diff --git a/firmware/beta/pieeprom-2020-07-16.bin b/firmware/beta/pieeprom-2020-07-16.bin deleted file mode 100644 index ca9a262..0000000 Binary files a/firmware/beta/pieeprom-2020-07-16.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2020-07-31.bin b/firmware/beta/pieeprom-2020-07-31.bin deleted file mode 100644 index 5345ca9..0000000 Binary files a/firmware/beta/pieeprom-2020-07-31.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2020-09-03.bin b/firmware/beta/pieeprom-2020-09-03.bin deleted file mode 100644 index c49bb5c..0000000 Binary files a/firmware/beta/pieeprom-2020-09-03.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2020-10-02.bin b/firmware/beta/pieeprom-2020-10-02.bin deleted file mode 100644 index 9ad8bbf..0000000 Binary files a/firmware/beta/pieeprom-2020-10-02.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2020-10-28.bin b/firmware/beta/pieeprom-2020-10-28.bin deleted file mode 100644 index fe2a492..0000000 Binary files a/firmware/beta/pieeprom-2020-10-28.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2020-11-24.bin b/firmware/beta/pieeprom-2020-11-24.bin deleted file mode 100644 index c171b8d..0000000 Binary files a/firmware/beta/pieeprom-2020-11-24.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2020-12-11.bin b/firmware/beta/pieeprom-2020-12-11.bin deleted file mode 100644 index 4906473..0000000 Binary files a/firmware/beta/pieeprom-2020-12-11.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2021-01-05.bin b/firmware/beta/pieeprom-2021-01-05.bin deleted file mode 100644 index 77db96d..0000000 Binary files a/firmware/beta/pieeprom-2021-01-05.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2021-01-11.bin b/firmware/beta/pieeprom-2021-01-11.bin deleted file mode 100644 index 170bfea..0000000 Binary files a/firmware/beta/pieeprom-2021-01-11.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2021-01-16.bin b/firmware/beta/pieeprom-2021-01-16.bin deleted file mode 100644 index 72ca170..0000000 Binary files a/firmware/beta/pieeprom-2021-01-16.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2021-02-16.bin b/firmware/beta/pieeprom-2021-02-16.bin deleted file mode 100644 index 7413a3f..0000000 Binary files a/firmware/beta/pieeprom-2021-02-16.bin and /dev/null differ diff --git a/firmware/beta/pieeprom-2022-04-26.bin b/firmware/beta/pieeprom-2022-04-26.bin new file mode 100644 index 0000000..01000ad Binary files /dev/null and b/firmware/beta/pieeprom-2022-04-26.bin differ diff --git a/firmware/beta/pieeprom-2022-05-20.bin b/firmware/beta/pieeprom-2022-05-20.bin new file mode 100644 index 0000000..bb3a113 Binary files /dev/null and b/firmware/beta/pieeprom-2022-05-20.bin differ diff --git a/firmware/beta/pieeprom-2022-07-14.bin b/firmware/beta/pieeprom-2022-07-14.bin new file mode 100644 index 0000000..3a8eec3 Binary files /dev/null and b/firmware/beta/pieeprom-2022-07-14.bin differ diff --git a/firmware/beta/pieeprom-2022-07-19.bin b/firmware/beta/pieeprom-2022-07-19.bin new file mode 100644 index 0000000..79a1107 Binary files /dev/null and b/firmware/beta/pieeprom-2022-07-19.bin differ diff --git a/firmware/beta/pieeprom-2022-07-22.bin b/firmware/beta/pieeprom-2022-07-22.bin new file mode 100644 index 0000000..7d6b091 Binary files /dev/null and b/firmware/beta/pieeprom-2022-07-22.bin differ diff --git a/firmware/beta/pieeprom-2022-07-26.bin b/firmware/beta/pieeprom-2022-07-26.bin new file mode 100644 index 0000000..4cc2fd1 Binary files /dev/null and b/firmware/beta/pieeprom-2022-07-26.bin differ diff --git a/firmware/beta/pieeprom-2022-08-02.bin b/firmware/beta/pieeprom-2022-08-02.bin new file mode 100644 index 0000000..a3831cf Binary files /dev/null and b/firmware/beta/pieeprom-2022-08-02.bin differ diff --git a/firmware/beta/pieeprom-2022-09-02.bin b/firmware/beta/pieeprom-2022-09-02.bin new file mode 100644 index 0000000..90a2b2b Binary files /dev/null and b/firmware/beta/pieeprom-2022-09-02.bin differ diff --git a/firmware/beta/pieeprom-2022-10-03.bin b/firmware/beta/pieeprom-2022-10-03.bin new file mode 100644 index 0000000..8768a13 Binary files /dev/null and b/firmware/beta/pieeprom-2022-10-03.bin differ diff --git a/firmware/beta/pieeprom-2022-10-06.bin b/firmware/beta/pieeprom-2022-10-06.bin new file mode 100644 index 0000000..ac85c0a Binary files /dev/null and b/firmware/beta/pieeprom-2022-10-06.bin differ diff --git a/firmware/beta/pieeprom-2022-10-12.bin b/firmware/beta/pieeprom-2022-10-12.bin new file mode 100644 index 0000000..108c4ed Binary files /dev/null and b/firmware/beta/pieeprom-2022-10-12.bin differ diff --git a/firmware/beta/pieeprom-2022-10-18.bin b/firmware/beta/pieeprom-2022-10-18.bin new file mode 100644 index 0000000..38a004b Binary files /dev/null and b/firmware/beta/pieeprom-2022-10-18.bin differ diff --git a/firmware/beta/pieeprom-2022-11-02.bin b/firmware/beta/pieeprom-2022-11-02.bin new file mode 100644 index 0000000..0e082d1 Binary files /dev/null and b/firmware/beta/pieeprom-2022-11-02.bin differ diff --git a/firmware/beta/pieeprom-2022-11-04.bin b/firmware/beta/pieeprom-2022-11-04.bin new file mode 100644 index 0000000..775647d Binary files /dev/null and b/firmware/beta/pieeprom-2022-11-04.bin differ diff --git a/firmware/beta/pieeprom-2022-11-25.bin b/firmware/beta/pieeprom-2022-11-25.bin new file mode 100644 index 0000000..f6f95b0 Binary files /dev/null and b/firmware/beta/pieeprom-2022-11-25.bin differ diff --git a/firmware/beta/pieeprom-2022-12-07.bin b/firmware/beta/pieeprom-2022-12-07.bin new file mode 100644 index 0000000..8cbbf27 Binary files /dev/null and b/firmware/beta/pieeprom-2022-12-07.bin differ diff --git a/firmware/beta/pieeprom-2023-01-04.bin b/firmware/beta/pieeprom-2023-01-04.bin new file mode 100644 index 0000000..a7df899 Binary files /dev/null and b/firmware/beta/pieeprom-2023-01-04.bin differ diff --git a/firmware/beta/recovery.bin b/firmware/beta/recovery.bin index 4f014aa..60eec96 100644 Binary files a/firmware/beta/recovery.bin and b/firmware/beta/recovery.bin differ diff --git a/firmware/beta/vl805-000138c0.bin b/firmware/beta/vl805-000138c0.bin