diff --git a/firmware-2711/latest/pieeprom-2025-08-27.bin b/firmware-2711/latest/pieeprom-2025-08-27.bin
new file mode 100644
index 0000000..8ce3a6f
Binary files /dev/null and b/firmware-2711/latest/pieeprom-2025-08-27.bin differ
diff --git a/firmware-2711/latest/recovery.bin b/firmware-2711/latest/recovery.bin
index 22a5353..389bca8 100644
Binary files a/firmware-2711/latest/recovery.bin and b/firmware-2711/latest/recovery.bin differ
diff --git a/firmware-2711/release-notes.md b/firmware-2711/release-notes.md
index ff5c99c..8512c45 100644
--- a/firmware-2711/release-notes.md
+++ b/firmware-2711/release-notes.md
@@ -1,5 +1,25 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
+## 2025-08-27: Fix PARTITION property to allow default (0) partition to be overridden (latest)
+
+* Fix PARTITION property to allow default (0) partition to be overridden
+  Fix the partition selection to allow the bootloader PARTITION
+  property to override the reboot partition number if the reboot
+  argument is 0 or > 31. Previously, it was only allowing
+  partition numbers > 31 to be overridden.
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/743
+* Enable RPIBOOT in BOOT_ORDER / set-reboot-order
+  Previously, rpiboot required the bootrom to have initialised
+  rpiboot before running the firmware. Update the rpiboot
+  initialisation so that rpiboot to be enabled after booting from
+  SPI flash.
+  This could be selectively enabled by setting BOOT_ORDER property
+  (0x3) behind a GPIO conditional in the EEPROM config. On Pi5, the
+  set_reboot_order config.txt option or mailbox property can be
+  used to set a one-time boot-order on
+  N.B. There is no timeout for RPIBOOT so this should only be set
+  as the last boot mode OR used with a boot_watchdog.
+
 ## 2025-08-20: Fix PARTITION_WALK for missing start.elf files (latest)
 
 * Fix PARTITION_WALK for missing start.elf files
diff --git a/firmware-2712/latest/pieeprom-2025-08-27.bin b/firmware-2712/latest/pieeprom-2025-08-27.bin
new file mode 100644
index 0000000..aa87f5f
Binary files /dev/null and b/firmware-2712/latest/pieeprom-2025-08-27.bin differ
diff --git a/firmware-2712/latest/recovery.bin b/firmware-2712/latest/recovery.bin
index db656c4..8f58b43 100644
Binary files a/firmware-2712/latest/recovery.bin and b/firmware-2712/latest/recovery.bin differ
diff --git a/firmware-2712/release-notes.md b/firmware-2712/release-notes.md
index 1f4adbc..dbead1f 100644
--- a/firmware-2712/release-notes.md
+++ b/firmware-2712/release-notes.md
@@ -1,5 +1,25 @@
 # Raspberry Pi5 bootloader EEPROM release notes
 
+## 2025-08-27: Fix PARTITION property to allow default (0) partition to be overridden (latest)
+
+* Fix PARTITION property to allow default (0) partition to be overridden
+  Fix the partition selection to allow the bootloader PARTITION
+  property to override the reboot partition number if the reboot
+  argument is 0 or > 31. Previously, it was only allowing
+  partition numbers > 31 to be overridden.
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/743
+* Enable RPIBOOT in BOOT_ORDER / set-reboot-order
+  Previously, rpiboot required the bootrom to have initialised
+  rpiboot before running the firmware. Update the rpiboot
+  initialisation so that rpiboot to be enabled after booting from
+  SPI flash.
+  This could be selectively enabled by setting BOOT_ORDER property
+  (0x3) behind a GPIO conditional in the EEPROM config. On Pi5, the
+  set_reboot_order config.txt option or mailbox property can be
+  used to set a one-time boot-order on
+  N.B. There is no timeout for RPIBOOT so this should only be set
+  as the last boot mode OR used with a boot_watchdog.
+
 ## 2025-08-20: force_eeprom_read=0 disables HAT I2C (latest)
 
 * force_eeprom_read=0 disables HAT I2C
diff --git a/releases.md b/releases.md
index 0d40078..b156a0c 100644
--- a/releases.md
+++ b/releases.md
@@ -14,5 +14,6 @@ For support or hardware interoperability discussions please use the Raspberry Pi
 ## Old EEPROM images
 Old bootloader images are periodically removed from the APT package to reduce the disk space but are still available via Github 
 * Old [BCM2711 releases](https://github.com/raspberrypi/rpi-eeprom/tree/master/firmware-2711/old).
+* Old [BCM2712 releases](https://github.com/raspberrypi/rpi-eeprom/tree/master/firmware-2712/old).
 
 **Old releases may fail to boot on newer hardware revisions.**
diff --git a/tools/rpi-otp-private-key b/tools/rpi-otp-private-key
index 22b9a13..df9ba17 100755
--- a/tools/rpi-otp-private-key
+++ b/tools/rpi-otp-private-key
@@ -47,7 +47,7 @@ usage() {
    openssl ec -in private_key.pem -text -noout | awk '/priv:/{flag=1; next} /pub:/{flag=0} flag' | tr -d ' \n:' | head -n1 > d.hex
 
    # Write the key to OTP
-   rpi-otp-private-key -w $(cat d.hex)
+   rpi-otp-private-key -w \$(cat d.hex)
 
    IMPORTANT: Raspberry Pi 5 and earlier revisions do not have a hardware secure key store
    so the raw OTP values are potentially readable by processes with root-privileges.