diff --git a/firmware-2711/latest/pieeprom-2026-01-09.bin b/firmware-2711/latest/pieeprom-2026-01-09.bin new file mode 100644 index 0000000..7f9ce3a Binary files /dev/null and b/firmware-2711/latest/pieeprom-2026-01-09.bin differ diff --git a/firmware-2711/latest/recovery.bin b/firmware-2711/latest/recovery.bin index e26752a..a7cc39c 100644 Binary files a/firmware-2711/latest/recovery.bin and b/firmware-2711/latest/recovery.bin differ diff --git a/firmware-2711/release-notes.md b/firmware-2711/release-notes.md index 7597b38..daf5773 100644 --- a/firmware-2711/release-notes.md +++ b/firmware-2711/release-notes.md @@ -1,5 +1,20 @@ # Raspberry Pi4 bootloader EEPROM release notes +## 2026-01-09: arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP (latest) + +* arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP + Previously, the GET/SET user OTP mailboxes would provide access to the + device unique private key. Update the mailbox API to fail if the + key has been locked via lock_device_private_key=1 in config.txt or + the associated mailbox call. + GET/SET user OTP fails by setting the result tag to the standard + error code (0x80000000). The dedicate GET/SET private key continue + to fail the entire mailbox operation to force vcmailbox to exit + with a non-zero error code. +* cm5: Add support for 8-bit bus width eMMC +* Query all sdram devices for temperature when adjusting refresh +* Add support for more SDRAM die configurations. + ## 2025-12-09: Promote 2025-12-08 to the default release (default) ## 2025-12-08: arm_loader: Add machine ID derived from OTP values (latest) diff --git a/imager/make-imager-release b/imager/make-imager-release index f90332e..0efb4e0 100755 --- a/imager/make-imager-release +++ b/imager/make-imager-release @@ -1,14 +1,18 @@ #!/bin/sh set -e +set -x script_dir=$(cd "$(dirname "$0")" && pwd) +base_dir="${script_dir}/.." # Pi4, Pi400, CM4, CM4-S -${script_dir}/make-release critical 2025-11-05 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711 +image_date=$(ls -lr $base_dir/firmware-2711/default/ | grep pieeprom | sed 's/.*pieeprom-//g' | sed 's/.bin//g' | head -n1) +${script_dir}/make-release critical ${image_date} 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711 # Pi5 -${script_dir}/make-release critical 2025-11-05 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712 +image_date=$(ls -lr $base_dir/firmware-2712/default/ | grep pieeprom | sed 's/.*pieeprom-//g' | sed 's/.bin//g' | head -n1) +${script_dir}/make-release critical ${image_date} "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712 # Convert to disk image for RPi Imager downloads sudo ${script_dir}/make-recovery-images diff --git a/rpi-eeprom-config b/rpi-eeprom-config index cf116a3..f445a2d 100755 --- a/rpi-eeprom-config +++ b/rpi-eeprom-config @@ -117,12 +117,12 @@ def shell_cmd(args, timeout=10, echo=False): error occurs then exit and output the subprocess stdout, stderr messages for debug. """ - start = time.time() + start = time.monotonic() arg_str = ' '.join(args) bufsize = 0 if echo else -1 result = subprocess.Popen(args, bufsize=bufsize, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - while time.time() - start < timeout: + while time.monotonic() - start < timeout: if echo: s = result.stdout.read(80).decode('utf-8') if s != "":