new file mode 100644 index 0000000..f9caa03 Binary files /dev/null and b/firmware/beta/vl805-000138c0.bin differ diff --git a/firmware/critical/pieeprom-2022-04-26.bin b/firmware/critical/pieeprom-2022-04-26.bin new file mode 100644 index 0000000..01000ad Binary files /dev/null and b/firmware/critical/pieeprom-2022-04-26.bin differ diff --git a/firmware/critical/pieeprom-2022-11-25.bin b/firmware/critical/pieeprom-2022-11-25.bin new file mode 100644 index 0000000..f6f95b0 Binary files /dev/null and b/firmware/critical/pieeprom-2022-11-25.bin differ diff --git a/firmware/critical/pieeprom-2022-12-07.bin b/firmware/critical/pieeprom-2022-12-07.bin new file mode 100644 index 0000000..8cbbf27 Binary files /dev/null and b/firmware/critical/pieeprom-2022-12-07.bin differ diff --git a/firmware/critical/recovery.bin b/firmware/critical/recovery.bin index b5f0a18..58b3732 100644 Binary files a/firmware/critical/recovery.bin and b/firmware/critical/recovery.bin differ diff --git a/firmware/beta/pieeprom-2021-03-04.bin b/firmware/old/beta/pieeprom-2021-03-04.bin similarity index 100% rename from firmware/beta/pieeprom-2021-03-04.bin rename to firmware/old/beta/pieeprom-2021-03-04.bin diff --git a/firmware/beta/pieeprom-2021-03-17.bin b/firmware/old/beta/pieeprom-2021-03-17.bin similarity index 100% rename from firmware/beta/pieeprom-2021-03-17.bin rename to firmware/old/beta/pieeprom-2021-03-17.bin diff --git a/firmware/beta/pieeprom-2021-05-19.bin b/firmware/old/beta/pieeprom-2021-05-19.bin similarity index 100% rename from firmware/beta/pieeprom-2021-05-19.bin rename to firmware/old/beta/pieeprom-2021-05-19.bin diff --git a/firmware/beta/pieeprom-2021-06-11.bin b/firmware/old/beta/pieeprom-2021-06-11.bin similarity index 100% rename from firmware/beta/pieeprom-2021-06-11.bin rename to firmware/old/beta/pieeprom-2021-06-11.bin diff --git a/firmware/beta/pieeprom-2021-06-17.bin b/firmware/old/beta/pieeprom-2021-06-17.bin similarity index 100% rename from firmware/beta/pieeprom-2021-06-17.bin rename to firmware/old/beta/pieeprom-2021-06-17.bin diff --git a/firmware/beta/pieeprom-2021-06-25.bin b/firmware/old/beta/pieeprom-2021-06-25.bin similarity index 100% rename from firmware/beta/pieeprom-2021-06-25.bin rename to firmware/old/beta/pieeprom-2021-06-25.bin diff --git a/firmware/beta/pieeprom-2021-07-06.bin b/firmware/old/beta/pieeprom-2021-07-06.bin similarity index 100% rename from firmware/beta/pieeprom-2021-07-06.bin rename to firmware/old/beta/pieeprom-2021-07-06.bin diff --git a/firmware/beta/pieeprom-2021-09-23.bin b/firmware/old/beta/pieeprom-2021-09-23.bin similarity index 100% rename from firmware/beta/pieeprom-2021-09-23.bin rename to firmware/old/beta/pieeprom-2021-09-23.bin diff --git a/firmware/beta/pieeprom-2021-09-27.bin b/firmware/old/beta/pieeprom-2021-09-27.bin similarity index 100% rename from firmware/beta/pieeprom-2021-09-27.bin rename to firmware/old/beta/pieeprom-2021-09-27.bin diff --git a/firmware/beta/pieeprom-2021-10-04.bin b/firmware/old/beta/pieeprom-2021-10-04.bin similarity index 100% rename from firmware/beta/pieeprom-2021-10-04.bin rename to firmware/old/beta/pieeprom-2021-10-04.bin diff --git a/firmware/beta/pieeprom-2021-10-05.bin b/firmware/old/beta/pieeprom-2021-10-05.bin similarity index 100% rename from firmware/beta/pieeprom-2021-10-05.bin rename to firmware/old/beta/pieeprom-2021-10-05.bin diff --git a/firmware/beta/pieeprom-2021-10-27.bin b/firmware/old/beta/pieeprom-2021-10-27.bin similarity index 100% rename from firmware/beta/pieeprom-2021-10-27.bin rename to firmware/old/beta/pieeprom-2021-10-27.bin diff --git a/firmware/beta/pieeprom-2021-11-22.bin b/firmware/old/beta/pieeprom-2021-11-22.bin similarity index 100% rename from firmware/beta/pieeprom-2021-11-22.bin rename to firmware/old/beta/pieeprom-2021-11-22.bin diff --git a/firmware/beta/pieeprom-2021-12-02.bin b/firmware/old/beta/pieeprom-2021-12-02.bin similarity index 100% rename from firmware/beta/pieeprom-2021-12-02.bin rename to firmware/old/beta/pieeprom-2021-12-02.bin diff --git a/firmware/beta/pieeprom-2022-01-20.bin b/firmware/old/beta/pieeprom-2022-01-20.bin similarity index 100% rename from firmware/beta/pieeprom-2022-01-20.bin rename to firmware/old/beta/pieeprom-2022-01-20.bin diff --git a/firmware/beta/pieeprom-2022-01-25.bin b/firmware/old/beta/pieeprom-2022-01-25.bin similarity index 100% rename from firmware/beta/pieeprom-2022-01-25.bin rename to firmware/old/beta/pieeprom-2022-01-25.bin diff --git a/firmware/beta/pieeprom-2022-02-04.bin b/firmware/old/beta/pieeprom-2022-02-04.bin similarity index 100% rename from firmware/beta/pieeprom-2022-02-04.bin rename to firmware/old/beta/pieeprom-2022-02-04.bin diff --git a/firmware/beta/pieeprom-2022-02-16.bin b/firmware/old/beta/pieeprom-2022-02-16.bin similarity index 100% rename from firmware/beta/pieeprom-2022-02-16.bin rename to firmware/old/beta/pieeprom-2022-02-16.bin diff --git a/firmware/beta/pieeprom-2022-02-28.bin b/firmware/old/beta/pieeprom-2022-02-28.bin similarity index 100% rename from firmware/beta/pieeprom-2022-02-28.bin rename to firmware/old/beta/pieeprom-2022-02-28.bin diff --git a/firmware/beta/pieeprom-2022-03-10.bin b/firmware/old/beta/pieeprom-2022-03-10.bin similarity index 100% rename from firmware/beta/pieeprom-2022-03-10.bin rename to firmware/old/beta/pieeprom-2022-03-10.bin diff --git a/firmware/old/beta/pieeprom-2022-04-14.bin b/firmware/old/beta/pieeprom-2022-04-14.bin new file mode 100644 index 0000000..0f17d89 Binary files /dev/null and b/firmware/old/beta/pieeprom-2022-04-14.bin differ diff --git a/firmware/release-notes.md b/firmware/release-notes.md index 0062704..8d5272d 100644 --- a/firmware/release-notes.md +++ b/firmware/release-notes.md @@ -1,5 +1,108 @@ # Raspberry Pi4 bootloader EEPROM release notes +## 2023-01-12 - Promote previous BETA release to STABLE + * Sign the 2023-01-04 release with the secure-boot ROM key and release + as pieeprom-2023-01-11.bin + +## 2023-01-04 - VL805 firmware update - BETA + * Update VL805 to 138C0 - fix for handling of split transactions + https://github.com/raspberrypi/linux/pull/5262 + * Fix HID error handling with network install + https://github.com/raspberrypi/rpi-eeprom/issues/458 + +## 2022-12-07 - Fix SD voltage reset on Pi4 R1.1 (DEFAULT/STABLE/BETA). + * Fix issue where SD voltage was not reset by power cycling PMIC on reboot. + See https://github.com/raspberrypi/firmware/issues/1763 + +## 2022-12-01 - Promote pieeprom-2022-11-25 to the DEFAULT release. +Interesting changes since the last default release + * [tryboot] conditional statement + tryboot_a_b mode + * Support custom OTP mac addresses + * Increase TFTP_MAX_BLOCK_SIZE + * Stop NVMe cleanly + * Fixes for NETCONSOLE parsing and initialisation. + * Long filename support for start_file / fixup_file. + * Secure boot and display debug info on the diagnostis screen. + +## 2022-11-25 - Fix unconfigured netconsole messages - BETA + STABLE + * Fix unconfigured netconsole messages https://github.com/raspberrypi/rpi-eeprom/issues/452 + * Add display state to HDMI diagnostics screen + +## 2022-11-04 - Fix secure boot issue - BETA + STABLE + * Fix an OOM issue that was causing secure boot to fail (but not from RPIBOOT) + +## 2022-11-02 - Add option to use Customer OTP for MAC address - BETA + * Add a new EEPROM property that allows the Ethernet MAC address + programmed during manufacture to be overridden a value in the + Customer OTP register. + + MAC_ADDRESS_OTP=A,B + where A and B are the customer row numbers (0..7) + +## 2022-10-20 - Promote pieeprom-2022-10-18 BETA release to stable + +## 2022-10-18 - Tryboot enhancements for A/B partition booting - BETA + * Add support for a [tryboot] conditional statement in config files. + * Load config.txt instead of tryboot.txt if tryboot_a_b=1 in autoboot.txt + * Fix failover to partition 1 if the `boot_partition` points to non-bootable partition. + * Enable `autoboot.txt` in secure-boot mode. + +## 2022-10-12 - Fix USB boot regression - BETA + * Reduce size of USB transfer + +## 2022-10-06 - Fix issue with screen display - BETA + * Fix issue with the bootloader display not being cleared properly + +## 2022-10-03 - Add pieeprom-2022-10-03.bin - BETA + * Increase the size of USB in-transfers + * Increase TFTP_MAX_BLOCKSIZE to 1468 + * stop NVMe cleanly + +## 2022-09-02 - Add pieeprom-2022-09-02 - BETA + STABLE + * Parse target MAC address in NETCONSOLE property https://github.com/raspberrypi/rpi-eeprom/issues/440 + +## 2022-08-02 - Add pieeprom-2022-08-02 - BETA + STABLE + * Display the secure-boot configuration on the diagnostics screen + if secure-boot is enabled. + See https://www.raspberrypi.com/documentation/computers/configuration.html#bcm2711-bootloader-properties-chosenbootloader + * Toggle SD power at boot to reset card-state after ROM SD probe. + +## 2022-07-26 - Add pieeprom-2022-07-26 - BETA + STABLE + * Fix FAT issue https://github.com/raspberrypi/rpi-eeprom/issues/438 + +## 2022-07-22 - Add pieeprom-2022-07-22 - BETA + STABLE + * NVMe fix large file reads - see https://github.com/raspberrypi/firmware/issues/1731 + The firmware fix is also relevant for the bootloader when loading + large boot.img files. + +## 2022-07-19 - Add pieeprom-2022-07-19 - STABLE + * Enable secure-boot on the 2022-07-14 beta release and promote to stable. + +## 2022-07-14 - Add pieeprom-2022-07-14 - BETA + * Enable long-filenames & sub-directories for start_file & fixup_file. + Use Unix path separators with a maximum path of 255 characters. + Relative paths (. or ..) are not supported. + +## 2022-05-20 - Add pieeprom-2022-05-20 - BETA + * Reduce boot-time when network install is disabled NET_INSTALL_ENABLED=0. + * Switch to the newer SDIO HC and increase SPI clock speed. + +## 2022-04-27 - Promote pieeprom-2022-04-26 to the DEFAULT release + * Enable Network Install in the default bootloader release. + * This release is signed with the secure-boot key and supports + the new HTTP boot-order for downloading signed boot images for + automated provisioning systems. + +## 2022-04-22 - Add pieeprom-2022-04-26 release - STABLE/BETA + * Release pieeprom-2022-04-22 signed with the secure-boot key so that + network install can be used on secure-boot devices. + +## 2022-04-22 - Add pieeprom-2022-04-22 release - BETA + * Fix netboot reboot failure on Pi 4B R1.1 if OS enables IDDQ power saving + https://github.com/raspberrypi/rpi-eeprom/issues/417 + * Fix incorrect error code (configuration error) on EEPROM update failure. + * Enable more verbose errors for EEPROM update failures. + ## 2022-03-10 - Promote the 2022-03-10 beta release to LATEST/STABLE * Includes new net install feature, enabled by default for Pi 4 and Pi 400 * New net install download screen may appear on boot if a boot location can't diff --git a/firmware/stable/pieeprom-2022-04-26.bin b/firmware/stable/pieeprom-2022-04-26.bin new file mode 100644 index 0000000..01000ad Binary files /dev/null and b/firmware/stable/pieeprom-2022-04-26.bin differ diff --git a/firmware/stable/pieeprom-2022-07-19.bin b/firmware/stable/pieeprom-2022-07-19.bin new file mode 100644 index 0000000..79a1107 Binary files /dev/null and b/firmware/stable/pieeprom-2022-07-19.bin differ diff --git a/firmware/stable/pieeprom-2022-07-22.bin b/firmware/stable/pieeprom-2022-07-22.bin new file mode 100644 index 0000000..7d6b091 Binary files /dev/null and b/firmware/stable/pieeprom-2022-07-22.bin differ diff --git a/firmware/stable/pieeprom-2022-07-26.bin b/firmware/stable/pieeprom-2022-07-26.bin new file mode 100644 index 0000000..4cc2fd1 Binary files /dev/null and b/firmware/stable/pieeprom-2022-07-26.bin differ diff --git a/firmware/stable/pieeprom-2022-08-02.bin b/firmware/stable/pieeprom-2022-08-02.bin new file mode 100644 index 0000000..a3831cf Binary files /dev/null and b/firmware/stable/pieeprom-2022-08-02.bin differ diff --git a/firmware/stable/pieeprom-2022-09-02.bin b/firmware/stable/pieeprom-2022-09-02.bin new file mode 100644 index 0000000..90a2b2b Binary files /dev/null and b/firmware/stable/pieeprom-2022-09-02.bin differ diff --git a/firmware/stable/pieeprom-2022-10-18.bin