rpi-eeprom-config: Process bootcode arg with other file replacements

It should be possible to change the config, public key, signature and signed bootcode in a single operation.
2026-01-20 21:13:36 +08:00 · 2024-04-17 08:35:37 +01:00
parent ca7a39efe9
commit a2fb4ed28d
1 changed files with 12 additions and 9 deletions
--- a/21
+++ b/21
@@ -510,7 +510,7 @@ Operating modes:
   The configuration file will be taken from:
       * The blconfig reserved memory nvmem device
       * The cached bootloader configuration 'vcgencmd bootloader_config'
-       * The current pending update - typically /boot/pieeprom.upd
+       * The current pending update - typically /boot/firmware/pieeprom.upd

   sudo -E rpi-eeprom-config --edit [pieeprom.bin]

@@ -524,8 +524,7 @@ Operating modes:
   the corresponding RSA public key.

   Requires Python Cryptodomex libraries and OpenSSL. To install on Raspberry Pi OS run:-
-   sudo apt install openssl python-pip
-   sudo python3 -m pip install cryptodomex
+   sudo apt install python3-pycryptodome

   rpi-eeprom-digest -k private.pem -i bootconf.txt -o bootconf.sig
   rpi-eeprom-config --config bootconf.txt --digest bootconf.sig --pubkey public.pem --out pieeprom-signed.bin pieeprom.bin
@@ -571,10 +570,15 @@ See 'rpi-eeprom-update -h' for more information about the available EEPROM image
        image = BootloaderImage(args.eeprom, args.out)
        if args.timestamp is not None:
            image.set_timestamp(args.timestamp)
+
        if args.bootcode is not None:
            image.update_file(args.bootcode, BOOTCODE_BIN)
-            image.write()
-        elif args.config is not None:
+
+        if args.cacertder is not None:
+            image.update_file(args.cacertder, CACERT_DER)
+
+        if args.config is not None:
+            # The public key, EEPROM config and signature should be set together
            if not os.path.exists(args.config):
                exit_error("config file '%s' not found" % args.config)
            image.update_file(args.config, BOOTCONF_TXT)
@@ -582,10 +586,9 @@ See 'rpi-eeprom-update -h' for more information about the available EEPROM image
                image.update_file(args.digest, BOOTCONF_SIG)
            if args.pubkey is not None:
                image.update_key(args.pubkey, PUBKEY_BIN)
-            if args.cacertder is not None:
-                image.update_file(args.cacertder, CACERT_DER)
-            image.write()
-        elif args.config is None and args.timestamp is not None:
+
+        if args.config is not None or args.timestamp is not None or args.bootcode is not None or args.cacertder is not None:
+            debug("Writing image")
            image.write()
        else:
            image.read()