+++ b/imager/make-imager-release
@@ -5,7 +5,7 @@ set -e
 script_dir=$(cd "$(dirname "$0")" && pwd)
 
 # Pi4, Pi400, CM4, CM4-S
-${script_dir}/make-release critical 2025-02-11 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
+${script_dir}/make-release critical 2025-05-08 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
 
 # Pi5
-${script_dir}/make-release critical 2025-02-12 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712
+${script_dir}/make-release critical 2025-05-08 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712