b/firmware/stable/pieeprom-2022-10-18.bin new file mode 100644 index 0000000..38a004b Binary files /dev/null and b/firmware/stable/pieeprom-2022-10-18.bin differ diff --git a/firmware/stable/pieeprom-2022-11-04.bin b/firmware/stable/pieeprom-2022-11-04.bin new file mode 100644 index 0000000..775647d Binary files /dev/null and b/firmware/stable/pieeprom-2022-11-04.bin differ diff --git a/firmware/stable/pieeprom-2022-11-25.bin b/firmware/stable/pieeprom-2022-11-25.bin new file mode 100644 index 0000000..f6f95b0 Binary files /dev/null and b/firmware/stable/pieeprom-2022-11-25.bin differ diff --git a/firmware/stable/pieeprom-2022-12-07.bin b/firmware/stable/pieeprom-2022-12-07.bin new file mode 100644 index 0000000..8cbbf27 Binary files /dev/null and b/firmware/stable/pieeprom-2022-12-07.bin differ diff --git a/firmware/stable/pieeprom-2023-01-11.bin b/firmware/stable/pieeprom-2023-01-11.bin new file mode 100644 index 0000000..c8002b6 Binary files /dev/null and b/firmware/stable/pieeprom-2023-01-11.bin differ diff --git a/firmware/stable/recovery.bin b/firmware/stable/recovery.bin index 4f014aa..ff94284 100644 Binary files a/firmware/stable/recovery.bin and b/firmware/stable/recovery.bin differ diff --git a/firmware/stable/vl805-000138c0.bin b/firmware/stable/vl805-000138c0.bin new file mode 100644 index 0000000..f9caa03 Binary files /dev/null and b/firmware/stable/vl805-000138c0.bin differ diff --git a/imager/make-imager-release b/imager/make-imager-release index dd19d4a..dfe28e3 100755 --- a/imager/make-imager-release +++ b/imager/make-imager-release @@ -4,4 +4,4 @@ set -e script_dir=$(cd "$(dirname "$0")" && pwd) -${script_dir}/make-release critical 2022-01-25 000138a1 "${script_dir}" release rpi-boot-eeprom-recovery +${script_dir}/make-release critical 2022-12-07 000138a1 "${script_dir}" release rpi-boot-eeprom-recovery diff --git a/imager/make-recovery-images b/imager/make-recovery-images index 731253e..a53c27f 100755 --- a/imager/make-recovery-images +++ b/imager/make-recovery-images @@ -47,7 +47,10 @@ EOF mount "${LOOP}" fs cp -v files/* fs sync + sleep 5 umount fs + # Delay before calling kpartx otherwise it's sometimes possible to get orphaned loopback devices + sleep 5 kpartx -dv temp.img ) mkdir -p images @@ -60,3 +63,4 @@ EOF rm "images/${img}" chown "${SUDO_UID}:${SUDO_GID}" "images/${src}" done +echo "Wrote images for rpi-imager to $(pwd)/images/${src}" diff --git a/releases.md b/releases.md index e804d49..849b183 100644 --- a/releases.md +++ b/releases.md @@ -6,7 +6,7 @@ bootloader is automatically updated after an APT update via the [rpi-eeprom-upda Release notes are available [here](https://github.com/raspberrypi/rpi-eeprom/blob/master/firmware/release-notes.md). ## Default release -The default production EEPROM image release is [2020-09-03](https://github.com/raspberrypi/rpi-eeprom/releases/tag/v2020.09.03-138a1) and can be installed via the [Raspberry Pi Imager](https://www.raspberrypi.org/downloads/). +The default production EEPROM image release is [2022-11-25](https://github.com/raspberrypi/rpi-eeprom/releases/tag/v2022.11.25-138a1) and can be installed via the [Raspberry Pi Imager](https://www.raspberrypi.com/software/). ## USB MSD boot Please see the [USB mass storage boot](https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#usb-mass-storage-boot) guide. diff --git a/rpi-eeprom-config b/rpi-eeprom-config index 2eaf252..a5dd19f 100755 --- a/rpi-eeprom-config +++ b/rpi-eeprom-config @@ -16,9 +16,6 @@ import time IMAGE_SIZE = 512 * 1024 -# Larger files won't with with "vcgencmd bootloader_config" -MAX_FILE_SIZE = 2024 -ALIGN_SIZE = 4096 BOOTCONF_TXT = 'bootconf.txt' BOOTCONF_SIG = 'bootconf.sig' PUBKEY_BIN = 'pubkey.bin' @@ -39,6 +36,11 @@ FILE_HDR_LEN = 20 FILENAME_LEN = 12 TEMP_DIR = None +# Modifiable files are stored in a single 4K erasable sector. +# The max content 4076 bytes because of the file header. +ERASE_ALIGN_SIZE = 4096 +MAX_FILE_SIZE = ERASE_ALIGN_SIZE - FILE_HDR_LEN + DEBUG = False def debug(s): if DEBUG: @@ -221,7 +223,7 @@ class ImageSection: self.offset = offset self.length = length self.filename = filename - debug("ImageSection %x %x %x %s" % (magic, offset, length, filename)) + debug("ImageSection %x offset %d length %d %s" % (magic, offset, length, filename)) class BootloaderImage(object): def __init__(self, filename, output=None): @@ -250,7 +252,6 @@ class BootloaderImage(object): """ offset = 0 magic = 0 - found = False while offset < IMAGE_SIZE: magic, length = struct.unpack_from('>LL', self._bytes, offset) if magic == 0x0 or magic == 0xffffffff: @@ -262,6 +263,7 @@ class BootloaderImage(object): if magic == FILE_MAGIC: # Found a file # Discard trailing null characters used to pad filename filename = self._bytes[offset + 8: offset + FILE_HDR_LEN].decode('utf-8').replace('\0', '') + debug("section at %d length %d magic %08x %s" % (offset, length, magic, filename)) self._sections.append(ImageSection(magic, offset, length, filename)) offset += 8 + length # length + type @@ -272,26 +274,46 @@ class BootloaderImage(object): Returns the offset, length and whether this is the last section in the EEPROM for a modifiable file within the image. """ - ret = (-1, -1, False) + offset = -1 + length = -1 + is_last = False + + next_offset = IMAGE_SIZE - ERASE_ALIGN_SIZE # Don't create padding inside the bootloader scratch page for i in range(0, len(self._sections)): s = self._sections[i] if s.magic == FILE_MAGIC and s.filename == filename: is_last = (i == len(self._sections) - 1) - ret = (s.offset, s.length, is_last) + offset = s.offset + length = s.length break - debug('%s offset %d length %d last %s' % (filename, ret[0], ret[1], ret[2])) + + # Find the start of the next non padding section + i += 1 + while i < len(self._sections): + if self._sections[i].magic == PAD_MAGIC: + i += 1 + else: + next_offset = self._sections[i].offset + break + ret = (offset, length, is_last, next_offset) + debug('%s offset %d length %d is-last %d next %d' % (filename, ret[0], ret[1], ret[2], ret[3])) return ret def update(self, src_bytes, dst_filename): """ Replaces a modifiable file with specified byte array. """ - hdr_offset, length, is_last = self.find_file(dst_filename) + hdr_offset, length, is_last, next_offset = self.find_file(dst_filename) + update_len = len(src_bytes) + FILE_HDR_LEN + + if hdr_offset + update_len > IMAGE_SIZE - ERASE_ALIGN_SIZE: + raise Exception('No space available - image past EOF.') + if hdr_offset < 0: raise Exception('Update target %s not found' % dst_filename) - if hdr_offset + len(src_bytes) + FILE_HDR_LEN > IMAGE_SIZE: - raise Exception('EEPROM image size exceeded') + if hdr_offset + update_len > next_offset: + raise Exception('Update %d bytes is larger than section size %d' % (update_len, next_offset - hdr_offset)) new_len = len(src_bytes) + FILENAME_LEN + 4 struct.pack_into('>L', self._bytes, hdr_offset + 4, new_len) @@ -312,7 +334,7 @@ class BootloaderImage(object): # by convention bootconf.txt is the last section and there's no need to # pad to the end of the sector. This also ensures that the loopback # config read/write tests produce identical binaries. - pad_bytes = ALIGN_SIZE - (pad_start % ALIGN_SIZE) + pad_bytes = next_offset - pad_start if pad_bytes > 8 and not is_last: pad_bytes -= 8 struct.pack_into('>i', self._bytes, pad_start, PAD_MAGIC) @@ -358,10 +380,17 @@ class BootloaderImage(object): sys.stdout.write(self._bytes) def get_file(self, filename): - hdr_offset, length, is_last = self.find_file(filename) + hdr_offset, length, is_last, next_offset = self.find_file(filename) offset = hdr_offset + 4 + FILE_HDR_LEN - config_bytes = self._bytes[offset:offset+length-FILENAME_LEN-4] - return config_bytes + file_bytes = self._bytes[offset:offset+length-FILENAME_LEN-4] + return file_bytes + + def extract_files(self): + for i in range(0, len(self._sections)): + s = self._sections[i] + if s.magic == FILE_MAGIC: + file_bytes = self.get_file(s.filename) + open(s.filename, 'wb').write(file_bytes) def read(self): config_bytes = self.get_file('bootconf.txt') @@ -457,6 +486,7 @@ See 'rpi-eeprom-update -h' for more information about the available EEPROM image parser.add_argument('-o', '--out', help='Name of output file', required=False) parser.add_argument('-d', '--digest', help='Signed boot only. The name of the .sig file generated by rpi-eeprom-dgst for config.txt ', required=False) parser.add_argument('-p', '--pubkey', help='Signed boot only. The name of the RSA public key file to store in the EEPROM', required=False) + parser.add_argument('-x', '--extract', action='store_true', default=False, help='Extract the modifiable files (boot.conf, pubkey, signature)', required=False) parser.add_argument('eeprom', nargs='?', help='Name of EEPROM file to use as input') args = parser.parse_args() @@ -468,6 +498,9 @@ See 'rpi-eeprom-update -h' for more information about the available EEPROM image if args.edit: edit_config(args.eeprom) + elif args.eeprom is not None and args.extract: + image = BootloaderImage(args.eeprom, args.out) + image.extract_files() elif args.apply is not None: if not os.path.exists(args.apply): exit_error("config file '%s' not found" % args.apply) diff --git a/rpi-eeprom-digest b/rpi-eeprom-digest index fb638f0..3499752 100755 --- a/rpi-eeprom-digest +++ b/rpi-eeprom-digest @@ -16,7 +16,7 @@ die() { TMP_DIR="" cleanup() { - if [ -f "${TMP_DIR}" ]; then + if [ -d "${TMP_DIR}" ]; then rm -rf "${TMP_DIR}" fi } @@ -26,15 +26,15 @@ checkDependencies() { die "sha256sum not found. Try installing the coreutilities package." fi - if [ -n "${KEY}" ]; then - if ! command -v ${OPENSSL} > /dev/null; then - die "${OPENSSL} not found. Try installing the openssl package." - fi + if [ -n "${KEY}" ] || [ "${VERIFY}" = 1 ]; then + if ! command -v openssl > /dev/null; then + die "openssl not found. Try installing the openssl package." + fi - if ! command -v xxd > /dev/null; then - die "xxd not found. Try installing the xxd package." - fi - fi + if ! command -v xxd > /dev/null; then + die "xxd not found. Try installing the xxd package." + fi + fi } usage() { @@ -59,18 +59,49 @@ The bootloader only verifies RSA signatures in signed boot mode Examples: # Generate RSA signature for the EEPROM config file. -rpi-eeprom-digest -k key.pem -i bootconf.txt -o bootconf.sig +rpi-eeprom-digest -k private.pem -i bootconf.txt -o bootconf.sig # Generate the normal sha256 hash to guard against file-system corruption rpi-eeprom-digest -i pieeprom.bin -o pieeprom.sig rpi-eeprom-digest -i vl805.bin -o vl805.sig +# To verify the signature of an existing .sig file using the public key. +# N.B The key file must be the PUBLIC key in PEM format. +rpi-eeprom-digest -k public.pem -i pieeprom.bin -v pieeprom.sig + EOF exit 0 } +writeSig() { + TMP_DIR=$(mktemp -d) + SIG_TMP="${TMP_DIR}/tmp.sig" + sha256sum "${IMAGE}" | awk '{print $1}' > "${OUTPUT}" + + # Include the update-timestamp + echo "ts: $(date -u +%s)" >> "${OUTPUT}" + + if [ -n "${KEY}" ]; then + [ -f "${KEY}" ] || die "RSA private \"${KEY}\" not found" + "${OPENSSL}" dgst -sign "${KEY}" -keyform PEM -sha256 -out "${SIG_TMP}" "${IMAGE}" + echo "rsa2048: $(xxd -c 4096 -p < "${SIG_TMP}")" >> "${OUTPUT}" + fi +} + +verifySig() { + TMP_DIR=$(mktemp -d) + sig_file="${1}" + [ -f "${sig_file}" ] || die "Signature file ${sig_file} not found" + sig_hex="$(grep rsa2048 "${sig_file}" | cut -f 2 -d ' ')" + [ -n "${sig_hex}" ] || die "No RSA signature in ${sig_file}" + + echo ${sig_hex} | xxd -c 4096 -p -r > "${TMP_DIR}/sig.bin" + "${OPENSSL}" dgst -verify "${KEY}" -signature "${TMP_DIR}/sig.bin" "${IMAGE}" || die "${IMAGE} not verified" +} + OUTPUT="" -while getopts i:k:ho: option; do +VERIFY=0 +while getopts i:k:ho:v: option; do case "${option}" in i) IMAGE="${OPTARG}" ;; @@ -78,6 +109,9 @@ while getopts i:k:ho: option; do ;; o) OUTPUT="${OPTARG}" ;; + v) SIGNATURE="${OPTARG}" + VERIFY=1 + ;; h) usage ;; *) echo "Unknown argument \"${option}\"" @@ -86,25 +120,15 @@ while getopts i:k:ho: option; do esac done -[ -n "${IMAGE}" ] || usage -[ -n "${OUTPUT}" ] || usage - trap cleanup EXIT - checkDependencies +[ -n "${IMAGE}" ] || usage [ -f "${IMAGE}" ] || die "Source