diff --git a/firmware-2712/latest/pieeprom-2026-01-16.bin b/firmware-2712/latest/pieeprom-2026-01-16.bin
new file mode 100644
index 0000000..eab00e0
Binary files /dev/null and b/firmware-2712/latest/pieeprom-2026-01-16.bin differ
diff --git a/firmware-2712/latest/recovery.bin b/firmware-2712/latest/recovery.bin
index 0c03c40..e12a3ff 100644
Binary files a/firmware-2712/latest/recovery.bin and b/firmware-2712/latest/recovery.bin differ
diff --git a/firmware-2712/release-notes.md b/firmware-2712/release-notes.md
index c3543af..399e99a 100644
--- a/firmware-2712/release-notes.md
+++ b/firmware-2712/release-notes.md
@@ -1,5 +1,24 @@
 # Raspberry Pi5 bootloader EEPROM release notes
 
+## 2026-01-16: Assume eMMC for CM4/CM5 non-lite (latest)
+
+* Assume eMMC for CM4/CM5 non-lite
+  Attempt the fast path by skipping the SD interface condition command timeout on CM4/CM5 (non-lite) modules and enable eMMC mode directly. This saves ~250ms of the boot time.
+* Don't stomp on RTC alarm state
+  Preserve the RTC's alarm state so that it can be queried by the rpi-rtc
+  driver.
+  See: https://github.com/raspberrypi/firmware/issues/2011
+* arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP
+  Previously, the GET/SET user OTP mailboxes would provide access to the
+  device unique private key. Update the mailbox API to fail if the
+  key has been locked via lock_device_private_key=1 in config.txt or
+  the associated mailbox call.
+  GET/SET user OTP fails by setting the result tag to the standard
+  error code (0x80000000). The dedicate GET/SET private key continue
+  to fail the entire mailbox operation to force vcmailbox to exit
+  with a non-zero error code.
+* cm5: Add support for 8-bit bus width eMMC
+
 ## 2025-12-09: Promote 2025-12-08 to the default release (default)
 
 ## 2025-12-08: arm_loader: Add machine ID derived from OTP values (latest)