Merge remote-tracking branch 'pitowers/master' into pios/trixie

* pitowers/master:
  Add link to old 2712 EEPROM images to releases.md page
  pieeprom-2025-08-27: 2712:  Fix PARTITION property to allow default (0) partition to be overridden (latest)
  pieeprom-2025-08-27: 2711: Fix PARTITION property to allow default (0) partition property to be overridden (latest)
  rpi-otp-private-key: Fix missing escape character in usage text

firmware-2711/release-notes.md

@@ -1,5 +1,25 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
+## 2025-08-27: Fix PARTITION property to allow default (0) partition to be overridden (latest)
+
+* Fix PARTITION property to allow default (0) partition to be overridden
+  Fix the partition selection to allow the bootloader PARTITION
+  property to override the reboot partition number if the reboot
+  argument is 0 or > 31. Previously, it was only allowing
+  partition numbers > 31 to be overridden.
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/743
+* Enable RPIBOOT in BOOT_ORDER / set-reboot-order
+  Previously, rpiboot required the bootrom to have initialised
+  rpiboot before running the firmware. Update the rpiboot
+  initialisation so that rpiboot to be enabled after booting from
+  SPI flash.
+  This could be selectively enabled by setting BOOT_ORDER property
+  (0x3) behind a GPIO conditional in the EEPROM config. On Pi5, the
+  set_reboot_order config.txt option or mailbox property can be
+  used to set a one-time boot-order on
+  N.B. There is no timeout for RPIBOOT so this should only be set
+  as the last boot mode OR used with a boot_watchdog.
+
 ## 2025-08-20: Fix PARTITION_WALK for missing start.elf files (latest)
 
 * Fix PARTITION_WALK for missing start.elf files

firmware-2712/release-notes.md

@@ -1,5 +1,25 @@
 # Raspberry Pi5 bootloader EEPROM release notes
 
+## 2025-08-27: Fix PARTITION property to allow default (0) partition to be overridden (latest)
+
+* Fix PARTITION property to allow default (0) partition to be overridden
+  Fix the partition selection to allow the bootloader PARTITION
+  property to override the reboot partition number if the reboot
+  argument is 0 or > 31. Previously, it was only allowing
+  partition numbers > 31 to be overridden.
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/743
+* Enable RPIBOOT in BOOT_ORDER / set-reboot-order
+  Previously, rpiboot required the bootrom to have initialised
+  rpiboot before running the firmware. Update the rpiboot
+  initialisation so that rpiboot to be enabled after booting from
+  SPI flash.
+  This could be selectively enabled by setting BOOT_ORDER property
+  (0x3) behind a GPIO conditional in the EEPROM config. On Pi5, the
+  set_reboot_order config.txt option or mailbox property can be
+  used to set a one-time boot-order on
+  N.B. There is no timeout for RPIBOOT so this should only be set
+  as the last boot mode OR used with a boot_watchdog.
+
 ## 2025-08-20: force_eeprom_read=0 disables HAT I2C (latest)
 
 * force_eeprom_read=0 disables HAT I2C

releases.md

@@ -14,5 +14,6 @@ For support or hardware interoperability discussions please use the Raspberry Pi
 ## Old EEPROM images
 Old bootloader images are periodically removed from the APT package to reduce the disk space but are still available via Github 
 * Old [BCM2711 releases](https://github.com/raspberrypi/rpi-eeprom/tree/master/firmware-2711/old).
+* Old [BCM2712 releases](https://github.com/raspberrypi/rpi-eeprom/tree/master/firmware-2712/old).
 
 **Old releases may fail to boot on newer hardware revisions.**

tools/rpi-otp-private-key

@@ -47,7 +47,7 @@ usage() {
    openssl ec -in private_key.pem -text -noout | awk '/priv:/{flag=1; next} /pub:/{flag=0} flag' | tr -d ' \n:' | head -n1 > d.hex
 
    # Write the key to OTP
-   rpi-otp-private-key -w $(cat d.hex)
+   rpi-otp-private-key -w \$(cat d.hex)
 
    IMPORTANT: Raspberry Pi 5 and earlier revisions do not have a hardware secure key store
    so the raw OTP values are potentially readable by processes with root-privileges.