image \"${IMAGE}\" not found" - -TMP_DIR=$(mktemp -d) -SIG_TMP="${TMP_DIR}/tmp.sig" -sha256sum "${IMAGE}" | awk '{print $1}' > "${OUTPUT}" - -# Include the update-timestamp -echo "ts: $(date -u +%s)" >> "${OUTPUT}" - -if [ -n "${KEY}" ]; then - [ -f "${KEY}" ] || die "RSA private \"${KEY}\" not found" - - "${OPENSSL}" dgst -sign "${KEY}" -keyform PEM -sha256 -out "${SIG_TMP}" "${IMAGE}" - echo "rsa2048: $(xxd -c 4096 -p < "${SIG_TMP}")" >> "${OUTPUT}" +if [ "${VERIFY}" = 1 ]; then + verifySig "${SIGNATURE}" +else + [ -n "${OUTPUT}" ] || usage + writeSig fi + diff --git a/rpi-eeprom-update b/rpi-eeprom-update index 7b92a5e..cb25316 100755 --- a/rpi-eeprom-update +++ b/rpi-eeprom-update @@ -33,6 +33,17 @@ BOOTFS=${BOOTFS:-/boot} CM4_ENABLE_RPI_EEPROM_UPDATE=${CM4_ENABLE_RPI_EEPROM_UPDATE:-0} RPI_EEPROM_UPDATE_CONFIG_TOOL="${RPI_EEPROM_UPDATE_CONFIG_TOOL:-raspi-config}" +# Self-update is preferred to using recovery.bin because it avoids modifiy the +# boot partition in order to rename recovery.bin after use. Since the 2711 ROM +# does not support network or USB MSD loading of recovery.bin self-update has to +# be used with other boot modes anyway. + +# If RPI_EEPROM_SELF_UPDATE=1 then avoid installing recovery.bin so long as the +# current bootloader version supports self-update from SD/MMC and that doesn't +# look as though SELF_UPDATE has been disable in the EEPROM config or config.txt. +RPI_EEPROM_SELF_UPDATE="${RPI_EEPROM_SELF_UPDATE:-0}" +RPI_EEPROM_SELF_UPDATE_MIN_VER=1650968668 + # Automatic, critical updates are not applied unless the current bootloader version # is older than pieeprom-2020-09-03 BOOTLOADER_AUTO_UPDATE_MIN_VERSION="${BOOTLOADER_AUTO_UPDATE_MIN_VERSION:-1599135103}" @@ -115,7 +126,7 @@ getBootloaderConfig() { if [ -f "${blconfig_alias}" ]; then local blconfig_ofnode_path="/sys/firmware/devicetree/base"$(strings "${blconfig_alias}")"" - local blconfig_ofnode_link=$(find -L /sys/bus/nvmem -samefile "${blconfig_ofnode_path}" 2>/dev/null) + local blconfig_ofnode_link=$(find -L /sys/bus/nvmem -maxdepth 3 -samefile "${blconfig_ofnode_path}" 2>/dev/null) if [ -e "${blconfig_ofnode_link}" ]; then blconfig_nvmem_path=$(dirname "${blconfig_ofnode_link}") @@ -215,8 +226,28 @@ applyRecoveryUpdate() || die "Failed to set permissions on eeprom update files" fi - cp -f "${RECOVERY_BIN}" "${BOOTFS}/recovery.bin" \ - || die "Failed to copy ${RECOVERY_BIN} to ${BOOTFS}" + if getBootloaderConfig | grep -q ENABLE_SELF_UPDATE=0; then + # Self update has been disabled in the EEPROM config so recovery.bin + # must be used to clear this. + RPI_EEPROM_SELF_UPDATE=0 + fi + + # Setting bootlaoder_update=0 was really intended for use with network-boot with shared + # config.txt files. However, if it looks as though self-update has been disabled then + # assume recovery.bin is required. + config_txt="${BOOTFS}/config.txt" + if [ -f "${config_txt}" ]; then + if grep -q "bootloader_update=0" "${config_txt}"; then + RPI_EEPROM_SELF_UPDATE=0 + fi + fi + + [ "${BOOTLOADER_CURRENT_VERSION}" -ge "${RPI_EEPROM_SELF_UPDATE_MIN_VER}" ] || RPI_EEPROM_SELF_UPDATE=0 + + if [ "${RPI_EEPROM_SELF_UPDATE}" != "1" ]; then + echo "Using recovery.bin for EEPROM update" + cp -f "${RECOVERY_BIN}" "${BOOTFS}/recovery.bin" || die "Failed to copy ${RECOVERY_BIN} to ${BOOTFS}" + fi echo "" echo "EEPROM updates pending. Please reboot to apply the update." @@ -308,7 +339,10 @@ checkDependencies() { if [ ${BOARD_TYPE} -eq 20 ] && [ "${CM4_ENABLE_RPI_EEPROM_UPDATE}" != '1' ]; then # For CM4, USB device boot is the recommended method for EEPROM updates. - echo "rpi-eeprom-update is not enabled by default on CM4. Run with -h for more information." + echo "rpi-eeprom-update is not enabled by default on CM4." + echo "The recommended method for flashing the EEPROM is rpiboot." + echo "See: https://github.com/raspberrypi/usbboot/blob/master/Readme.md" + echo "Run with -h for more information." exit ${EXIT_SUCCESS} fi diff --git a/test/bootconf-2024.txt b/test/bootconf-2024.txt deleted file mode 100644 index 77db039..0000000 --- a/test/bootconf-2024.txt +++ /dev/null @@ -1,28 +0,0 @@ -[all] -BOOT_UART=0 -WAKE_ON_GPIO=1 -POWER_OFF_ON_HALT=0 -[none] -userdata0=0x12345789 -userdata1=0x12345789 -userdata2=0x12345789 -userdata3=0x12345789 -userdata4=0x12345789 -userdata5=0x12345789 -userdata6=0x12345789 -userdata7=0x12345789 -userdata8=0x12345789 -userdata9=0x12345789 -usercert=ZZZZZZZZZZZZlhEAAAADAQABAAABAQDg2l41l7troIKOA0hk3p9y4KuITWBL/aaTMORoqmXfyqEONNULSMElaLWch/b8ScHmcS+kxkS5DtLmKFo1JI14IaQNL5fr4C6Dp23CyMGIgjp3ZFg9tXs/qWpw36Ge0MCxjabbFeKVcMXD10voMT0AHfJtQb2YfOl37ffzC4bR3phUnp0Ceqpl0Loe6hxUP/r4Jen1OKskdfjsldfjalAjn9ASdkjnkjbaAKjnLKJbaKJHDRDkllDAlciaIKSPX2b0uk2MJRJhfarMHDnmxZtEzqMgwLdLol9XVjiSu/7EUzR9Qtvs8xhf6XuUJPRD6OtJCb49L+bb/pXAej/GOk0f -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# ++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/test/bootconf-2025.txt b/test/bootconf-2025.txt deleted file mode 100644 index e7752e4..0000000 --- a/test/bootconf-2025.txt +++ /dev/null @@ -1,28 +0,0 @@ -[all] -BOOT_UART=0 -WAKE_ON_GPIO=1 -POWER_OFF_ON_HALT=0 -[none] -userdata0=0x12345789 -userdata1=0x12345789 -userdata2=0x12345789 -userdata3=0x12345789 -userdata4=0x12345789 -userdata5=0x12345789 -userdata6=0x12345789 -userdata7=0x12345789 -userdata8=0x12345789 -userdata9=0x12345789 -usercert=ZZZZZZZZZZZZlhEAAAADAQABAAABAQDg2l41l7troIKOA0hk3p9y4KuITWBL/aaTMORoqmXfyqEONNULSMElaLWch/b8ScHmcS+kxkS5DtLmKFo1JI14IaQNL5fr4C6Dp23CyMGIgjp3ZFg9tXs/qWpw36Ge0MCxjabbFeKVcMXD10voMT0AHfJtQb2YfOl37ffzC4bR3phUnp0Ceqpl0Loe6hxUP/r4Jen1OKskdfjsldfjalAjn9ASdkjnkjbaAKjnLKJbaKJHDRDkllDAlciaIKSPX2b0uk2MJRJhfarMHDnmxZtEzqMgwLdLol9XVjiSu/7EUzR9Qtvs8xhf6XuUJPRD6OtJCb49L+bb/pXAej/GOk0f -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 -# ++++++++++++++++++++++++++++++++++++++++++++++++! diff --git a/test/bootconf-4076.txt b/test/bootconf-4076.txt new file mode 100644 index 0000000..a455332 --- /dev/null +++ b/test/bootconf-4076.txt @@ -0,0 +1,46 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 +[none] +userdata0=0x12345789 +userdata1=0x12345789 +userdata2=0x12345789 +userdata3=0x12345789 +userdata4=0x12345789 +userdata5=0x12345789 +userdata6=0x12345789 +userdata7=0x12345789 +userdata8=0x12345789 +userdata9=0x12345789 +usercert=ZZZZZZZZZZZZlhEAAAADAQABAAABAQDg2l41l7troIKOA0hk3p9y4KuITWBL/aaTMORoqmXfyqEONNULSMElaLWch/b8ScHmcS+kxkS5DtLmKFo1JI14IaQNL5fr4C6Dp23CyMGIgjp3ZFg9tXs/qWpw36Ge0MCxjabbFeKVcMXD10voMT0AHfJtQb2YfOl37ffzC4bR3phUnp0Ceqpl0Loe6hxUP/r4Jen1OKskdfjsldfjalAjn9ASdkjnkjbaAKjnLKJbaKJHDRDkllDAlciaIKSPX2b0uk2MJRJhfarMHDnmxZtEzqMgwLdLol9XVjiSu/7EUzR9Qtvs8xhf6XuUJPRD6OtJCb49L+bb/pXAej/GOk0f +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/test/bootconf-4077.txt b/test/bootconf-4077.txt new file mode 100644 index 0000000..1f8c3dc --- /dev/null +++ b/test/bootconf-4077.txt @@ -0,0 +1,46 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 +[none] +userdata0=0x12345789 +userdata1=0x12345789 +userdata2=0x12345789 +userdata3=0x12345789 +userdata4=0x12345789 +userdata5=0x12345789 +userdata6=0x12345789 +userdata7=0x12345789 +userdata8=0x12345789 +userdata9=0x12345789 +usercert=ZZZZZZZZZZZZlhEAAAADAQABAAABAQDg2l41l7troIKOA0hk3p9y4KuITWBL/aaTMORoqmXfyqEONNULSMElaLWch/b8ScHmcS+kxkS5DtLmKFo1JI14IaQNL5fr4C6Dp23CyMGIgjp3ZFg9tXs/qWpw36Ge0MCxjabbFeKVcMXD10voMT0AHfJtQb2YfOl37ffzC4bR3phUnp0Ceqpl0Loe6hxUP/r4Jen1OKskdfjsldfjalAjn9ASdkjnkjbaAKjnLKJbaKJHDRDkllDAlciaIKSPX2b0uk2MJRJhfarMHDnmxZtEzqMgwLdLol9XVjiSu/7EUzR9Qtvs8xhf6XuUJPRD6OtJCb49L+bb/pXAej/GOk0f +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/test/configs/bootconf-2021-03-04.txt b/test/configs/bootconf-2021-03-04.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-03-04.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-03-17.txt b/test/configs/bootconf-2021-03-17.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-03-17.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-05-19.txt b/test/configs/bootconf-2021-05-19.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-05-19.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-06-11.txt b/test/configs/bootconf-2021-06-11.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-06-11.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-06-17.txt b/test/configs/bootconf-2021-06-17.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-06-17.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-06-25.txt b/test/configs/bootconf-2021-06-25.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-06-25.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-07-06.txt b/test/configs/bootconf-2021-07-06.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-07-06.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-09-23.txt b/test/configs/bootconf-2021-09-23.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-09-23.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-09-27.txt b/test/configs/bootconf-2021-09-27.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-09-27.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-10-04.txt b/test/configs/bootconf-2021-10-04.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-10-04.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-10-05.txt b/test/configs/bootconf-2021-10-05.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-10-05.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-10-27.txt b/test/configs/bootconf-2021-10-27.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-10-27.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-11-22.txt b/test/configs/bootconf-2021-11-22.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-11-22.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2021-12-02.txt b/test/configs/bootconf-2021-12-02.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2021-12-02.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-01-20.txt b/test/configs/bootconf-2022-01-20.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-01-20.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-01-25.txt b/test/configs/bootconf-2022-01-25.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-01-25.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-02-04.txt b/test/configs/bootconf-2022-02-04.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-02-04.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-02-16.txt b/test/configs/bootconf-2022-02-16.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-02-16.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-02-28.txt b/test/configs/bootconf-2022-02-28.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-02-28.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-03-10.txt b/test/configs/bootconf-2022-03-10.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-03-10.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-04-14.txt b/test/configs/bootconf-2022-04-14.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-04-14.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-04-26.txt b/test/configs/bootconf-2022-04-26.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-04-26.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-05-20.txt b/test/configs/bootconf-2022-05-20.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-05-20.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-07-14.txt b/test/configs/bootconf-2022-07-14.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-07-14.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-07-19.txt b/test/configs/bootconf-2022-07-19.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-07-19.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-07-22.txt b/test/configs/bootconf-2022-07-22.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-07-22.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-07-26.txt b/test/configs/bootconf-2022-07-26.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-07-26.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-08-02.txt b/test/configs/bootconf-2022-08-02.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-08-02.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-09-02.txt b/test/configs/bootconf-2022-09-02.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-09-02.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-10-03.txt b/test/configs/bootconf-2022-10-03.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-10-03.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-10-06.txt b/test/configs/bootconf-2022-10-06.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-10-06.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-10-12.txt b/test/configs/bootconf-2022-10-12.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-10-12.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-10-18.txt b/test/configs/bootconf-2022-10-18.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-10-18.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-11-02.txt b/test/configs/bootconf-2022-11-02.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-11-02.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-11-04.txt b/test/configs/bootconf-2022-11-04.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-11-04.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/configs/bootconf-2022-11-25.txt b/test/configs/bootconf-2022-11-25.txt new file mode 100644 index 0000000..e85498a --- /dev/null +++ b/test/configs/bootconf-2022-11-25.txt @@ -0,0 +1,5 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 + diff --git a/test/test-rpi-eeprom-config b/test/test-rpi-eeprom-config index 25acdd7..366afa5 100755 --- a/test/test-rpi-eeprom-config +++ b/test/test-rpi-eeprom-config @@ -135,7 +135,7 @@ check_conf_size_large() { echo "check maximum config file size" image="${script_dir}/$1" - conf="bootconf-2024.txt" + conf="bootconf-4076.txt" expected_md5="$(md5sum "${conf}" | awk '{print $1}')" @@ -154,7 +154,7 @@ check_conf_size_too_large() { echo "check config file which exceeds the maximum size" image="${script_dir}/$1" - conf="bootconf-2025.txt" + conf="bootconf-4077.txt" expected_md5="$(md5sum "${conf}" | awk '{print $1}')" @@ -167,7 +167,12 @@ check_conf_size_too_large() echo "Check config read and loopback read/write against reference config files" versions="$(cd configs; ls *.txt | sed 's/bootconf-//g' | sed 's/.txt//g')" for ver in ${versions}; do - check_loopback "../firmware/old/beta/pieeprom-${ver}.bin" "configs/bootconf-${ver}.txt" + if [ -f "../firmware/old/beta/pieeprom-${ver}.bin" ]; then + # Use this directory if the bootloader has been archived + check_loopback "../firmware/old/beta/pieeprom-${ver}.bin" "configs/bootconf-${ver}.txt" + else + check_loopback "../firmware/beta/pieeprom-${ver}.bin" "configs/bootconf-${ver}.txt" + fi cleanup done diff --git a/tools/rpi-bootloader-key-convert b/tools/rpi-bootloader-key-convert new file mode 100755 index 0000000..e95e652 --- /dev/null +++ b/tools/rpi-bootloader-key-convert @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 + +import argparse +import struct +import sys + +from Cryptodome.PublicKey import RSA + +def bintopem(infile, outf): + f = open(infile, 'rb') + arr = f.read(264) + + n = int.from_bytes(struct.unpack_from("256B", arr, 0), 'little') + e = struct.unpack_from("&2 + exit 1 +} + +usage() { + cat < + + No args - reads the current private key from OTP. These values are NOT visible via 'vcgencmd otp_dump'. + + -b Output the key in binary format. + -c Reads key and exits with 1 if it is all zeros i.e. not set. + -f Force write (if OTP is non-zero). + The vcmailbox API checks that the new key is equal to the bitwise OR of the current OTP and the new key. + N.B. OTP bits can never change from 1 to 0. + -w Writes the new key to OTP memory. + -y Skip the confirmation prompt when writing to OTP. + + is a 64 digit hex number (256 bit) e.g. to generate a 256 random number run 'openssl rand -hex 32' + + IMPORTANT: Raspberry Pi 4 and earlier revisions do not have a hardware secure key store. These OTP rows are visible + to any user in the 'video' group via vcmailbox. Therefore this functionality is only suitable for key + storage if the OS has already been restricted using the signed boot functionality. + + WARNING: Changes to OTP memory are permanent and cannot be undone. +EOF +exit 1 +} + +check_key_set() { + read_key + if [ -z "$(echo "${READ_KEY}" | sed s/0//g)" ]; then + return 1 + fi + return 0 +} + +read_key() { + out=READ_KEY="$(vcmailbox 0x00030081 40 40 0 8 0 0 0 0 0 0 0 0)" || die "Failed to read the current key from OTP" + READ_KEY="$(echo "${out}" | sed 's/0x//g' | awk '{for(i=8;i<16;i++) printf $i; print ""}')" +} + +write_key() { + key="${1}" + # Normalize formatting and check the length + key="$(echo "${key}" | tr 'A-Z' 'a-z')" + key="$(echo "${key}" | sed 's/[^a-f0-9]//g')" + [ "$(echo -n "${key}" | wc -c)" = 64 ] || die "Invalid key parameter" + + count=0 + key_params="" + while [ ${count} -lt 8 ]; do + start=$(((count * 8) + 1)) + end=$((start + 7)) + key_params="${key_params} 0x$(echo -n "${key}" | cut -c${start}-${end})" + count=$((count + 1)) + done + + if [ "${YES}" = 0 ] && [ -t 0 ]; then + echo "Write ${key} to OTP?" + echo + echo "WARNING: Updates to OTP registers are permanent and cannot be undone." + + echo "Type YES (in upper case) to continue or press return to exit." + read -r confirm + if [ "${confirm}" != "YES" ]; then + echo "Cancelled" + exit + fi + fi + + vcmailbox 0x38081 40 40 0 8 ${key_params} || die "Failed to write key" + read_key + [ "${READ_KEY}" = "${key}" ] || die "Key readback check failed. ${out}" +} + +YES=0 +while getopts bcfhw:y option; do + case "${option}" in + b) OUTPUT_BINARY=1 + ;; + c) + if check_key_set; then + exit 0 + fi + exit 1 + ;; + f) FORCE=1 + ;; + h) usage + ;; + w) WRITE_KEY="${OPTARG}" + ;; + y) YES=1 + ;; + *) echo "Unknown argument \"${option}\"" + usage + ;; + esac +done + +if [ -n "${WRITE_KEY}" ]; then + if [ "${FORCE}" = 0 ] && check_key_set; then + die "Current key is non-zero. Specify -f to write anyway" + fi + write_key "${WRITE_KEY}" +else + read_key + if [ "${OUTPUT_BINARY}" = 1 ]; then + echo "${READ_KEY}" | xxd -r -p + else + echo "${READ_KEY}" + fi +fi diff --git a/tools/vl805 b/tools/vl805 new file mode 100755 index 0000000..585f318 Binary files /dev/null and b/tools/vl805 differ